Theory and Applications of Outsider Anonymity in Broadcast Encryption

Broadcast Encryption (BE) allows efficient one-to-many secret communication of data over a broadcast channel. In the standard setting of BE, information about receivers is transmitted in the clear together with ciphertexts. This could be a serious violation of recipient privacy since the identities of the users authorized to access the secret content in certain broadcast scenarios are as sensitive as the content itself. Anonymous Broadcast Encryption (AnoBe) prevents this leakage of recipient identities from ciphertexts but at a cost of a linear lower bound (in the number of receivers) on the length of ciphertexts. A linear ciphertext length is a highly undesirable bottleneck in any large-scale broadcast application. In this thesis, we propose a less stringent yet very meaningful notion of anonymity for anonymous broadcast encryption called Outsider-Anonymous Broadcast Encryption (oABE) that allows the creation of ciphertexts that are sublinear in the number of receivers. We construct several oABE schemes with varying security guarantees and levels of efficiency. We also present two very interesting cryptographic applications afforded by the efficiency of our oABE schemes. The first is Broadcast Steganography (BS), the extension of the state of the art setting of point-to-point steganography to the multi-recipient setting. The second is Oblivious Group Storage (OGS), the introduction of fine-grained data access control policies to the setting of multi-client oblivious cloud storage protocols

Anonymous broadcast encryption with an untrusted gateway

We propose a verifiable and anonymous broadcast encryption scheme, where an \u27untrusted\u27 gateway can verify incoming communication flows to ensure only the intended anonymous receivers in the target domain can receive them. This scenario is interesting while the privacy of receivers should be considered. The difficulty in this setting is how to achieve both confidentiality of the message and anonymity of receivers during the gateway verification. To achieve this goal, we introduce a new notion of encrypted identity search, which allows the gateway blindly verifies the incoming traffic. Our scheme captures security properties: confidentiality and anonymity against dishonest gateway, corrupted receivers and collusion attacks. We present a concrete construction of gateway-based verifiable and anonymous broadcast encryption system from bilinear pairings, and give its security reduction under the computational assumptions related to bilinear pairings

Anonymous Key Generation Technique with Contributory Broadcast Encryption

Encryption is used in a communication system to secure information in the transmitted messages from anyone other than the well-intended receiver. To perform the encryption and decryption the transmitter and receiver should have matching encryption and decryption keys. For sending safeguard information to group needed broadcast encryption (BE). BE allows a sender to securely broadcast to any subset of members and require a trusted party to distribute decryption keys. Group key agreement (GKA) protocol allows a number of users to establish a common secret channel via open networks. Observing that a major goal of GKA for most applications is to create a confidential channel among group members, but a sender cannot omit any particular member from decrypting the cipher texts. By bridging BE and GKA notion with a hybrid primitive referred to as contributory broadcast encryption (CBE). With these primitives, a group of members move through a common public encryption key while each member having there decryption key. A sender seeing the public group encryption key can limit the decryption to subset of members of sender’s choice. A simple way to generate these keys is to use the public key distribution system invented by Diffie and Hellman. That system, however, pass only one pair of communication stations to share a particular pair of encryption and decryption keys. Key distribution sets are used to generate keys and Elliptic Curve Cryptography (ECC) is used for the encryption and decryption of documents; and this going to provide the security for the documents over group communication

An Attribute-Based Anonymous Broadcast Encryption Scheme with Adaptive Security in the Standard Model

In broadcast encryption schemes, a distribution center broadcasts an encrypted message to a subset $S$ chosen from a universe of receivers and only the intended users are able to decrypt the message. Most broadcast encryption schemes do not provide anonymity and the identities of target receivers are sent in plaintext. However, in several applications, the authorized users\u27 identities has the same sensitivity as the message itself. YRL, is an anonymous attribute-based broadcast encryption scheme with linear computation, communication and storage overheads in the number of attributes. In this paper, we first propose an attack on the YRL scheme and show that unfortunately the unauthorized receivers can also decrypt the broadcasted message. Next, we propose the Improved-YRL scheme and prove that it achieves anonymity and semantic security under adaptive corruptions in the chosen ciphertext setting. The proof is provided using the dual system encryption technique and is based on three complexity assumptions in composite order bilinear maps. The Improved-YRL scheme is a step forward in solving the long-standing problem of secure and low overhead anonymous broadcast encryption

