74 research outputs found
Verifiable Order Queries and Order Statistics on a List in Zero-Knowledge
Given a list L with n elements, an order query on L asks
whether a given element x in L precedes or follows another
element y in L.
More generally, given a set of m elements from L, an order
query asks for the set ordered according to the positions of the
elements in L.
We introduce two formal models for answering order queries on a list
in a verifiable manner and in zero-knowledge. We also present
efficient constructions for these models.
Our first model, called \emph{zero-knowledge list} (ZKL), generalizes
membership queries on a set to order queries on a list in zero-knowledge.
We present a construction of ZKL based on zero-knowledge
sets and a homomorphic integer commitment scheme.
Our second model, \emph{privacy-preserving authenticated list} (PPAL),
extends authenticated data structures by adding a zero-knowledge
privacy requirement. In this model, a list is outsourced by a trusted
owner to an untrusted cloud server, which answers order queries issued
by clients. The server also returns a proof of the answer, which is
verified by the client using a digest of the list obtained from the
owner. PPAL supports the security properties of data integrity against
a malicious server and privacy protection against a malicious client.
Though PPAL can be implemented using our ZKL construction, this
construction is not as efficient as desired in cloud applications. To
this end, we present an efficient PPAL construction based on
blinded bilinear accumulators and bilinear maps, which is provably
secure and zero-knowledge (e.g., hiding even the size of the list). Our PPAL construction uses proofs of size and allows the client to verify a proof in time.~The owner executes the setup in time and space. The server uses space to store the list and related authentication information, and takes time to answer a query and generate a proof.
Both our ZKL and PPAL constructions have one round of communication
and are secure in the random oracle model.
Finally, we show that our ZKL and PPAL frameworks
can be extended to support fundamental statistical queries (including maximum, minimum, median, threshold and top-t elements) efficiently
and in zero-knowledge
Advances in signatures, encryption, and E-Cash from bilinear groups
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.Includes bibliographical references (p. 147-161).We present new formal definitions, algorithms, and motivating applications for three natural cryptographic constructions. Our constructions are based on a special type of algebraic group called bilinear groups. 1. Re-Signatures: We present the first public key signature scheme where a semi-trusted proxy, given special information, can translate Alice's signature on a message into Bob's signature on the same message. The special information, however, allows nothing else, i.e., the proxy cannot translate from Bob to Alice, nor can it sign on behalf of either Alice or Bob. We show that a path through a graph can be cheaply authenticated using this scheme, with applications to electronic passports. 2. Re-Encryption: We present the first public key cryptosystem where a semi-trusted proxy, given special information, can translate an encryption of a message under Alice's key into an encryption of the same message under Bob's key. Again, the special information allows nothing else, i.e. the proxy cannot translate from Bob to Alice, decrypt on behalf of either Alice or Bob, or learn anything else about the message. We apply this scheme to create a new mechanism for secure distributed storage.(cont.) 3. Compact; E-Cash with Tracing and Bounded-Anonymity: We present an offline e-cash system where 2 coins can be stored in O(e + k) bits and withdrawn or spent in 0(f + k) time, where k is the security parameter. The best previously known schemes required at least one of these complexities to be 0(2t . k). In our system, a user's transactions are anonymous and unlinkable, unless she performs a forbidden action, such as double-spending a coin. Performing a forbidden action reveals the identity of the user, and optionally allows to trace all of her past transactions. We provide solutions without using a trusted party. We argue why features of our system are likely to be crucial to the adoption of any e-cash system.by Susan Hohenberger.Ph.D
Short Transitive Signatures for Directed Trees
A transitive signature scheme allows to sign a graph in such a way that, given the signature of edges (a,b) and (b,c), it is possible to compute the signature for the edge (or path) (a,c) without the Signer\u27s secret. Constructions for undirected graphs are known but the case of directed graphs remains open. A first solution for the easier case of directed trees (DTTS) was given by Yi at CT-RSA 2007. In Yi\u27s construction, the signature for an edge is O(n (\log (n \log n))) bits long in the worst case. A year later, Neven designed a simpler scheme where the signature size is reduced to O(n \log n) bits. Although Neven\u27s construction is more efficient, handling O(n \log n) still remains impractical for large n.
In this work, we design a new scheme where for any value \lambda \geq 1 and security parameter \kappa, we have:
* A signature for an edge is only bits long.
* Signing or verifying the signature for an edge requires O(\lambda) cryptographic operations.
* Computing a signature for an edge requires \lambda n^{1/\lambda} cryptographic operations.
