Signcryption schemes with threshold unsigncryption, and applications

The final publication is available at link.springer.comThe goal of a signcryption scheme is to achieve the same functionalities as encryption and signature together, but in a more efficient way than encrypting and signing separately. To increase security and reliability in some applications, the unsigncryption phase can be distributed among a group of users, through a (t, n)-threshold process. In this work we consider this task of threshold unsigncryption, which has received very few attention from the cryptographic literature up to now (maybe surprisingly, due to its potential applications). First we describe in detail the security requirements that a scheme for such a task should satisfy: existential unforgeability and indistinguishability, under insider chosen message/ciphertext attacks, in a multi-user setting. Then we show that generic constructions of signcryption schemes (by combining encryption and signature schemes) do not offer this level of security in the scenario of threshold unsigncryption. For this reason, we propose two new protocols for threshold unsigncryption, which we prove to be secure, one in the random oracle model and one in the standard model. The two proposed schemes enjoy an additional property that can be very useful. Namely, the unsigncryption protocol can be divided in two phases: a first one where the authenticity of the ciphertext is verified, maybe by a single party; and a second one where the ciphertext is decrypted by a subset of t receivers, without using the identity of the sender. As a consequence, the schemes can be used in applications requiring some level of anonymity, such as electronic auctions.Peer ReviewedPostprint (author's final draft

Efficient Conditional Proxy Re-encryption with Chosen-Ciphertext Security

Recently, a variant of proxy re-encryption, named conditional proxy re-encryption (C-PRE), has been introduced. Compared with traditional proxy re-encryption, C-PRE enables the delegator to implement fine-grained delegation of decryption rights, and thus is more useful in many applications. In this paper, based on a careful observation on the existing definitions and security notions for C-PRE, we reformalize more rigorous definition and security notions for C-PRE. We further propose a more efficient C-PRE scheme, and prove its chosenciphertext security under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model. In addition, we point out that a recent C-PRE scheme fails to achieve the chosen-ciphertext security

A New Cryptosystem Based On Hidden Order Groups

Let $G_1$ be a cyclic multiplicative group of order $n$. It is known that the Diffie-Hellman problem is random self-reducible in $G_1$ with respect to a fixed generator $g$ if $\phi(n)$ is known. That is, given $g, g^x\in G_1$ and having oracle access to a `Diffie-Hellman Problem' solver with fixed generator $g$, it is possible to compute $g^{1/x} \in G_1$ in polynomial time (see theorem 3.2). On the other hand, it is not known if such a reduction exists when $\phi(n)$ is unknown (see conjuncture 3.1). We exploit this ``gap'' to construct a cryptosystem based on hidden order groups and present a practical implementation of a novel cryptographic primitive called an \emph{Oracle Strong Associative One-Way Function} (O-SAOWF). O-SAOWFs have applications in multiparty protocols. We demonstrate this by presenting a key agreement protocol for dynamic ad-hoc groups.Comment: removed examples for multiparty key agreement and join protocols, since they are redundan

Certificate-Less Searchable Encryption with a Refreshing Keyword Search

Public Key Encryptions with Keyword Search (PEKS) scheme had been hosted for keeping data security and privacy of outsourced data in a cloud environment. It is also used to provide search operations on encrypted data. Nevertheless, most of the existing PEKS schemes are disposed to key-escrow problems due to the private key of the target users are known by the Key Generating Center (KGC). To improve the key escrow issue in PEKS schemes, the Certificate-Less Public Key Encryptions with Keyword Search (CL-PEKS) scheme has been designed. Meanwhile, the existing CL-PEKS schemes do not consider refreshing keyword searches. Due to this, the cloud server can store search trapdoors for keywords used in the system and can launch keyword guessing attacks. In this research work, we proposed Certificate-Less Searchable Encryption with a Refreshing Keyword Search (CL-SERKS) scheme by attaching date information to the encrypted data and keyword. We demonstrated that our proposed scheme is secure against adaptively chosen keyword attacks against both types of adversaries, where one adversary is given the power to select a random public key as a replacement for the user’s public key whereas another adversary is allowed to learn the system master key in the random oracle model under the Bilinear Diffie-Hellman problem assumption. We evaluated the performance of the proposed scheme in terms of both computational cost and communication cost. Experimental results show that the proposed CL-SERKS scheme has better computational cost during the key generation phase and testing phase than two related schemes. It also has lower communication costs than both related schemes