2,832 research outputs found
Fully Secure Spatial Encryption under Simple Assumptions with Constant-Size Ciphertexts
In this paper, we propose two new spatial encryption (SE) schemes based on existing inner product encryption (IPE) schemes.
Both of our SE schemes are fully secure under simple assumptions and in prime order bilinear groups.
Moreover, one of our SE schemes has constant-size ciphertexts.
Since SE implies hierarchical identity-based encryption (HIBE), we also obtain a fully secure HIBE scheme with constant-size ciphertexts under simple assumptions.
Our second SE scheme is attribute-hiding (or anonymous).
It has sizes of public parameters, secret keys and ciphertexts that are quadratically smaller than the currently known SE scheme with similar properties.
As a side result, we show that negated SE is equivalent to non-zero IPE.
This is somewhat interesting since the latter is known to be a special case of the former
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
Anonymous and Adaptively Secure Revocable IBE with Constant Size Public Parameters
In Identity-Based Encryption (IBE) systems, key revocation is non-trivial.
This is because a user's identity is itself a public key. Moreover, the private
key corresponding to the identity needs to be obtained from a trusted key
authority through an authenticated and secrecy protected channel. So far, there
exist only a very small number of revocable IBE (RIBE) schemes that support
non-interactive key revocation, in the sense that the user is not required to
interact with the key authority or some kind of trusted hardware to renew her
private key without changing her public key (or identity). These schemes are
either proven to be only selectively secure or have public parameters which
grow linearly in a given security parameter. In this paper, we present two
constructions of non-interactive RIBE that satisfy all the following three
attractive properties: (i) proven to be adaptively secure under the Symmetric
External Diffie-Hellman (SXDH) and the Decisional Linear (DLIN) assumptions;
(ii) have constant-size public parameters; and (iii) preserve the anonymity of
ciphertexts---a property that has not yet been achieved in all the current
schemes
An Identity-Based Group Signature with Membership Revocation in the Standard Model
Group signatures allow group members to sign an arbitrary number\ud
of messages on behalf of the group without revealing their\ud
identity. Under certain circumstances the group manager holding a\ud
tracing key can reveal the identity of the signer from the\ud
signature. Practical group signature schemes should support\ud
membership revocation where the revoked member loses the\ud
capability to sign a message on behalf of the group without\ud
influencing the other non-revoked members. A model known as\ud
\emph{verifier-local revocation} supports membership revocation.\ud
In this model the trusted revocation authority sends revocation\ud
messages to the verifiers and there is no need for the trusted\ud
revocation authority to contact non-revoked members to update\ud
their secret keys. Previous constructions of verifier-local\ud
revocation group signature schemes either have a security proof in the\ud
random oracle model or are non-identity based. A security proof\ud
in the random oracle model is only a heuristic proof and\ud
non-identity-based group signature suffer from standard Public Key\ud
Infrastructure (PKI) problems, i.e. the group public key is not\ud
derived from the group identity and therefore has to be certified.\ud
\ud
\ud
In this work we construct the first verifier-local revocation group\ud
signature scheme which is identity-based and which has a security proof in the standard model. In\ud
particular, we give a formal security model for the proposed\ud
scheme and prove that the scheme has the\ud
property of selfless-anonymity under the decision Linear (DLIN)\ud
assumption and it is fully-traceable under the\ud
Computation Diffie-Hellman (CDH) assumption. The proposed scheme is based on prime order bilinear\ud
groups
Forward-secure hierarchical predicate encryption
Secrecy of decryption keys is an important pre-requisite for security of any encryption scheme and compromised private keys must be immediately replaced. \emph{Forward Security (FS)}, introduced to Public Key Encryption (PKE) by Canetti, Halevi, and Katz (Eurocrypt 2003), reduces damage from compromised keys by guaranteeing confidentiality of messages that were encrypted prior to the compromise event. The FS property was also shown to be achievable in (Hierarchical) Identity-Based Encryption (HIBE) by Yao, Fazio, Dodis, and Lysyanskaya (ACM CCS 2004). Yet, for emerging encryption techniques, offering flexible access control to encrypted data, by means of functional relationships between ciphertexts and decryption keys, FS protection was not known to exist.\smallskip In this paper we introduce FS to the powerful setting of \emph{Hierarchical Predicate Encryption (HPE)}, proposed by Okamoto and Takashima (Asiacrypt 2009). Anticipated applications of FS-HPE schemes can be found in searchable encryption and in fully private communication. Considering the dependencies amongst the concepts, our FS-HPE scheme implies forward-secure flavors of Predicate Encryption and (Hierarchical) Attribute-Based Encryption.\smallskip Our FS-HPE scheme guarantees forward security for plaintexts and for attributes that are hidden in HPE ciphertexts. It further allows delegation of decrypting abilities at any point in time, independent of FS time evolution. It realizes zero-inner-product predicates and is proven adaptively secure under standard assumptions. As the ``cross-product" approach taken in FS-HIBE is not directly applicable to the HPE setting, our construction resorts to techniques that are specific to existing HPE schemes and extends them with what can be seen as a reminiscent of binary tree encryption from FS-PKE
Search Me If You Can: Privacy-preserving Location Query Service
Location-Based Service (LBS) becomes increasingly popular with the dramatic
growth of smartphones and social network services (SNS), and its context-rich
functionalities attract considerable users. Many LBS providers use users'
location information to offer them convenience and useful functions. However,
the LBS could greatly breach personal privacy because location itself contains
much information. Hence, preserving location privacy while achieving utility
from it is still an challenging question now. This paper tackles this
non-trivial challenge by designing a suite of novel fine-grained
Privacy-preserving Location Query Protocol (PLQP). Our protocol allows
different levels of location query on encrypted location information for
different users, and it is efficient enough to be applied in mobile platforms.Comment: 9 pages, 1 figure, 2 tables, IEEE INFOCOM 201
- ā¦