To the best of our knowledge this is the first construction with such trade off. In particular, we achieve O(\kappa\log(n)) bits signatures, as well as O(\log(n)) time to generate edge signatures, verify or even compute edge signatures. Our construction relies on hashing with common-prefix proofs, a new variant of collision resistance hashing. A family \HashFam is collision resistant hashing with common-prefix proofs if for any H \in \HashFam, given two strings X and Y equal up to position i, a Combiner can convince a Verifier that X[1..i] is a prefix of Y by sending only H(X),H(Y), and a small proof. We believe that this new primitive will lead to other interesting applications
On Structural Signatures for Tree Data Structures
Abstract. In this paper, we present new attacks on the redactable signature scheme introduced by Kundu and Bertino at VLDB '08. This extends the work done by Brzuska et al. at ACNS '10 and Samelin et al. at ISPEC '12. The attacks address unforgeability, transparency and privacy. Based on the ideas of Kundu and Bertino, we introduce a new provably secure construction. The corresponding security model is more flexible than the one introduced by Brzuska et al. Moreover, we have implemented schemes introduced by Brzuska et al. and Kundu and Bertino. The evaluation shows that schemes with a quadratic complexity become unuseable very fast
New Security Definitions, Constructions and Applications of Proxy Re-Encryption
La externalización de la gestión de la información es una práctica cada vez más común, siendo la computación en la nube (en inglés, cloud computing) el paradigma más representativo. Sin embargo, este enfoque genera también preocupación con respecto a la seguridad y privacidad debido a la inherente pérdida del control sobre los datos. Las soluciones tradicionales, principalmente basadas en la aplicación de políticas y estrategias de control de acceso, solo reducen el problema a una cuestión de confianza, que puede romperse fácilmente por los proveedores de servicio, tanto de forma accidental como intencionada. Por lo tanto, proteger la información externalizada, y al mismo tiempo, reducir la confianza que es necesario establecer con los proveedores de servicio, se convierte en un objetivo inmediato. Las soluciones basadas en criptografía son un mecanismo crucial de cara a este fin.
Esta tesis está dedicada al estudio de un criptosistema llamado recifrado delegado (en inglés, proxy re-encryption), que constituye una solución práctica a este problema, tanto desde el punto de vista funcional como de eficiencia. El recifrado delegado es un tipo de cifrado de clave pública que permite delegar en una entidad la capacidad de transformar textos cifrados de una clave pública a otra, sin que pueda obtener ninguna información sobre el mensaje subyacente. Desde un punto de vista funcional, el recifrado delegado puede verse como un medio de delegación segura de acceso a información cifrada, por lo que representa un candidato natural para construir mecanismos de control de acceso criptográficos. Aparte de esto, este tipo de cifrado es, en sí mismo, de gran interés teórico, ya que sus definiciones de seguridad deben balancear al mismo tiempo la seguridad de los textos cifrados con la posibilidad de transformarlos mediante el recifrado, lo que supone una estimulante dicotomía.
Las contribuciones de esta tesis siguen un enfoque transversal, ya que van desde las propias definiciones de seguridad del recifrado delegado, hasta los detalles específicos de potenciales aplicaciones, pasando por construcciones concretas
Role Signatures for Access Control in Grid Computing
Implementing access control efficiently and effectively in an open and distributed grid environment is a challenging problem. One reason for this is that users requesting access to remote resources may be unknown to the authorization service that controls access to the requested resources. Hence, it seems inevitable that pre-defined mappings of principals in one domain to those in the domain containing the resources are needed. A second problem in such environments is that verifying the authenticity of user credentials or attributes can be difficult. In this paper, we propose the concept of role signatures to solve these problems by exploiting the hierarchical structure of a virtual organization within a grid environment. Our approach makes use of a hierarchical identity-based signature scheme whereby verification keys are defined by generic role identifiers defined within a hierarchical namespace. We show that individual member organizations of a virtual organization are not required to agree on principal mappings beforehand to enforce access control to resources. Moreover, user authentication and credential verification is unified in our approach and can be achieved through a single role signature
Efficient and Secure Data Sharing Using Attribute-based Cryptography
La crescita incontrollata di dati prodotti da molte sorgenti, eterogenee e di-
namiche, spinge molti possessori di tali dati a immagazzinarli su server nel cloud,
anche al fine di condividerli con terze parti. La condivisione di dati su server
(possibilmente) non fidati fonte di importanti e non banali questioni riguardanti
sicurezza, privacy, confidenzialit e controllo degli accessi. Al fine di prevenire
accessi incontrollati ai dati, una tipica soluzione consiste nel cifrare i dati stessi.
