Generic Methods to Achieve Tighter Security Reductions for a Category of IBE Schemes

We show that Katz-Wang's duplicating key and ciphertext technique can be extended to a generic method that can be used in a certain category of Identity-Based Encryption (IBE) schemes for the purposes of improving their security reductions. We further develop two refined approaches by adapting the randomness reuse technique in the Katz-Wang technique: one is public key duplication, and the other is master key duplication. Compared to the Katz-Wang technique, our two refined approaches do not only improve the performances of the resulting IBE schemes but also enable a reduction algorithm to deal with decryption queries correctly and therefore can achieve chosen ciphertext security. As case studies, we apply these two approaches to modify the Boneh-Franklin IBE scheme and the Boneh-Boyen IBE scheme, respectively. Both of the modifications improve the tightness of security reductions, compared to the original schemes, with a reasonably low cost.http://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcApp=PARTNER_APP&SrcAuth=LinksAMR&KeyUT=WOS:000306288000004&DestLinkType=FullRecord&DestApp=ALL_WOS&UsrCustomerID=8e1609b174ce4e31116a60747a720701Computer Science, Information SystemsComputer Science, Theory & MethodsEICPCI-S(ISTP)

Simulation without the Artificial Abort: Simplified Proof and Improved Concrete Security for Waters\u27 IBE Scheme

Waters\u27 variant of the Boneh-Boyen IBE scheme is attractive because of its efficency, applications, and security attributes,but suffers from a relatively complex proof with poor concrete security. This is due in part to the proof\u27s ``artificial abort\u27\u27 step, which has then been inherited by numerous derivative works. It has often been asked whether this step is necessary. We show that it is not, providing a new proof that eliminates this step. The new proof is not only simpler than the original one but offers better concrete security for important ranges of the parameters. As a result, one can securely use smaller groups, resulting in significant efficiency improvements

Pairing-based cryptosystems and key agreement protocols.

For a long time, pairings on elliptic curves have been considered to be destructive in elliptic curve cryptography. Only recently after some pioneering works, particularly the well-known Boneh-Franklin identity-based encryption (IBE), pairings have quickly become an important tool to construct novel cryptographic schemes. In this thesis, several new cryptographic schemes with pairings are proposed, which are both efficient and secure with respect to a properly defined security model, and some relevant previous schemes are revisited. IBE provides a public key encryption mechanism where a public key can be an arbitrary string such as an entity identifier and unwieldy certificates are unnecessary. Based on the Sakai-Kasahara key construction, an IBE scheme which is secure in the Boneh-Franklin IBE model is constructed, and two identity-based key encapsulation mechanisms are proposed. These schemes achieve the best efficiency among the existing schemes to date. Recently Al-Riyami and Paterson introduced the certificateless public key encryption (CL-PKE) paradigm, which eliminates the need of certificates and at the same time retains the desirable properties of IBE without the key escrow problem. The security formulation of CL-PKE is revisited and a strong security model for this type of mechanism is defined. Following a heuristic approach, three efficient CL-PKE schemes which are secure in the defined strong security model are proposed. Identity-based two-party key agreement protocols from pairings are also investigated. The Bellare-Rogaway key agreement model is enhanced and within the model several previously unproven protocols in the literature are formally analysed. In considering that the user identity may be sensitive information in many environments, an identity-based key agreement protocol with unilateral identity privacy is proposed

