Analysis of random oracle instantiation scenarios for OAEP and other practical schemes

www.fischlin.d

Boneh-Franklin Identity Based Encryption Revisited

Contains fulltext : 33216.pdf (preprint version ) (Open Access

Tighter Post-quantum Secure Encryption Schemes Using Semi-classical Oracles

Krüpteerimisprotokollide analüüsimiseks kasutatakse tihti juhusliku oraakli mudelit (JOM), aga postkvant turvaliste protokollide analüüs tuleb läbi viiakvant juhusliku oraakli mudelis (KJOM). Kuna paljudel tõestamise tehnikatel ei ole kvant juhusliku oraakli mudelis analoogi, on KJOMis raske töötada. Seda probleemi aitab lahendada One-Way to Hiding (O2H) Teoreem, mille Unruh tõestas 2015. aastal.Ambainis, Hamburg ja Unruh esitasid teoreemi täiustatud versiooni 2018. aastal. See kasutab poolklassikalisi oraakleid, millel on suurem paindlikkus ja tihedamad piirid. Täiustatud versioon võimaldab tugevdada kõigi protokollide turvalisust, mis kasutasid vana versiooni. Me võtame ühe artikli, kus kasutati vana O2H Teoreemi versiooni, ja tõestame protokollide turvalisuse uuesti kasutades poolklassikalisi oraakleid.The random oracle model (ROM) has been widely used for analyzing cryptographic schemes. In the real world, a quantum adversary equipped with a quantum computer can execute hash functions on an arbitrary superposition of inputs. Therefore, one needs to analyze the post-quantum security in the quantum random oracle model (QROM). Unfortunately, working in the QROM is quite difficult because many proof techniques in the ROM have no analogue in the QROM. A technique that can help solve this problem is the One-Way to Hiding (O2H) Theorem, which was first proven in 2015 by Unruh. In 2018, Ambainis, Hamburg and Unruh presented an improved version of the O2H Theorem which uses so called semi-classical oracles and has higher flexibilityand tighter bounds. This improvement of the O2H Theorem should allow us to derive better security bounds for most schemes that used the old version. We take one paper that used the old version of the O2H Theorem to prove the security of different schemes in the QROM and give new proofs using semi-classical oracles

New Security Definitions, Constructions and Applications of Proxy Re-Encryption

La externalización de la gestión de la información es una práctica cada vez más común, siendo la computación en la nube (en inglés, cloud computing) el paradigma más representativo. Sin embargo, este enfoque genera también preocupación con respecto a la seguridad y privacidad debido a la inherente pérdida del control sobre los datos. Las soluciones tradicionales, principalmente basadas en la aplicación de políticas y estrategias de control de acceso, solo reducen el problema a una cuestión de confianza, que puede romperse fácilmente por los proveedores de servicio, tanto de forma accidental como intencionada. Por lo tanto, proteger la información externalizada, y al mismo tiempo, reducir la confianza que es necesario establecer con los proveedores de servicio, se convierte en un objetivo inmediato. Las soluciones basadas en criptografía son un mecanismo crucial de cara a este fin. Esta tesis está dedicada al estudio de un criptosistema llamado recifrado delegado (en inglés, proxy re-encryption), que constituye una solución práctica a este problema, tanto desde el punto de vista funcional como de eficiencia. El recifrado delegado es un tipo de cifrado de clave pública que permite delegar en una entidad la capacidad de transformar textos cifrados de una clave pública a otra, sin que pueda obtener ninguna información sobre el mensaje subyacente. Desde un punto de vista funcional, el recifrado delegado puede verse como un medio de delegación segura de acceso a información cifrada, por lo que representa un candidato natural para construir mecanismos de control de acceso criptográficos. Aparte de esto, este tipo de cifrado es, en sí mismo, de gran interés teórico, ya que sus definiciones de seguridad deben balancear al mismo tiempo la seguridad de los textos cifrados con la posibilidad de transformarlos mediante el recifrado, lo que supone una estimulante dicotomía. Las contribuciones de esta tesis siguen un enfoque transversal, ya que van desde las propias definiciones de seguridad del recifrado delegado, hasta los detalles específicos de potenciales aplicaciones, pasando por construcciones concretas

SO-CCA Secure PKE in the Quantum Random Oracle Model or the Quantum Ideal Cipher Model

