16 research outputs found
Constant-size threshold attribute based SignCryption for cloud applications
In this paper, we propose a novel constant-size threshold attribute-based signcryption scheme for securely
sharing data through public clouds. Our proposal has several advantages. First, it provides flexible cryptographic access control, while preserving users’ privacy as the identifying information for satisfying the access
control policy are not revealed. Second, the proposed scheme guarantees both data origin authentication and
anonymity thanks to the novel use of attribute based signcryption mechanism, while ensuring the unlinkability
between the different access sessions. Third, the proposed signcryption scheme has efficient computation cost
and constant communication overhead whatever the number of involved attributes. Finally, our scheme satisfies strong security properties in the random oracle model, namely Indistinguishability against the Adaptive
Chosen Ciphertext Attacks (IND-CCA2), Existential Unforgeability against Chosen Message Attacks (EUFCMA) and privacy preservation of the attributes involved in the signcryption process, based on the assumption
that the augmented Multi-Sequence of Exponents Decisional Diffie-Hellman (aMSE-DDH) problem and the
Computational Diffie Hellman Assumption (CDH) are hard
Attribute-Based Signcryption : Signer Privacy, Strong Unforgeability and IND-CCA2 Security in Adaptive-Predicates Attack
An Attribute-Based Signcryption (ABSC) is a natural extension of Attribute-Based Encryption (ABE) and Attribute-Based Signature (ABS), where we have the message confidentiality and authenticity together. Since the signer privacy is captured in security of ABS, it is quite natural to expect that the signer privacy will also be preserved in ABSC. In this paper, first we propose an ABSC scheme which is \textit{weak existential unforgeable, IND-CCA2} secure in \textit{adaptive-predicates} attack and achieves \textit{signer privacy}. Secondly, by applying strongly unforgeable one-time signature (OTS), the above scheme is lifted to an ABSC scheme to attain \textit{strong existential unforgeability} in \textit{adaptive-predicates} model. Both the ABSC schemes are constructed on common setup, i.e the public parameters and key are same for both the encryption and signature modules. Our first construction is in the flavor of paradigm, except one extra component that will
be computed using both signature components and ciphertext components. The second proposed construction follows a new paradigm (extension of ), we call it ``Commit then Encrypt and Sign then Sign (). The last signature is done using a strong OTS scheme. Since the non-repudiation is achieved by paradigm, our systems also achieve the same
Compact Attribute-Based Encryption and Signcryption for General Circuits from Multilinear Maps
Designing attribute-based systems supporting highly expressive access policies has been
one of the principal focus of research in attribute-based cryptography. While attribute-based encryption
(ABE) enables fine-grained access control over encrypted data in a multi-user environment,
attribute-based signature (ABS) provides a powerful tool for preserving signer anonymity. Attributebased
signcryption (ABSC), on the other hand, is a combination of ABE and ABS into a unified
cost-effective primitive. In this paper, we start by presenting a key-policy ABE supporting general
polynomial-size circuit realizable decryption policies and featuring compactness. More specifically,
our ABE construction exhibits short ciphertexts and shorter decryption keys compared to existing
similar works. We then proceed to design a key-policy ABSC scheme which enjoys several interesting
properties that were never achievable before. It supports arbitrary polynomial-size circuits, thereby
handles highly sophisticated control over signing and decryption rights. Besides, it generates short
ciphertext as well. Our ABE construction employs multilinear map of level , while that
used for our ABSC scheme has level , where , , and represent respectively the
input length of decryption policy circuits, input size of signing policy circuits, and depth of both
kinds of circuits. Selective security of our constructions are proven in the standard model under the
Multilinear Decisional Diffie-Hellman and Multilinear Computational Diffie-Hellman assumptions
which are standard complexity assumptions in the multilinear map setting. Our key-policy constructions
can be converted to the corresponding ciphertext-policy variants achieving short ciphertext by
utilizing the technique of universal circuits
A Constant Time, Single Round Attribute-Based Authenticated Key Exchange in Random Oracle Model