Pairing-based cryptosystems and key agreement protocols

For a long time, pairings on elliptic curves have been considered to be destructive in elliptic curve cryptography. Only recently after some pioneering works, particularly the well-known Boneh-Franklin identity-based encryption (IBE), pairings have quickly become an important tool to construct novel cryptographic schemes. In this thesis, several new cryptographic schemes with pairings are proposed, which are both efficient and secure with respect to a properly defined security model, and some relevant previous schemes are revisited. IBE provides a public key encryption mechanism where a public key can be an arbitrary string such as an entity identifier and unwieldy certificates are unnecessary. Based on the Sakai-Kasahara key construction, an IBE scheme which is secure in the Boneh-Franklin IBE model is constructed, and two identity-based key encapsulation mechanisms are proposed. These schemes achieve the best efficiency among the existing schemes to date. Recently Al-Riyami and Paterson introduced the certificateless public key encryption (CL-PKE) paradigm, which eliminates the need of certificates and at the same time retains the desirable properties of IBE without the key escrow problem. The security formulation of CL-PKE is revisited and a strong security model for this type of mechanism is defined. Following a heuristic approach, three efficient CL-PKE schemes which are secure in the defined strong security model are proposed. Identity-based two-party key agreement protocols from pairings are also investigated. The Bellare-Rogaway key agreement model is enhanced and within the model several previously unproven protocols in the literature are formally analysed. In considering that the user identity may be sensitive information in many environments, an identity-based key agreement protocol with unilateral identity privacy is proposed.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Biometric Cryptosystems : Authentication, Encryption and Signature for Biometric Identities

Biometrics have been used for secure identification and authentication for more than two decades since biometric data is unique, non-transferable, unforgettable, and always with us. Recently, biometrics has pervaded other aspects of security applications that can be listed under the topic of ``Biometric Cryptosystems''. Although the security of some of these systems is questionable when they are utilized alone, integration with other technologies such as digital signatures or Identity Based Encryption (IBE) schemes results in cryptographically secure applications of biometrics. It is exactly this field of biometric cryptosystems that we focused in this thesis. In particular, our goal is to design cryptographic protocols for biometrics in the framework of a realistic security model with a security reduction. Our protocols are designed for biometric based encryption, signature and remote authentication. We first analyze the recently introduced biometric remote authentication schemes designed according to the security model of Bringer et al.. In this model, we show that one can improve the database storage cost significantly by designing a new architecture, which is a two-factor authentication protocol. This construction is also secure against the new attacks we present, which disprove the claimed security of remote authentication schemes, in particular the ones requiring a secure sketch. Thus, we introduce a new notion called ``Weak-identity Privacy'' and propose a new construction by combining cancelable biometrics and distributed remote authentication in order to obtain a highly secure biometric authentication system. We continue our research on biometric remote authentication by analyzing the security issues of multi-factor biometric authentication (MFBA). We formally describe the security model for MFBA that captures simultaneous attacks against these systems and define the notion of user privacy, where the goal of the adversary is to impersonate a client to the server. We design a new protocol by combining bipartite biotokens, homomorphic encryption and zero-knowledge proofs and provide a security reduction to achieve user privacy. The main difference of this MFBA protocol is that the server-side computations are performed in the encrypted domain but without requiring a decryption key for the authentication decision of the server. Thus, leakage of the secret key of any system component does not affect the security of the scheme as opposed to the current biometric systems involving cryptographic techniques. We also show that there is a tradeoff between the security level the scheme achieves and the requirement for making the authentication decision without using any secret key. In the second part of the thesis, we delve into biometric-based signature and encryption schemes. We start by designing a new biometric IBS system that is based on the currently most efficient pairing based signature scheme in the literature. We prove the security of our new scheme in the framework of a stronger model compared to existing adversarial models for fuzzy IBS, which basically simulates the leakage of partial secret key components of the challenge identity. In accordance with the novel features of this scheme, we describe a new biometric IBE system called as BIO-IBE. BIO-IBE differs from the current fuzzy systems with its key generation method that not only allows for a larger set of encryption systems to function for biometric identities, but also provides a better accuracy/identification of the users in the system. In this context, BIO-IBE is the first scheme that allows for the use of multi-modal biometrics to avoid collision attacks. Finally, BIO-IBE outperforms the current schemes and for small-universe of attributes, it is secure in the standard model with a better efficiency compared to its counterpart. Another contribution of this thesis is the design of biometric IBE systems without using pairings. In fact, current fuzzy IBE schemes are secure under (stronger) bilinear assumptions and the decryption of each message requires pairing computations almost equal to the number of attributes defining the user. Thus, fuzzy IBE makes error-tolerant encryption possible at the expense of efficiency and security. Hence, we design a completely new construction for biometric IBE based on error-correcting codes, generic conversion schemes and weakly secure anonymous IBE schemes that encrypt a message bit by bit. The resulting scheme is anonymous, highly secure and more efficient compared to pairing-based biometric IBE, especially for the decryption phase. The security of our generic construction is reduced to the security of the anonymous IBE scheme, which is based on the Quadratic Residuosity assumption. The binding of biometric features to the user's identity is achieved similar to BIO-IBE, thus, preserving the advantages of its key generation procedure

