Fuzzy Identity Based Encryption from Lattices

Cryptosystems based on the hardness of lattice problems have recently acquired much importance due to their average-case to worst-case equivalence, their conjectured resistance to quantum cryptanalysis, their ease of implementation and increasing practicality, and, lately, their promising potential as a platform for constructing advanced functionalities. In this work, we construct “Fuzzy” Identity Based Encryption from the hardness of the standard Learning With Errors (LWE) problem. We give CPA and CCA secure variants of our construction, for small and large universes of attributes. All are secure against selective-identity attacks in the standard model. Our construction is made possible by observing certain special properties that secret sharing schemes need to satisfy in order to be useful for Fuzzy IBE. We discuss why further extensions are not as easy as they may seem. As such, ours is among the first examples of advanced-functionality cryptosystem from lattices that goes “beyond IBE”

URDP: General Framework for Direct CCA2 Security from any Lattice-Based PKE Scheme

Design efficient lattice-based cryptosystem secure against adaptive chosen ciphertext attack (IND-CCA2) is a challenge problem. To the date, full CCA2-security of all proposed lattice-based PKE schemes achieved by using a generic transformations such as either strongly unforgeable one-time signature schemes (SU-OT-SS), or a message authentication code (MAC) and weak form of commitment. The drawback of these schemes is that encryption requires "separate encryption". Therefore, the resulting encryption scheme is not sufficiently efficient to be used in practice and it is inappropriate for many applications such as small ubiquitous computing devices with limited resources such as smart cards, active RFID tags, wireless sensor networks and other embedded devices. In this work, for the first time, we introduce an efficient universal random data padding (URDP) scheme, and show how it can be used to construct a "direct" CCA2-secure encryption scheme from "any" worst-case hardness problems in (ideal) lattice in the standard model, resolving a problem that has remained open till date. This novel approach is a "black-box" construction and leads to the elimination of separate encryption, as it avoids using general transformation from CPA-secure scheme to a CCA2-secure one. IND-CCA2 security of this scheme can be tightly reduced in the standard model to the assumption that the underlying primitive is an one-way trapdoor function.Comment: arXiv admin note: text overlap with arXiv:1302.0347, arXiv:1211.6984; and with arXiv:1205.5224 by other author

Fuzzy Identity Based Encryption with a flexible threshold value

The issue of data and information security on the internet and social network has become more serious and pervasive in recent years. Cryptography is used to solve security problems. However, message encryption cannot merely meet the intended goals because access control over the encrypted messages is required in some applications. To achieve these requirements, attribute-based encryption (ABE) is used. This type of encryption provides both security and access structure for the network users simultaneously. Fuzzy Identity-Based Encryption (FIBE) is a special mode of ABE that provides a threshold access structure for the users. This threshold value is set by the authority for users, which is always fixed and cannot be changed. So, the sender (encryptor) will not play a role in determining the threshold value. The mentioned issue exists also in Key Policy Attribute Based Encryption (KP-ABE) schemes. In this paper, we present a FIBE scheme in addition to the authority, the sender also plays a role in determining the threshold value. Thus, the policy will be more flexible than previous FIBE schemes in that the threshold value is selected only by the authority. We can call the proposed scheme a dual-policy ABE. The proposed technique for flexibility of threshold value can be applied in most of the existing KP-ABE schemes. We use the (indistinguishable) selective security model for security proof. The hardness assumption that we use is the modified bilinear decision Diffie-Hellman problem

Ciphertext Policy Attribute Based Encryption for Arithmetic circuits

Applying access structure to encrypted sensitive data is one of the challenges in communication networks and cloud computing. Various methods have been proposed to achieve this goal, one of the most interesting of which is Attribute-Based Encryption (ABE). In ABE schemes, the access structure, which is defined as a policy, can be applied to the key or ciphertext. Thus, if the policy is applied to the key, it is called the Key Policy Attribute-Based Encryption (KP-ABE), and on the other hand, if it is applied to the ciphertext, it is called the Ciphertext Policy Attribute-Based Encryption (CP-ABE). Since in the KP-ABE, the policy is selected once by a trusted entity and is fixed then, they are not suitable for applications where the policy needs to change repeatedly. This problem is solved in CP-ABE, where the policy is selected by the sender and changed for each message. Furthermore, the access structure should present a strong fine-grained access control. The arithmetic access structure can supply fine-grained access structures stronger than Boolean access structures. We present the first CP-ABE scheme with an arithmetic circuit access policy based on the multilinear maps. First, we outline a basic design and then two improved versions of this scheme, with or without the property of hidden attributes, are introduced. We also define the concept of Hidden Result Attribute Based Encryption (HR-ABE) which means that the result of the arithmetic function will not be revealed to the users. We define a new hardness assumption, called the (k-1)-Distance Decisional Diffie-Hellman assumption, which is at least as hard as the k-multilinear decisional Diffie-Hellman assumption. Under this assumption, we prove the adaptive security of the proposed scheme

