3,284 research outputs found
Chosen-ciphertext security from subset sum
We construct a public-key encryption (PKE) scheme whose
security is polynomial-time equivalent to the hardness of the Subset Sum problem. Our scheme achieves the standard notion of indistinguishability against chosen-ciphertext attacks (IND-CCA) and can be used to encrypt messages of arbitrary polynomial length, improving upon a previous construction by Lyubashevsky, Palacio, and Segev (TCC 2010) which achieved only the weaker notion of semantic security (IND-CPA) and whose concrete security decreases with the length of the message being encrypted. At the core of our construction is a trapdoor technique which originates in the work of Micciancio and Peikert (Eurocrypt 2012
Server-Aided Revocable Predicate Encryption: Formalization and Lattice-Based Instantiation
Efficient user revocation is a necessary but challenging problem in many
multi-user cryptosystems. Among known approaches, server-aided revocation
yields a promising solution, because it allows to outsource the major workloads
of system users to a computationally powerful third party, called the server,
whose only requirement is to carry out the computations correctly. Such a
revocation mechanism was considered in the settings of identity-based
encryption and attribute-based encryption by Qin et al. (ESORICS 2015) and Cui
et al. (ESORICS 2016), respectively.
In this work, we consider the server-aided revocation mechanism in the more
elaborate setting of predicate encryption (PE). The latter, introduced by Katz,
Sahai, and Waters (EUROCRYPT 2008), provides fine-grained and role-based access
to encrypted data and can be viewed as a generalization of identity-based and
attribute-based encryption. Our contribution is two-fold. First, we formalize
the model of server-aided revocable predicate encryption (SR-PE), with rigorous
definitions and security notions. Our model can be seen as a non-trivial
adaptation of Cui et al.'s work into the PE context. Second, we put forward a
lattice-based instantiation of SR-PE. The scheme employs the PE scheme of
Agrawal, Freeman and Vaikuntanathan (ASIACRYPT 2011) and the complete subtree
method of Naor, Naor, and Lotspiech (CRYPTO 2001) as the two main ingredients,
which work smoothly together thanks to a few additional techniques. Our scheme
is proven secure in the standard model (in a selective manner), based on the
hardness of the Learning With Errors (LWE) problem.Comment: 24 page
Forward-secure hierarchical predicate encryption
Secrecy of decryption keys is an important pre-requisite for security of any encryption scheme and compromised private keys must be immediately replaced. \emph{Forward Security (FS)}, introduced to Public Key Encryption (PKE) by Canetti, Halevi, and Katz (Eurocrypt 2003), reduces damage from compromised keys by guaranteeing confidentiality of messages that were encrypted prior to the compromise event. The FS property was also shown to be achievable in (Hierarchical) Identity-Based Encryption (HIBE) by Yao, Fazio, Dodis, and Lysyanskaya (ACM CCS 2004). Yet, for emerging encryption techniques, offering flexible access control to encrypted data, by means of functional relationships between ciphertexts and decryption keys, FS protection was not known to exist.\smallskip In this paper we introduce FS to the powerful setting of \emph{Hierarchical Predicate Encryption (HPE)}, proposed by Okamoto and Takashima (Asiacrypt 2009). Anticipated applications of FS-HPE schemes can be found in searchable encryption and in fully private communication. Considering the dependencies amongst the concepts, our FS-HPE scheme implies forward-secure flavors of Predicate Encryption and (Hierarchical) Attribute-Based Encryption.\smallskip Our FS-HPE scheme guarantees forward security for plaintexts and for attributes that are hidden in HPE ciphertexts. It further allows delegation of decrypting abilities at any point in time, independent of FS time evolution. It realizes zero-inner-product predicates and is proven adaptively secure under standard assumptions. As the ``cross-product" approach taken in FS-HIBE is not directly applicable to the HPE setting, our construction resorts to techniques that are specific to existing HPE schemes and extends them with what can be seen as a reminiscent of binary tree encryption from FS-PKE
AnonyControl: Control Cloud Data Anonymously with Multi-Authority Attribute-Based Encryption
Cloud computing is a revolutionary computing paradigm which enables flexible,
on-demand and low-cost usage of computing resources. However, those advantages,
ironically, are the causes of security and privacy problems, which emerge
because the data owned by different users are stored in some cloud servers
instead of under their own control. To deal with security problems, various
schemes based on the Attribute- Based Encryption (ABE) have been proposed
recently. However, the privacy problem of cloud computing is yet to be solved.
This paper presents an anonymous privilege control scheme AnonyControl to
address the user and data privacy problem in a cloud. By using multiple
authorities in cloud computing system, our proposed scheme achieves anonymous
cloud data access, finegrained privilege control, and more importantly,
tolerance to up to (N -2) authority compromise. Our security and performance
analysis show that AnonyControl is both secure and efficient for cloud
computing environment.Comment: 9 pages, 6 figures, 3 tables, conference, IEEE INFOCOM 201
Conditionals in Homomorphic Encryption and Machine Learning Applications
Homomorphic encryption aims at allowing computations on encrypted data
without decryption other than that of the final result. This could provide an
elegant solution to the issue of privacy preservation in data-based
applications, such as those using machine learning, but several open issues
hamper this plan. In this work we assess the possibility for homomorphic
encryption to fully implement its program without relying on other techniques,
such as multiparty computation (SMPC), which may be impossible in many use
cases (for instance due to the high level of communication required). We
proceed in two steps: i) on the basis of the structured program theorem
(Bohm-Jacopini theorem) we identify the relevant minimal set of operations
homomorphic encryption must be able to perform to implement any algorithm; and
ii) we analyse the possibility to solve -- and propose an implementation for --
the most fundamentally relevant issue as it emerges from our analysis, that is,
the implementation of conditionals (requiring comparison and selection/jump
operations). We show how this issue clashes with the fundamental requirements
of homomorphic encryption and could represent a drawback for its use as a
complete solution for privacy preservation in data-based applications, in
particular machine learning ones. Our approach for comparisons is novel and
entirely embedded in homomorphic encryption, while previous studies relied on
other techniques, such as SMPC, demanding high level of communication among
parties, and decryption of intermediate results from data-owners. Our protocol
is also provably safe (sharing the same safety as the homomorphic encryption
schemes), differently from other techniques such as
Order-Preserving/Revealing-Encryption (OPE/ORE).Comment: 14 pages, 1 figure, corrected typos, added introductory pedagogical
section on polynomial approximatio
- ā¦