4,280 research outputs found
Distributed Key Management for Secure Role Based Messaging
Secure Role Based Messaging (SRBM) augments messaging systems with role oriented communication in a secure manner. Role occupants can sign and decrypt messages on behalf of roles. This paper identifies the requirements of SRBM and recognises the need for: distributed key shares, fast membership revocation, mandatory security controls and detection of identity spoofing. A shared RSA scheme is constructed. RSA keys are shared and distributed to role occupants and role gate keepers. Role occupants and role gate keepers must cooperate together to use the key shares to sign and decrypt the messages. Role occupant signatures can be verified by an audit service. A SRBM system architecture is developed to show the security related performance of the proposed scheme, which also demonstrates the implementation of fast membership revocation, mandatory security control and prevention of spoofing. It is shown that the proposed scheme has successfully coupled distributed security with mandatory security controls to realize secure role based messaging
Lattice-Based Group Signatures: Achieving Full Dynamicity (and Deniability) with Ease
In this work, we provide the first lattice-based group signature that offers
full dynamicity (i.e., users have the flexibility in joining and leaving the
group), and thus, resolve a prominent open problem posed by previous works.
Moreover, we achieve this non-trivial feat in a relatively simple manner.
Starting with Libert et al.'s fully static construction (Eurocrypt 2016) -
which is arguably the most efficient lattice-based group signature to date, we
introduce simple-but-insightful tweaks that allow to upgrade it directly into
the fully dynamic setting. More startlingly, our scheme even produces slightly
shorter signatures than the former, thanks to an adaptation of a technique
proposed by Ling et al. (PKC 2013), allowing to prove inequalities in
zero-knowledge. Our design approach consists of upgrading Libert et al.'s
static construction (EUROCRYPT 2016) - which is arguably the most efficient
lattice-based group signature to date - into the fully dynamic setting.
Somewhat surprisingly, our scheme produces slightly shorter signatures than the
former, thanks to a new technique for proving inequality in zero-knowledge
without relying on any inequality check. The scheme satisfies the strong
security requirements of Bootle et al.'s model (ACNS 2016), under the Short
Integer Solution (SIS) and the Learning With Errors (LWE) assumptions.
Furthermore, we demonstrate how to equip the obtained group signature scheme
with the deniability functionality in a simple way. This attractive
functionality, put forward by Ishida et al. (CANS 2016), enables the tracing
authority to provide an evidence that a given user is not the owner of a
signature in question. In the process, we design a zero-knowledge protocol for
proving that a given LWE ciphertext does not decrypt to a particular message
Server-Aided Revocable Predicate Encryption: Formalization and Lattice-Based Instantiation
Efficient user revocation is a necessary but challenging problem in many
multi-user cryptosystems. Among known approaches, server-aided revocation
yields a promising solution, because it allows to outsource the major workloads
of system users to a computationally powerful third party, called the server,
whose only requirement is to carry out the computations correctly. Such a
revocation mechanism was considered in the settings of identity-based
encryption and attribute-based encryption by Qin et al. (ESORICS 2015) and Cui
et al. (ESORICS 2016), respectively.
In this work, we consider the server-aided revocation mechanism in the more
elaborate setting of predicate encryption (PE). The latter, introduced by Katz,
Sahai, and Waters (EUROCRYPT 2008), provides fine-grained and role-based access
to encrypted data and can be viewed as a generalization of identity-based and
attribute-based encryption. Our contribution is two-fold. First, we formalize
the model of server-aided revocable predicate encryption (SR-PE), with rigorous
definitions and security notions. Our model can be seen as a non-trivial
adaptation of Cui et al.'s work into the PE context. Second, we put forward a
lattice-based instantiation of SR-PE. The scheme employs the PE scheme of
Agrawal, Freeman and Vaikuntanathan (ASIACRYPT 2011) and the complete subtree
method of Naor, Naor, and Lotspiech (CRYPTO 2001) as the two main ingredients,
which work smoothly together thanks to a few additional techniques. Our scheme
is proven secure in the standard model (in a selective manner), based on the
hardness of the Learning With Errors (LWE) problem.Comment: 24 page
- …