Collusion Resistant Broadcast and Trace from Positional Witness Encryption

An emerging trend is for researchers to identify cryptography primitives for which feasibility was first established under obfuscation and then move the realization to a different setting. In this work we explore a new such avenue — to move obfuscation-based cryptography to the assumption of (positional) witness encryption. Our goal is to develop techniques and tools, which we will dub “witness encryption friendly” primitives and use these to develop a methodology for building advanced cryptography from positional witness encryption. We take a bottom up approach and pursue our general agenda by attacking the specific problem of building collusion-resistant broadcast systems with tracing from positional witness encryption. We achieve a system where the size of ciphertexts, public key and private key are polynomial in the security parameter $\lambda$ and independent of the number of users N in the broadcast system. Currently, systems with such parameters are only known from indistinguishability obfuscation

A Concise Bounded Anonymous Broadcast Yielding Combinatorial Trace-and-Revoke Schemes

Broadcast Encryption is a fundamental primitive supporting sending a secure message to any chosen target set of $N$ users. While many efficient constructions are known, understanding the efficiency possible for an ``Anonymous Broadcast Encryption\u27\u27 (ANOBE), i.e., one which can hide the target set itself, is quite open. The best solutions by Barth, Boneh, and Waters (\u2706) and Libert, Paterson, and Quaglia (\u2712) are built on public key encryption (PKE) and their ciphertext sizes are, in fact, $N$ times that of the underlying PKE (rate=$N$). Kiayias and Samary (\u2712), in turn, showed a lower bound showing that such rate is the best possible if $N$ is an independent unbounded parameter. However, when considering certain user set size bounded by a system parameter (e.g., the security parameter), the problem remains interesting. We consider the problem of comparing ANOBE with PKE under the same assumption. We call such schemes Anonymous Broadcast Encryption for Bounded Universe -- AnoBEB. We first present an AnoBEB construction for up to $k$ users from LWE assumption, where $k$ is bounded by the scheme security parameter. The scheme does not grow with the parameter and beat the PKE method. Actually, our scheme is as efficient as the underlying LWE public-key encryption; namely, the rate is, in fact, $1$ and thus optimal. The scheme is achieved easily by an observation about an earlier scheme with a different purpose. More interestingly, we move on to employ the new AnoBEB in other multimedia broadcasting methods and, as a second contribution, we introduce a new approach to construct an efficient ``Trace and Revoke scheme\u27\u27 which combines the functionalites of revocation and of tracing people (called traitors) who in a broadcasting schemes share their keys with the adversary which, in turn, generates a pirate receiver. Note that, as was put forth by Kiayias and Yung (EUROCRYPT \u2702), combinatorial traitor tracing schemes can be constructed by combining a system for small universe, integrated via an outer traceability codes (collusion-secure code or identifying parent property (IPP) code). There were many efficient traitor tracing schemes from traceability codes, but no known scheme supports revocation as well. Our new approach integrates our AnoBEB system with a Robust IPP code, introduced by Barg and Kabatiansky (IEEE IT \u2713). This shows an interesting use for robust IPP in cryptography. The robust IPP codes were only implicitly shown by an existence proof. In order to make our technique concrete, we propose two explicit instantiations of robust IPP codes. Our final construction gives the most efficient trace and revoke scheme in the bounded collusion model

