Boneh-Franklin Identity Based Encryption Revisited

Contains fulltext : 33216.pdf (preprint version ) (Open Access

Analysis of random oracle instantiation scenarios for OAEP and other practical schemes

www.fischlin.d

Tighter Post-quantum Secure Encryption Schemes Using Semi-classical Oracles

Krüpteerimisprotokollide analüüsimiseks kasutatakse tihti juhusliku oraakli mudelit (JOM), aga postkvant turvaliste protokollide analüüs tuleb läbi viiakvant juhusliku oraakli mudelis (KJOM). Kuna paljudel tõestamise tehnikatel ei ole kvant juhusliku oraakli mudelis analoogi, on KJOMis raske töötada. Seda probleemi aitab lahendada One-Way to Hiding (O2H) Teoreem, mille Unruh tõestas 2015. aastal.Ambainis, Hamburg ja Unruh esitasid teoreemi täiustatud versiooni 2018. aastal. See kasutab poolklassikalisi oraakleid, millel on suurem paindlikkus ja tihedamad piirid. Täiustatud versioon võimaldab tugevdada kõigi protokollide turvalisust, mis kasutasid vana versiooni. Me võtame ühe artikli, kus kasutati vana O2H Teoreemi versiooni, ja tõestame protokollide turvalisuse uuesti kasutades poolklassikalisi oraakleid.The random oracle model (ROM) has been widely used for analyzing cryptographic schemes. In the real world, a quantum adversary equipped with a quantum computer can execute hash functions on an arbitrary superposition of inputs. Therefore, one needs to analyze the post-quantum security in the quantum random oracle model (QROM). Unfortunately, working in the QROM is quite difficult because many proof techniques in the ROM have no analogue in the QROM. A technique that can help solve this problem is the One-Way to Hiding (O2H) Theorem, which was first proven in 2015 by Unruh. In 2018, Ambainis, Hamburg and Unruh presented an improved version of the O2H Theorem which uses so called semi-classical oracles and has higher flexibilityand tighter bounds. This improvement of the O2H Theorem should allow us to derive better security bounds for most schemes that used the old version. We take one paper that used the old version of the O2H Theorem to prove the security of different schemes in the QROM and give new proofs using semi-classical oracles

New Security Definitions, Constructions and Applications of Proxy Re-Encryption

La externalización de la gestión de la información es una práctica cada vez más común, siendo la computación en la nube (en inglés, cloud computing) el paradigma más representativo. Sin embargo, este enfoque genera también preocupación con respecto a la seguridad y privacidad debido a la inherente pérdida del control sobre los datos. Las soluciones tradicionales, principalmente basadas en la aplicación de políticas y estrategias de control de acceso, solo reducen el problema a una cuestión de confianza, que puede romperse fácilmente por los proveedores de servicio, tanto de forma accidental como intencionada. Por lo tanto, proteger la información externalizada, y al mismo tiempo, reducir la confianza que es necesario establecer con los proveedores de servicio, se convierte en un objetivo inmediato. Las soluciones basadas en criptografía son un mecanismo crucial de cara a este fin. Esta tesis está dedicada al estudio de un criptosistema llamado recifrado delegado (en inglés, proxy re-encryption), que constituye una solución práctica a este problema, tanto desde el punto de vista funcional como de eficiencia. El recifrado delegado es un tipo de cifrado de clave pública que permite delegar en una entidad la capacidad de transformar textos cifrados de una clave pública a otra, sin que pueda obtener ninguna información sobre el mensaje subyacente. Desde un punto de vista funcional, el recifrado delegado puede verse como un medio de delegación segura de acceso a información cifrada, por lo que representa un candidato natural para construir mecanismos de control de acceso criptográficos. Aparte de esto, este tipo de cifrado es, en sí mismo, de gran interés teórico, ya que sus definiciones de seguridad deben balancear al mismo tiempo la seguridad de los textos cifrados con la posibilidad de transformarlos mediante el recifrado, lo que supone una estimulante dicotomía. Las contribuciones de esta tesis siguen un enfoque transversal, ya que van desde las propias definiciones de seguridad del recifrado delegado, hasta los detalles específicos de potenciales aplicaciones, pasando por construcciones concretas

SO-CCA Secure PKE in the Quantum Random Oracle Model or the Quantum Ideal Cipher Model

Selective opening (SO) security is one of the most important security notions of public key encryption (PKE) in a multi-user setting. Even though messages and random coins used in some ciphertexts are leaked, SO security guarantees the confidentiality of the other ciphertexts. Actually, it is shown that there exist PKE schemes which meet the standard security such as indistinguishability against chosen ciphertext attacks (IND-CCA security) but do not meet SO security against chosen ciphertext attacks. Hence, it is important to consider SO security in the multi-user setting. On the other hand, many researchers have studied cryptosystems in the security model where adversaries can submit quantum superposition queries (i.e., quantum queries) to oracles. In particular, IND-CCA secure PKE and KEM schemes in the quantum random oracle model have been intensively studied so far. In this paper, we show that two kinds of constructions of hybrid encryption schemes meet simulation-based SO security against chosen ciphertext attacks (SIM-SO-CCA security) in the quantum random oracle model or the quantum ideal cipher model. The first scheme is constructed from any IND-CCA secure KEM and any simulatable data encapsulation mechanism (DEM). The second one is constructed from any IND-CCA secure KEM based on Fujisaki-Okamoto transformation and any strongly unforgeable message authentication code (MAC). We can apply any IND-CCA secure KEM scheme to the first one if the underlying DEM scheme meets simulatability, whereas we can apply strongly unforgeable MAC to the second one if the underlying KEM is based on Fujisaki-Okamoto transformation