Seguendo tale strada, la progettazione e la realizzazione di politiche di accesso
ai dati cifrati da parte di terze parti (che possono avere differenti diritti sui
dati stessi) un compito complesso, che impone la presenza di un controllore
fidato delle politiche. Una possibile soluzione l\u2019impiego di un meccanismo per
il controllo degli accessi basato su schemi di cifratura attribute-base (ABE ),
che permette al possessore dei dati di cifrare i dati in funzione delle politiche
di accesso dei dati stessi. Di contro, l\u2019adozione di tali meccanismi di controllo
degli accessi presentano due problemi (i) privacy debole: le politiche di accesso
sono pubbliche e (ii) inefficienza: le politiche di accesso sono statiche e una loro
modifica richiede la ricifratura (o la cifratura multipla) di tutti i dati. Al fine
di porre rimedio a tali problemi, il lavoro proposto in questa tesi prende in con-
siderazione un particolare schema di cifratura attribute-based, chiamato inner
product encryption (IPE, che gode della propriet attribute-hiding e pertanto
riesce a proteggere la privatezza delle politiche di accesso) e lo combina con
le tecniche di proxy re-encryption, che introducono una maggiore flessibilit ed
efficienza.
La prima parte di questa tesi discute l\u2019adeguatezza dell\u2019introduzione di un
meccanismo di controllo degli accessi fondato su schema basato su inner product
e proxy re-encryption (IPPRE ) al fine di garantire la condivisione sicura di dati
immagazzinati su cloud server non fidati. Pi specificamente, proponiamo due
proponiamo due versioni di IPE : in prima istanza, presentiamo una versione es-
tesa con proxy re-encryption di un noto schema basato su inner product [1]. In
seguito, usiamo tale schema in uno scenario in cui vengono raccolti e gestiti dati
medici. In tale scenario, una volta che i dati sono stati raccolti, le politiche di ac-
cesso possono variare al variare delle necessit dei diversi staff medici. Lo schema
proposto delega il compito della ricifratura dei dati a un server proxy parzial-
mente fidato, che pu trasformare la cifratura dei dati (che dipende da una polit-
ica di accesso) in un\u2019altra cifratura (che dipende da un\u2019altra politica di accesso)
senza per questo avere accesso ai dati in chiaro o alla chiave segreta utilizzata
dal possessore dei dati. In tal modo, il possessore di una chiave di decifratura
corrispondente alla seconda politica di accesso pu accedere ai dati senza intera-
gire con il possessore dei dati (richiedendo cio una chiave di decifratura associata
alla propria politica di accesso). Presentiamo un\u2019analisi relativa alle prestazioni
di tale schema implementato su curve ellittiche appartenenti alle classi SS, MNT
e BN e otteniamo incoraggianti risultati sperimentali. Dimostriamo inoltre che
lo schema proposto sicuro contro attacchi chosen plaintext sotto la nota ipotesi
DLIN. In seconda istanza, presentiamo una versione ottimizzata dello schema
proposto in precedenza (E-IPPRE ), basata su un ben noto schema basato suinner product, proposto da Kim [2]. Lo schema E-IPPRE proposto richiede un
numero costante di operazioni di calcolo di pairing e ci garantisce che gli oggetti
prodotti dall esecuzione dello schema (chiavi di decifratura, chiavi pubbliche
e le cifrature stesse) sono di piccole rispetto ai parametri di sicurezza e sono
efficientemente calcolabili. Testiamo sperimentalmente l\u2019efficienza dello schema
proposto e lo proviamo (selettivamente nei confronti degli attributi) sicuro nei
confronti di attacchi chosen plaintext sotto la nota ipotesi BDH. In altri termini,
lo schema proposto non rivela alcuna informazione riguardante le politiche di
accesso.
La seconda parte di questa tesi presenta uno schema crittografico per la
condivisione sicura dei dati basato su crittografia attribute-based e adatto per
scenari basati su IoT. Come noto, il problema principale in tale ambito riguarda
le limitate risorse computazionali dei device IoT coinvolti. A tal proposito,
proponiamo uno schema che combina la flessibilit di E-IPPRE con l\u2019efficienza
di uno schema di cifratura simmetrico quale AES, ottenendo uno schema di
cifratura basato su inner product, proxy-based leggero (L-IPPRE ). I risultati
sperimentali confermano l\u2019adeguatezza di tale schema in scenari IoT.Riferimenti
[1] Jong Hwan Park. Inner-product encryption under standard assumptions.
Des. Codes Cryptography, 58(3):235\u2013257, March 2011.
[2] Intae Kim, Seong Oun Hwang, Jong Hwan Park, and Chanil Park. An effi-
cient predicate encryption with constant pairing computations and minimum
costs. IEEE Trans. Comput., 65(10):2947\u20132958, October 2016.With the ever-growing production of data coming from multiple, scattered, and
highly dynamical sources, many providers are motivated to upload their data
to the cloud servers and share them with other persons for different purposes.