Broadcast, Trace and Revoke with Optimal Parameters from Polynomial Hardness

A broadcast, trace and revoke system generalizes broadcast encryption as well as traitor tracing. In such a scheme, an encryptor can specify a list $L \subseteq N$ of revoked users so that (i) users in $L$ can no longer decrypt ciphertexts, (ii) ciphertext size is independent of $L$, (iii) a pirate decryption box supports tracing of compromised users. The ``holy grail\u27\u27 of this line of work is a construction which resists unbounded collusions, achieves all parameters (including public and secret key) sizes independent of $|L|$ and $|N|$, and is based on polynomial hardness assumptions. In this work we make the following contributions: 1. Public Trace Setting: We provide a construction which (i) achieves optimal parameters, (ii) supports embedding identities (from an exponential space) in user secret keys, (iii) relies on polynomial hardness assumptions, namely compact functional encryption (${\sf FE}$) and a key-policy attribute based encryption (${\sf ABE}$) with special efficiency properties, and (iv) enjoys adaptive security with respect to the revocation list. The previous best known construction by Nishimaki, Wichs and Zhandry (Eurocrypt 2016) which achieved optimal parameters and embedded identities, relied on indistinguishability obfuscation, which is considered an inherently subexponential assumption and achieved only selective security with respect to the revocation list. 2. Secret Trace Setting: We provide the first construction with optimal ciphertext, public and secret key sizes and embedded identities from any assumption outside Obfustopia. In detail, our construction relies on Lockable Obfuscation which can be constructed using ${\sf LWE}$ (Goyal, Koppula, Waters and Wichs, Zirdelis, Focs 2017) and two ${\sf ABE}$ schemes: (i) the key-policy scheme with special efficiency properties by Boneh et al. (Eurocrypt 2014) and (ii) a ciphertext-policy ${\sf ABE}$ for ${\sf P}$ which was recently constructed by Wee (Eurocrypt 2022) using a new assumption called {\it evasive and tensor} ${\sf LWE}$. This assumption, introduced to build an ${\sf ABE}$, is believed to be much weaker than lattice based assumptions underlying ${\sf FE}$ or ${\sf iO}$ -- in particular it is required even for lattice based broadcast, without trace. Moreover, by relying on subexponential security of ${\sf LWE}$, both our constructions can also support a super-polynomial sized revocation list, so long as it allows efficient representation and membership testing. Ours is the first work to achieve this, to the best of our knowledge

New Techniques for Traitor Tracing: Size N1/3N^{1/3} and More from Pairings

The best existing pairing-based traitor tracing schemes have $O(\sqrt{N})$-sized parameters, which has stood since 2006. This intuitively seems to be consistent with the fact that pairings allow for degree-2 computations, yielding a quadratic compression. In this work, we show that this intuition is false by building a tracing scheme from pairings with $O(\sqrt[3]{N})$-sized parameters. We additionally give schemes with a variety of parameter size trade-offs, including a scheme with constant-size ciphertexts and public keys (but linear-sized secret keys). All of our schemes make black-box use of the pairings. We obtain our schemes by developing a number of new traitor tracing techniques, giving the first significant parameter improvements in pairings-based traitor tracing in over a decade

Democracy Enhancing Technologies: Toward deployable and incoercible E2E elections

End-to-end verifiable election systems (E2E systems) provide a provably correct tally while maintaining the secrecy of each voter's ballot, even if the voter is complicit in demonstrating how they voted. Providing voter incoercibility is one of the main challenges of designing E2E systems, particularly in the case of internet voting. A second challenge is building deployable, human-voteable E2E systems that conform to election laws and conventions. This dissertation examines deployability, coercion-resistance, and their intersection in election systems. In the course of this study, we introduce three new election systems, (Scantegrity, Eperio, and Selections), report on two real-world elections using E2E systems (Punchscan and Scantegrity), and study incoercibility issues in one deployed system (Punchscan). In addition, we propose and study new practical primitives for random beacons, secret printing, and panic passwords. These are tools that can be used in an election to, respectively, generate publicly verifiable random numbers, distribute the printing of secrets between non-colluding printers, and to covertly signal duress during authentication. While developed to solve specific problems in deployable and incoercible E2E systems, these techniques may be of independent interest

Advances in Information Security and Privacy

With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue

Improvements on the enforcement process based on intelligent transportation techniques: model and mechanisms for electronic reporting, offence notification and evidence generation