In this paper, we present a single round two-party {\em attribute-based authenticated key exchange} (ABAKE) protocol in the framework of ciphertext-policy attribute-based systems. Since pairing is a costly operation and the composite order groups must be very large to ensure security, we focus on pairing free protocols in prime order groups. The proposed protocol is pairing free, working in prime order group and having tight reduction to Strong Diffie Hellman (SDH) problem under the attribute-based Canetti Krawzyck (CK) model which is a natural extension of the CK model (which is for the PKI-based authenticated key exchange) for the attribute-based setting. The security proof is given in the random oracle model. Our ABAKE protocol does not depend on any underlying attribute-based encryption or signature schemes unlike the previous solutions for ABAKE. Ours is the \textit{first} scheme that removes this restriction. Thus, the first major advantage is that smaller key sizes are sufficient to achieve comparable security. Another notable feature of our construction is that it involves only constant number of exponentiations per party unlike the state-of-the-art ABAKE protocols where the number of exponentiations performed by each party depends on the size of the linear secret sharing matrix. We achieve this by doing appropriate precomputation of the secret share generation. Ours is the \textit{first} construction that achieves this property. Our scheme has several other advantages. The major one being the capability to handle active adversaries. Most of the previous ABAKE protocols can offer security only under passive adversaries. Our protocol recognizes the corruption by an active adversary and aborts the process. In addition to this property, our scheme satisfies other security properties that are not covered by CK model such as forward secrecy, key compromise impersonation attacks and ephemeral key compromise impersonation attacks
Functional Signcryption: Notion, Construction, and Applications
Functional encryption (FE) enables sophisticated control over decryption rights in a
multi-user scenario, while functional signature (FS) allows to enforce complex constraints on signing
capabilities. This paper introduces the concept of functional signcryption (FSC) that aims to
provide the functionalities of both FE and FS in an unified cost-effective primitive. FSC provides
a solution to the problem of achieving confidentiality and authenticity simultaneously in digital
communication and storage systems involving multiple users with better efficiency compared to a
sequential implementation of FE and FS. We begin by providing formal definition of FSC and formulating
its security requirements. Next, we present a generic construction of this challenging primitive
that supports arbitrary polynomial-size signing and decryption functions from known cryptographic
building blocks, namely, indistinguishability obfuscation (IO) and statistically simulation-sound noninteractive
zero-knowledge proof of knowledge (SSS-NIZKPoK). Finally, we exhibit a number of representative
applications of FSC: (I) We develop the first construction of attribute-based signcryption
(ABSC) supporting signing and decryption policies representable by general polynomial-size circuits
from FSC. (II) We show how FSC can serve as a tool for building SSS-NIZKPoK system and IO, a
result which in conjunction with our generic FSC construction can also be interpreted as establishing
an equivalence between FSC and the other two fundamental cryptographic primitives
Securing messaging services through efficient signcryption with designated equality test
National Research Foundation (NRF) Singapor
A Survey of Research Progress and Development Tendency of Attribute-Based Encryption
With the development of cryptography, the attribute-based encryption (ABE) draws widespread attention of the researchers in recent years. The ABE scheme, which belongs to the public key encryption mechanism, takes attributes as public key and associates them with the ciphertext or the user’s secret key. It is an efficient way to solve open problems in access control scenarios, for example, how to provide data confidentiality and expressive access control at the same time. In this paper, we survey the basic ABE scheme and its two variants: the key-policy ABE (KP-ABE) scheme and the ciphertext-policy ABE (CP-ABE) scheme. We also pay attention to other researches relating to the ABE schemes, including multiauthority, user/attribute revocation, accountability, and proxy reencryption, with an extensive comparison of their functionality and performance. Finally, possible future works and some conclusions are pointed out
Accountable privacy preserving attribute based framework for authenticated encrypted access in clouds
In this paper, we propose an accountable privacy
preserving attribute-based framework, called Ins-PAbAC, that
combines attribute based encryption and attribute based signature techniques for securely sharing outsourced data contents via
public cloud servers. The proposed framework presents several
advantages. First, it provides an encrypted access control feature,
enforced at the data owner’s side, while providing the desired
expressiveness of access control policies. Second, Ins-PAbAC
preserves users’ privacy, relying on an anonymous authentication
mechanism, derived from a privacy preserving attribute based
signature scheme that hides the users’ identifying information.
Furthermore, our proposal introduces an accountable attribute
based signature that enables an inspection authority to reveal
the identity of the anonymously-authenticated user if needed.
Third, Ins-PAbAC is provably secure, as it is resistant to both
curious cloud providers and malicious users adversaries. Finally,
experimental results, built upon OpenStack Swift testbed, point
out the applicability of the proposed scheme in real world
scenarios