Functional Encryption as Mediated Obfuscation

We introduce a new model for program obfuscation, called mediated obfuscation. A mediated obfuscation is a 3-party protocol for evaluating an obfuscated program that requires minimal interaction and limited trust. The party who originally supplies the obfuscated program need not be online when the client wants to evaluate the program. A semi-trusted third-party mediator allows the client to evaluate the program, while learning nothing about the obfuscated program or the client’s inputs and outputs. Mediated obfuscation would provide the ability for a software vendor to safely outsource the less savory aspects (like accounting of usage statistics, and remaining online to facilitate access) of “renting out” access to proprietary software. We give security definitions for this new obfuscation paradigm, and then present a simple and generic construction based on functional encryption. If a functional encryption scheme supports decryption functionality F (m, k), then our construction yields a mediated obfuscation of the class of functions {F (m, ·) | m}. In our construction, the interaction between the client and the mediator is minimal (much more efficient than a general- purpose multi-party computation protocol). Instantiating with existing FE constructions, we achieve obfuscation for point-functions with output (under a strong “virtual black-box” notion of security), and a general feasibility result for obfuscating conjunctive normal form and disjunctive normal form formulae (under a weaker “semantic” notion of security). Finally, we use mediated obfuscation to illustrate a connection between worst-case and average-case static obfuscation. In short, an average-case (static) obfuscation of some component of a suitable functional encryption scheme yields a worst-case (static) obfuscation for a related class of functions. We use this connection to demonstrate new impossibility results for average-case (static) obfuscation

Directly revocable ciphertext-policy attribute-based encryption from lattices

Attribute-based encryption (ABE) is a promising type of cryptosystem achieving fine-grained access control on encrypted data. Revocable attribute-based encryption (RABE) is an extension of ABE that provides revocation mechanisms when user\u27s attributes change, key exposure, and so on. In this paper, we propose two directly revocable ciphertext-policy attribute-based encryption (DR-ABE) schemes from lattices, which support flexible threshold access policies on multi-valued attributes, achieving user-level and attribute-level user revocation, respectively. Specifically, the revocation list is defined and embedded into the ciphertext by the message sender to revoke a user in the user-level revocable scheme or revoke some attributes of a certain user in the attribute-level revocable scheme. We also discuss how to outsource decryption and reduce the workload for the end user. Our schemes are proved to be secure in the standard model, assuming the hardness of the learning with errors (LWE) problem

Encriptação com predicados baseada em reticulados

Orientadores: Ricardo Dahab, Michel AbdallaTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Em um sistema de criptografia funcional, uma autoridade de posse de uma chave mestra pode gerar uma chave secreta que permite o cálculo de uma função sobre a mensagem nos dados criptografados. Assim, é possível calcular tal função no texto cifrado usando somente a chave secreta. Exemplos importantes de criptografia funcional são Criptografia Baseada em Identidades, Criptografia Baseada em Atributos, Criptografia com Produto Escalar, Criptografia Difusa Baseada em Identidades, Criptografia de Vector Oculto, Criptografia Baseada em Certificados, Criptografia com Pesquisa de Palavra-Chave e Criptografia Baseada em Identidades com Curinga. Esquemas de criptografia com predicados são uma especialização de esquemas de criptografia funcionais, em que a função utilizada não fornece informações sobre a mensagem, mas determina se a decriptação deve ou não funcionar corretamente. Criptografia baseada em reticulados é uma importante alternativa para os principais sistemas criptográficos utilizados atualmente, uma vez que elas são supostamente seguras contra algoritmos quânticos. O Algoritmo de Shor é capaz de resolver o Problema da Fatoração Inteira e o Problema do Logaritmo Discreto em tempo polinomial em um computador quântico, quebrando os sistemas criptográficos mais usados e importantes atualmente, como o RSA, o Diffie-Hellman e a Criptografia de Curvas Elípticas. Neste trabalho nos concentramos em esquemas de criptografia com predicados baseados em reticulados. Nós estudamos e descrevemos os principais sistemas baseados em reticulados encontrados na literatura, estendendo-os a versões hierárquicas e mostrando como o uso de um reticulado com estrutura ideal afeta a prova de segurança. Para cada esquema, uma prova formal de segurança é detalhada, as análises de complexidade e do tamanho das variáveis são mostradas e a escolha dos parâmetros garantindo o funcionamento correto da decriptação é dadaAbstract: In a functional encryption system, an authority holding a master secret key can generate a key that enables the computation of some function on the encrypted data. Then, using the secret key the decryptor can compute the function from the ciphertext. Important examples of functional encryption are Identity-Based Encryption, Attribute-Based Encryption, Inner Product Encryption, Fuzzy Identity-Based Encryption, Hidden Vector Encryption, Certificate-Based Encryption, Public Key Encryption with Keyword Search and Identity-Based Encryption with Wildcards. Predicate encryption schemes are a specialization of functional encryption schemes, in which the function does not give information of the plaintext, but it determines whether the decryption should or should not work properly. Lattice-Based Cryptography is an important alternative to the main cryptographic systems used today, since they are conjectured to be secure against quantum algorithms. Shor's algorithm is capable of solving the Integer Factorization Problem and the Discrete Logarithm Problem in polynomial time on a quantum computer, breaking the most used and important cryptosystems such as RSA, Diffie-Hellman and Elliptic Curve Cryptography. In this work we focus on Lattice-Based Predicate Encryption. We study and describe the main lattice-based schemes found in the literature, extending them to hierarchical versions and showing how the use of ideal lattice affects their security proof. For each scheme, a formal proof of security is detailed, analyses of complexity and variable's size are shown and the parameter's choice ensuring that the decryption works correctly is givenDoutoradoCiência da ComputaçãoDoutora em Ciência da Computaçã