Enforcement activities in the road traffi c context have shown to be one of the key factors for reducing fatalities. However, despite their evolution (both in their underlying legislation and their technical means), there are several aspects that may be subject to improvement. Three of them are on the focus of this thesis. First, victims of offenders are usually not able to report them, as there are not enough data to support their claims. Second, there is a significant delay between the offence and its notification, which negatively affects to its educational purpose. Third, the offender does not have the practical chance to defend herself (i.e. claim her innocence or, at least, that it was a less serious offence) as there are no suitable attesting elements. In order to contribute on these issues, recent advances on data processing, communication and sensing capabilities of vehicles conform an interesting technological context. These new capabilities are the basis over which a new family of services, called Intelligent Transportation Systems (ITS) are being developed. Despite the new opportunities provided by ITSs, it does not exist an adequate framework to guide the introduction of these new techniques in the surveillance of the adherence to the road traffi c rules. Thus, there is a lack of a clear view on how these techniques may help on the aforementioned problems. The general goal of this thesis is to provide the technical basis for the realization of an ITS-enhanced electronic road traffi c administrative enforcement process. Particularly, four contributions are developed in this thesis. First, an enforcement process model is proposed, based on the results of the European VERA2 project. The model describes the entities, the stakeholders, the data at stake and the underlying security considerations. It conforms the aforementioned framework that enables identifying where to introduce the required ITS enhancements. Based on the previous model, the remaining contributions focus on the development of specific mechanisms where the enforcement actors (the offender, the offence witnesses, the victims and the Authority) participate actively through ITS-related technologies. Thus, the second contribution is a mechanism that enables victims to report their offenders. In order to prevent this action to be noticeable by the reported driver, the report information is embedded into innocuous-looking messages by means of steganography. As the educational purpose of the punishment grows with its immediacy, the third contribution is a protocol to send an offence notification to the offending vehicle. Thanks to the human-machine interface of the vehicle, the offender is able to realize about the fine even during the same trip in which the offence was committed. Finally, in order to ensure that the driver has adequate means to defend herself against unfair punishments, a protocol to create evidences on its recent driving behavior has been proposed. Such evidences are based on the sensorial perceptions by surrounding vehicles, which are contacted using ITS communication technologies. At the light of these contributions, this thesis opens the door to upcoming developments that may end into a fully automated enforcement process. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Uno de los factores m as críticos para la reducción de la siniestralidad en las carreteras es la vigilancia del cumplimiento de las normas de circulación. A pesar de la evolución de los procedimientos y técnicas para efectuar dicha vigilancia (tanto en el ámbito normativo como en el técnico), existen algunos factores que son susceptibles de mejora. Tres de ellos constituyen el foco principal de esta tesis. En primer lugar, las víctimas de los infractores no disponen de medios prácticos para denunciarles, pues habitualmente no existen datos que permitan acreditar la descripción de los hechos manifestada. En segundo lugar, existe un intervalo significativo de tiempo entre la comisión de la infracción y la recepción de la notificación de la correspondiente denuncia, lo que afecta negativamente a la capacidad educativa de las sanciones. En tercer lugar, el supuesto infractor no dispone de medios prácticos para defenderse, pues habitualmente no se cuenta con elementos que soporten su argumento. Con el fin de contribuir a estas cuestiones, los avances recientes en materia de procesamiento de información, transmisión de información y percepción sensorial en los vehículos constituyen un contexto tecnológico interesante. Estas nuevas capacidades son la base sobre la que se construyen los Sistemas Inteligentes de Transporte (habitualmente referidos mediante sus siglas en ingl es, ITS). A pesar del desarrollo constante de dichos sistemas, no existe un marco adecuado para la utilización de dichas capacidades en el ámbito de la vigilancia del cumplimiento de las normas de circulación. Así, se detecta una carencia de una visión clara de cómo estas nuevas técnicas pueden contribuir a resolver los aspectos problemáticos identificados anteriormente. El objetivo general de esta tesis es proporcionar la base técnica para el desarrollo de un procedimiento administrativo sancionador en el ámbito del tr áfico que aproveche las oportunidades que plantean los ITS. En particular, en esta tesis se desarrollan cuatro contribuciones. En primer lugar, se propone un modelo de procedimiento administrativo sancionador, extendiendo los resultados del proyecto de investigación europeo VERA2. Este modelo describe las entidades participantes, los interesados, la información en juego y las consideraciones de seguridad subyacentes. Este modelo constituye el antedicho marco y permite identificar la forma de introducir las tecnologías ITS en dicho proceso. Basándose en este modelo, las contribuciones restantes se centran en el desarrollo de mecanismos espec íficos en los que los actores del proceso (el infractor, los testigos, las víctimas y la Autoridad) participan activamente empleando tecnologías relacionadas con los ITS. Así, la segunda contribuci ó es un mecanismo que permite a las víctimas denunciar a los infractores. Con el objetivo de impedir que dicha denuncia sea conocida por el infractor, el mensaje es introducido mediante técnicas esteganográficas en otro mensaje aparentemente inofensivo. La tercera contribución es el envío de la notificaci on de forma directa al vehí culo infractor, lo cual pretende incrementar la inmediatez del proceso (ya que se le puede presentar al infractor durante la conducción) y, con ello, su eficacia educativa. Finalmente, para promover que el conductor disponga de los medios adecuados para defenderse de sanciones supuestamente injustas, se propone un protocolo para la creaci on de evidencias que describan su comportamiento reciente en lo que respecta a la conducción. Dichas evidencias se basan en las percepciones sensoriales de los vehículos cercanos, los cuales son contactados empleando tecnologías de comunicaci on relacionadas con los ITS. A la vista de estas contribuciones, esta tesis abre la puerta al futuro desarrollo de un proceso sancionador completamente automatizado