Outsider-Anonymous Broadcast Encryption with Keyword Search: Generic Construction, CCA Security, and with Sublinear Ciphertexts

As a multi-receiver variants of public key encryption with keyword search (PEKS), broadcast encryption with keyword search (BEKS) has been proposed (Attrapadung et al. at ASIACRYPT 2006/Chatterjee-Mukherjee at INDOCRYPT 2018). Unlike broadcast encryption, no receiver anonymity is considered because the test algorithm takes a set of receivers as input and thus a set of receivers needs to be contained in a ciphertext. In this paper, we propose a generic construction of BEKS from anonymous and weakly robust 3-level hierarchical identity-based encryption (HIBE). The proposed generic construction provides outsider anonymity, where an adversary is allowed to obtain secret keys of outsiders who do not belong to the challenge sets, and provides sublinear-size ciphertext in terms of the number of receivers. Moreover, the proposed construction considers security against chosen-ciphertext attack (CCA) where an adversary is allowed to access a test oracle in the searchable encryption context. The proposed generic construction can be seen as an extension to the Fazio-Perera generic construction of anonymous broadcast encryption (PKC 2012) from anonymous and weakly robust identity-based encryption (IBE) and the Boneh et al. generic construction of PEKS (EUROCRYPT 2004) from anonymous IBE. We run the Fazio-Perera construction employs on the first-level identity and run the Boneh et al. generic construction on the second-level identity, i.e., a keyword is regarded as a second-level identity. The third-level identity is used for providing CCA security by employing one-time signatures. We also introduce weak robustness in the HIBE setting, and demonstrate that the Abdalla et al. generic transformation (TCC 2010/JoC 2018) for providing weak robustness to IBE works for HIBE with an appropriate parameter setting. We also explicitly introduce attractive concrete instantiations of the proposed generic construction from pairings and lattices, respectively

On Secure Workflow Decentralisation on the Internet

Decentralised workflow management systems are a new research area, where most work to-date has focused on the system's overall architecture. As little attention has been given to the security aspects in such systems, we follow a security driven approach, and consider, from the perspective of available security building blocks, how security can be implemented and what new opportunities are presented when empowering the decentralised environment with modern distributed security protocols. Our research is motivated by a more general question of how to combine the positive enablers that email exchange enjoys, with the general benefits of workflow systems, and more specifically with the benefits that can be introduced in a decentralised environment. This aims to equip email users with a set of tools to manage the semantics of a message exchange, contents, participants and their roles in the exchange in an environment that provides inherent assurances of security and privacy. This work is based on a survey of contemporary distributed security protocols, and considers how these protocols could be used in implementing a distributed workflow management system with decentralised control . We review a set of these protocols, focusing on the required message sequences in reviewing the protocols, and discuss how these security protocols provide the foundations for implementing core control-flow, data, and resource patterns in a distributed workflow environment

Generic Construction of Broadcast Authenticated Encryption with Keyword Search

As a multi-receiver variant of public key authenticated encryption with keyword search (PAEKS), broadcast authenticated encryption with keyword search (BAEKS) was proposed by Liu et al. (ACISP 2021). BAEKS focuses on receiver anonymity, where no information about the receiver is leaked from ciphertexts, which is reminiscent of the anonymous broadcast encryption. Here, there are rooms for improving their security definitions, e.g., two challenge sets of receivers are selected before the setup phase, and an adversary is not allowed to corrupt any receiver. In this paper, we propose a generic construction of BAEKS derived from PAEKS that provides ciphertext anonymity and consistency in a multi-receiver setting. The proposed construction is an extension of the generic construction proposed by Libert et al. (PKC 2012) for the anonymous broadcast encryption and provides adaptive corruptions. We also demonstrate that the Qin et al. PAEKS scheme (ProvSec 2021) provides ciphertext anonymity and consistency in a multi-receiver setting and can be employed as a building block of the proposed generic construction. Moreover, we demonstrate that the Mukherjee BAEKS scheme (ACISP 2023) can be employed as a building block of the proposed generic construction