Tightly Secure Hierarchical Identity-Based Encryption

We construct the first tightly secure hierarchical identity-based encryption (HIBE) scheme based on standard assumptions, which solves an open problem from Blazy, Kiltz, and Pan (CRYPTO 2014). At the core of our constructions is a novel randomization technique that enables us to randomize user secret keys for identities with flexible length. The security reductions of previous HIBEs lose at least a factor of Q, which is the number of user secret key queries. Different to that, the security loss of our schemes is only dependent on the security parameter. Our schemes are adaptively secure based on the Matrix Diffie-Hellman assumption, which is a generalization of standard Diffie-Hellman assumptions such as k-Linear. We have two tightly secure constructions, one with constant ciphertext size, and the other with tighter security at the cost of linear ciphertext size. Among other things, our schemes imply the first tightly secure identity-based signature scheme by a variant of the Naor transformation

Identity-Based Revocation from Subset Difference Methods under Simple Assumptions

Identity-based revocation (IBR) is a specific kind of broadcast encryption that can effectively send a ciphertext to a set of receivers. In IBR, a ciphertext is associated with a set of revoked users instead of a set of receivers and the maximum number of users in the system can be an exponential value in the security parameter. In this paper, we reconsider the general method of Lee, Koo, Lee, and Park (ESORICS 2014) that constructs a public-key revocation (PKR) scheme by combining the subset difference (SD) method of Naor, Naor, and Lotspiech (CRYPTO 2001) and a single revocation encryption (SRE) scheme. Lee et al. left it as an open problem to construct an SRE scheme under the standard assumption without random oracles. In this work, we first propose a selectively secure SRE scheme under the standard assumption without random oracles. We also propose a fully secure SRE scheme under simple static assumptions without random oracles. Next, we present an efficient IBR scheme derived from the SD method and our SRE scheme. The security of our IBR scheme depends on that of the underlying SRE scheme. Finally, we implemented our SRE and IBR schemes and measured the performance

Towards efficient proofs of storage and verifiable outsourced database in cloud computing

Ph.DDOCTOR OF PHILOSOPH

Primary-Secondary-Resolver Membership Proof Systems

We consider Primary-Secondary-Resolver Membership Proof Systems (PSR for short) and show different constructions of that primitive. A PSR system is a 3-party protocol, where we have a primary, which is a trusted party which commits to a set of members and their values, then generates a public and secret keys in order for secondaries (provers with knowledge of both keys) and resolvers (verifiers who only know the public key) to engage in interactive proof sessions regarding elements in the universe and their values. The motivation for such systems is for constructing a secure Domain Name System (DNSSEC) that does not reveal any unnecessary information to its clients. We require our systems to be complete, so honest executions will result in correct conclusions by the resolvers, sound, so malicious secondaries cannot cheat resolvers, and zero-knowledge, so resolvers will not learn additional information about elements they did not query explicitly. Providing proofs of membership is easy, as the primary can simply precompute signatures over all the members of the set. Providing proofs of non-membership, i.e. a denial-of-existence mechanism, is trickier and is the main issue in constructing PSR systems. We provide three different strategies to construct a denial of existence mechanism. The first uses a set of cryptographic keys for all elements of the universe which are not members, which we implement using hierarchical identity based encryption and a tree based signature scheme. The second construction uses cuckoo hashing with a stash, where in order to prove non-membership, a secondary must prove that a search for it will fail, i.e. that it is not in the tables or the stash of the cuckoo hashing scheme. The third uses a verifiable ``random looking\u27\u27 function which the primary evaluates over the set of members, then signs the values lexicographically and secondaries then use those signatures to prove to resolvers that the value of the non-member was not signed by the primary. We implement this function using a weaker variant of verifiable random/unpredictable functions and pseudorandom functions with interactive zero knowledge proofs. For all three constructions we suggest fairly efficient implementations, of order comparable to other public-key operations such as signatures and encryption. The first approach offers perfect ZK and does not reveal the size of the set in question, the second can be implemented based on very solid cryptographic assumptions and uses the unique structure of cuckoo hashing, while the last technique has the potential to be highly efficient, if one could construct an efficient and secure VRF/VUF or if one is willing to live in the random oracle model

Revocable Hierarchical Identity-Based Encryption with Adaptive Security

Hierarchical identity-based encryption (HIBE) can be extended to revocable HIBE (RHIBE) if a private key of a user can be revoked when the private key is revealed or expired. Previously, many selectively secure RHIBE schemes were proposed, but it is still unsolved problem to construct an adaptively secure RHIBE scheme. In this work, we propose two RHIBE schemes in composite-order bilinear groups and prove their adaptive security under simple static assumptions. To prove the adaptive security, we use the dual system encryption framework, but it is not simple to use the dual system encryption framework in RHIBE since the security model of RHIBE is quite different with that of HIBE. We show that it is possible to solve the problem of the RHIBE security proof by carefully designing hybrid games