A Trust Management Framework for Vehicular Ad Hoc Networks

The inception of Vehicular Ad Hoc Networks (VANETs) provides an opportunity for road users and public infrastructure to share information that improves the operation of roads and the driver experience. However, such systems can be vulnerable to malicious external entities and legitimate users. Trust management is used to address attacks from legitimate users in accordance with a user’s trust score. Trust models evaluate messages to assign rewards or punishments. This can be used to influence a driver’s future behaviour or, in extremis, block the driver. With receiver-side schemes, various methods are used to evaluate trust including, reputation computation, neighbour recommendations, and storing historical information. However, they incur overhead and add a delay when deciding whether to accept or reject messages. In this thesis, we propose a novel Tamper-Proof Device (TPD) based trust framework for managing trust of multiple drivers at the sender side vehicle that updates trust, stores, and protects information from malicious tampering. The TPD also regulates, rewards, and punishes each specific driver, as required. Furthermore, the trust score determines the classes of message that a driver can access. Dissemination of feedback is only required when there is an attack (conflicting information). A Road-Side Unit (RSU) rules on a dispute, using either the sum of products of trust and feedback or official vehicle data if available. These “untrue attacks” are resolved by an RSU using collaboration, and then providing a fixed amount of reward and punishment, as appropriate. Repeated attacks are addressed by incremental punishments and potentially driver access-blocking when conditions are met. The lack of sophistication in this fixed RSU assessment scheme is then addressed by a novel fuzzy logic-based RSU approach. This determines a fairer level of reward and punishment based on the severity of incident, driver past behaviour, and RSU confidence. The fuzzy RSU controller assesses judgements in such a way as to encourage drivers to improve their behaviour. Although any driver can lie in any situation, we believe that trustworthy drivers are more likely to remain so, and vice versa. We capture this behaviour in a Markov chain model for the sender and reporter driver behaviours where a driver’s truthfulness is influenced by their trust score and trust state. For each trust state, the driver’s likelihood of lying or honesty is set by a probability distribution which is different for each state. This framework is analysed in Veins using various classes of vehicles under different traffic conditions. Results confirm that the framework operates effectively in the presence of untrue and inconsistent attacks. The correct functioning is confirmed with the system appropriately classifying incidents when clarifier vehicles send truthful feedback. The framework is also evaluated against a centralized reputation scheme and the results demonstrate that it outperforms the reputation approach in terms of reduced communication overhead and shorter response time. Next, we perform a set of experiments to evaluate the performance of the fuzzy assessment in Veins. The fuzzy and fixed RSU assessment schemes are compared, and the results show that the fuzzy scheme provides better overall driver behaviour. The Markov chain driver behaviour model is also examined when changing the initial trust score of all drivers

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: vehicular ad-hoc networks, security and caching, TCP in ad-hoc networks and emerging applications. It is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

LIPIcs, Volume 251, ITCS 2023, Complete Volume

LIPIcs, Volume 251, ITCS 2023, Complete Volum