However, storing data on untrusted cloud servers imposes serious concerns in
terms of security, privacy, data confidentiality, and access control. In order to
prevent privacy and security breaches, it is vital that data is encrypted first
before it is outsourced to the cloud. However, designing access control mod-
els that enable different users to have various access rights to the shared data
is the main challenge. To tackle this issue, a possible solution is to employ
a cryptographic-based data access control mechanism such as attribute-based
encryption (ABE ) scheme, which enables a data owner to take full control over
data access. However, access control mechanisms based on ABE raise two chal-
lenges: (i) weak privacy: they do not conceal the attributes associated with the
ciphertexts, and therefore they do not satisfy attribute-hiding security, and (ii)
inefficiency: they do not support efficient access policy change when data is
required to be shared among multiple users with different access policies. To
address these issues, this thesis studies and enhances inner-product encryption
(IPE ), a type of public-key cryptosystem, which supports the attribute-hiding
property as well as the flexible fine-grained access control based payload-hiding
property, and combines it with an advanced cryptographic technique known as
proxy re-encryption (PRE ).
The first part of this thesis discusses the necessity of applying the inner-
product proxy re-encryption (IPPRE ) scheme to guarantee secure data sharing
on untrusted cloud servers. More specifically, we propose two extended schemes
of IPE : in the first extended scheme, we propose an inner-product proxy re-
encryption (IPPRE ) protocol derived from a well-known inner-product encryp-
tion scheme [1]. We deploy this technique in the healthcare scenario where data,
collected by medical devices according to some access policy, has to be changed
afterwards for sharing with other medical staffs. The proposed scheme delegates
the re-encryption capability to a semi-trusted proxy who can transform a dele-
gator\u2019s ciphertext associated with an attribute vector to a new ciphertext associ-
ated with delegatee\u2019s attribute vector set, without knowing the underlying data
and private key. Our proposed policy updating scheme enables the delegatee to
decrypt the shared data with its own key without requesting a new decryption
key. We analyze the proposed protocol in terms of its performance on three dif-
ferent types of elliptic curves such as the SS curve, the MNT curve, and the BN
curve, respectively. Hereby, we achieve some encouraging experimental results.
We show that our scheme is adaptive attribute-secure against chosen-plaintext
under standard Decisional Linear (D-Linear ) assumption. To improve the per-
formance of this scheme in terms of storage, communication, and computation
costs, we propose an efficient inner-product proxy re-encryption (E-IPPRE )
scheme using the transformation of Kim\u2019s inner-product encryption method [2].
The proposed E-IPPRE scheme requires constant pairing operations for its al-
gorithms and ensures a short size of the public key, private key, and ciphertext,making it the most efficient and practical compared to state of the art schemes
in terms of computation and communication overhead. We experimentally as-
sess the efficiency of our protocol and show that it is selective attribute-secure
against chosen-plaintext attacks in the standard model under Asymmetric De-
cisional Bilinear Diffie-Hellman assumption. Specifically, our proposed schemes
do not reveal any information about the data owner\u2019s access policy to not only
the untrusted servers (e.g, cloud and proxy) but also to the other users.
The second part of this thesis presents a new lightweight secure data sharing
scheme based on attribute-based cryptography for a specific IoT -based health-
care application. To achieve secure data sharing on IoT devices while preserving
data confidentiality, the IoT devices encrypt data before it is outsourced to the
cloud and authorized users, who have corresponding decryption keys, can ac-
cess the data. The main challenge, in this case, is on the one hand that IoT
devices are resource-constrained in terms of energy, CPU, and memory. On the
other hand, the existing public-key encryption mechanisms (e.g., ABE ) require
expensive computation. We address this issue by combining the flexibility and
expressiveness of the proposed E-IPPRE scheme with the efficiency of symmet-
ric key encryption technique (AES ) and propose a light inner-product proxy
re-encryption (L-IPPRE ) scheme to guarantee secure data sharing between dif-
ferent entities in the IoT environment. The experimental results confirm that
the proposed L-IPPRE scheme is suitable for resource-constrained IoT scenar-
ios.References
[1] Jong Hwan Park. Inner-product encryption under standard assumptions.
Des. Codes Cryptography, 58(3):235\u2013257, March 2011.
[2] Intae Kim, Seong Oun Hwang, Jong Hwan Park, and Chanil Park. An effi-
cient predicate encryption with constant pairing computations and minimum
costs. IEEE Trans. Comput., 65(10):2947\u20132958, October 2016
- …