Selective opening (SO) security is one of the most important security notions of public key encryption (PKE) in a multi-user setting. Even though messages and random coins used in some ciphertexts are leaked, SO security guarantees the confidentiality of the other ciphertexts. Actually, it is shown that there exist PKE schemes which meet the standard security such as indistinguishability against chosen ciphertext attacks (IND-CCA security) but do not meet SO security against chosen ciphertext attacks. Hence, it is important to consider SO security in the multi-user setting. On the other hand, many researchers have studied cryptosystems in the security model where adversaries can submit quantum superposition queries (i.e., quantum queries) to oracles. In particular, IND-CCA secure PKE and KEM schemes in the quantum random oracle model have been intensively studied so far. In this paper, we show that two kinds of constructions of hybrid encryption schemes meet simulation-based SO security against chosen ciphertext attacks (SIM-SO-CCA security) in the quantum random oracle model or the quantum ideal cipher model. The first scheme is constructed from any IND-CCA secure KEM and any simulatable data encapsulation mechanism (DEM). The second one is constructed from any IND-CCA secure KEM based on Fujisaki-Okamoto transformation and any strongly unforgeable message authentication code (MAC). We can apply any IND-CCA secure KEM scheme to the first one if the underlying DEM scheme meets simulatability, whereas we can apply strongly unforgeable MAC to the second one if the underlying KEM is based on Fujisaki-Okamoto transformation

Post-Quantum Anonymity of Kyber

Kyber is a key-encapsulation mechanism (KEM) that was recently selected by NIST in its PQC standardization process; it is also the only scheme to be selected in the context of public-key encryption (PKE) and key establishment. The main security target for KEMs, and their associated PKE schemes, in the NIST PQC context has been IND-CCA security. However, some important modern applications also require their underlying KEMs/PKE schemes to provide anonymity (Bellare et al., ASIACRYPT 2001). Examples of such applications include anonymous credential systems, cryptocurrencies, broadcast encryption schemes, authenticated key exchange, and auction protocols. It is hence important to analyze the compatibility of NIST\u27s new PQC standard in such beyond IND-CCA applications. Some starting steps were taken by Grubbs et al. (EUROCRYPT 2022) and Xagawa (EUROCRYPT 2022) wherein they studied the anonymity properties of most NIST PQC third round candidate KEMs. Unfortunately, they were unable to show the anonymity of Kyber because of certain technical barriers. In this paper, we overcome said barriers and resolve the open problems posed by Grubbs et al. (EUROCRYPT 2022) and Xagawa (EUROCRYPT 2022) by establishing the anonymity of Kyber, and the (hybrid) PKE schemes derived from it, in a post-quantum setting. Along the way, we also provide an approach to obtain tight IND-CCA security proofs for Kyber with concrete bounds; this resolves another issue identified by the aforementioned works related to the post-quantum IND-CCA security claims of Kyber from a provable security point-of-view. Our results also extend to Saber, a NIST PQC third round finalist, in a similar fashion

Sequential Multiple Encryption: Security and Application

総

Chosen-Ciphertext Secure Fuzzy Identity-Based Key Encapsulation without ROM

We use hybrid encryption with Fuzzy Identity-Based Encryption (Fuzzy-IBE) schemes, and present the first and efficient fuzzy identity-based key encapsulation mechanism (Fuzzy-IB-KEM) schemes which are chosen-ciphertext secure (CCA) without random oracle in the selective-ID model. To achieve these goals, we consider Fuzzy-IBE schemes as consisting of separate key and data encapsulation mechanisms (KEM-DEM), and then give the definition of Fuzzy-IB-KEM. Our main idea is to enhance Sahai and Waters\u27 large universe construction (Sahai and Waters, 2005), chosen-plaintext secure (CPA) Fuzzy-IBE, by adding some redundant information to the ciphertext to make it CCA-secure

Quantum security proofs using semi-classical oracles

We present an improved version of the one-way to hiding (O2H) Theorem by Unruh, J ACM 2015. Our new O2H Theorem gives higher flexibility (arbitrary joint distributions of oracles and inputs, multiple reprogrammed points) as well as tighter bounds (removing square-root factors, taking parallelism into account). The improved O2H Theorem makes use of a new variant of quantum oracles, semi-classical oracles, where queries are partially measured. The new O2H Theorem allows us to get better security bounds in several public-key encryption schemes