Post-Quantum Anonymity of Kyber

Kyber is a key-encapsulation mechanism (KEM) that was recently selected by NIST in its PQC standardization process; it is also the only scheme to be selected in the context of public-key encryption (PKE) and key establishment. The main security target for KEMs, and their associated PKE schemes, in the NIST PQC context has been IND-CCA security. However, some important modern applications also require their underlying KEMs/PKE schemes to provide anonymity (Bellare et al., ASIACRYPT 2001). Examples of such applications include anonymous credential systems, cryptocurrencies, broadcast encryption schemes, authenticated key exchange, and auction protocols. It is hence important to analyze the compatibility of NIST\u27s new PQC standard in such beyond IND-CCA applications. Some starting steps were taken by Grubbs et al. (EUROCRYPT 2022) and Xagawa (EUROCRYPT 2022) wherein they studied the anonymity properties of most NIST PQC third round candidate KEMs. Unfortunately, they were unable to show the anonymity of Kyber because of certain technical barriers. In this paper, we overcome said barriers and resolve the open problems posed by Grubbs et al. (EUROCRYPT 2022) and Xagawa (EUROCRYPT 2022) by establishing the anonymity of Kyber, and the (hybrid) PKE schemes derived from it, in a post-quantum setting. Along the way, we also provide an approach to obtain tight IND-CCA security proofs for Kyber with concrete bounds; this resolves another issue identified by the aforementioned works related to the post-quantum IND-CCA security claims of Kyber from a provable security point-of-view. Our results also extend to Saber, a NIST PQC third round finalist, in a similar fashion

Asynchronous distributed private-key generators for identity-based cryptography

An identity-based encryption (IBE) scheme can greatly reduce the complexity of sending encrypted messages over the Internet. However, an IBE scheme necessarily requires a private-key generator (PKG), which can create private keys for clients, and so can passively eavesdrop on all encrypted communications. Although a distributed PKG has been suggested as a way to mitigate this problem for Boneh and Franklin’s IBE scheme, the security of this distributed protocol has not been proven and the proposed solution does not work over the asynchronous Internet. Further, a distributed PKG has not been considered for any other IBE scheme. In this paper, we design distributed PKG setup and private key extraction protocols in an asynchronous communication model for three important IBE schemes; namely, Boneh and Franklin’s IBE, Sakai and Kasahara’s IBE, and Boneh and Boyen’s BB1-IBE. We give special attention to the applicability of our protocols to all possible types of bilinear pairings and prove their IND-ID-CCA security in the random oracle model. Finally, we also perform a comparative analysis of these protocols and present recommendations for their use.

Generic Constructions of Biometric Identity Based Encryption Systems

Abstract. In this paper, we present a novel framework for the generic construction of biometric Identity Based Encryption (IBE) schemes, which do not require bilinear pairings and result in more efficient schemes than existing fuzzy IBE systems implemented for biometric identities. Also, we analyze the security properties that are specific to biometric IBE namely anonymity and identity privacy. Considering these notions, we present generic constructions for biometric IBE and ID-KEM based on weakly secure anonymous IBE schemes, error correcting codes and generic conversion schemes. Finally, we describe concrete applications of our framework and compare them to the existing fuzzy IBE systems in terms of time complexity

TiGER: Tiny bandwidth key encapsulation mechanism for easy miGration based on RLWE(R)

The quantum resistance Key Encapsulation Mechanism (PQC-KEM) design aims to replace cryptography in legacy security protocols. It would be nice if PQC-KEM were faster and lighter than ECDH or DH for easy migration to legacy security protocols. However, it seems impossible due to the temperament of the secure underlying problems in a quantum environment. Therefore, it makes reason to determine the threshold of the scheme by analyzing the maximum bandwidth the legacy security protocol can adapt. We specified the bandwidth threshold at 1,244 bytes based on IKEv2 (RFC7296), a security protocol with strict constraints on payload size in the initial exchange for secret key sharing. We propose TiGER that is an IND-CCA secure KEM based on RLWE(R). TiGER has a ciphertext (1,152bytes) and a public key (928 bytes) smaller than 1,244 bytes, even at the AES256 security level. To our knowledge, TiGER is the only scheme with such an achievement. Also, TiGER satisfies security levels 1, 3, and 5 of NIST competition. Based on reference implementation, TiGER is 1.7-2.6x faster than Kyber and 2.2-4.4x faster than LAC