User-Controlled Computations in Untrusted Computing Environments

Computing infrastructures are challenging and expensive to maintain. This led to the growth of cloud computing with users renting computing resources from centralized cloud providers. There is also a recent promise in providing decentralized computing resources from many participating users across the world. The compute on your own server model hence is no longer prominent. But, traditional computer architectures, which were designed to give a complete power to the owner of the computing infrastructure, continue to be used in deploying these new paradigms. This forces users to completely trust the infrastructure provider on all their data. The cryptography and security community research two different ways to tackle this problem. The first line of research involves developing powerful cryptographic constructs with formal security guarantees. The primitive of functional encryption (FE) formalizes the solutions where the clients do not interact with the sever during the computation. FE enables a user to provide computation-specific secret keys which the server can use to perform the user specified computations (and only those) on her encrypted data. The second line of research involves designing new hardware architectures which remove the infrastructure owner from the trust base. The solutions here tend to have better performance but their security guarantees are not well understood. This thesis provides contributions along both lines of research. In particular, 1) We develop a (single-key) functional encryption construction where the size of secret keys do not grow with the size of descriptions of the computations, while also providing a tighter security reduction to the underlying computational assumption. This construction supports the computation class of branching programs. Previous works for this computation class achieved either short keys or tighter security reductions but not both. 2) We formally model the primitive of trusted hardware inspired by Intel's Software Guard eXtensions (SGX). We then construct an FE scheme in a strong security model using this trusted hardware primitive. We implement this construction in our system Iron and evaluate its performance. Previously, the constructions in this model relied on heavy cryptographic tools and were not practical. 3) We design an encrypted database system StealthDB that provides complete SQL support. StealthDB is built on top of Intel SGX and designed with the usability and security limitations of SGX in mind. The StealthDB implementation on top of Postgres achieves practical performance (30% overhead over plaintext evaluation) with strong leakage profile against adversaries who get snapshot access to the memory of the system. It achieves a more gradual degradation in security against persistent adversaries than the prior designs that aimed at practical performance and complete SQL support. We finally survey the research on providing security against quantum adversaries to the building blocks of SGX

Dual System Framework in Multilinear Settings and Applications to Fully Secure (Compact) ABE for Unbounded-Size Circuits

We propose a new generic framework for constructing fully secure attribute based encryption (ABE) in multilinear settings. It is applicable in a generic manner to any predicates. Previous generic frameworks of this kind are given only in bilinear group settings, where applicable predicate classes are limited. Our framework provides an abstraction of dual system paradigms over composite-order graded multilinear encoding schemes in a black-box manner. As applications, we propose new fully secure ABE systems for general predicates, namely, ABE for circuits. We obtain two schemes for each of key-policy (KP) and ciphertext-policy (CP) variants of ABE. All of our four fully secure schemes can deal with unbounded-size circuits, while enjoy succinctness, meaning that the key and ciphertext sizes are (less than or) proportional to corresponding circuit sizes. In the CP-ABE case, no scheme ever achieves such properties, even when considering selectively secure systems. Furthermore, our second KP-ABE achieves constant-size ciphertexts, whereas our second CP-ABE achieves constant-size keys. Previous ABE systems for circuits are either selectively secure (Gorbunov et al. STOC\u2713, Garg et al. Crypto\u2713, and subsequent works), or semi-adaptively secure (Brakerski and Vaikuntanathan Crypto\u2716), or fully-secure but not succinct and restricted to bounded-size circuits (Garg et al. ePrint 2014/622, and Garg et al. TCC\u2716-A)

Studies on the Security of Selected Advanced Asymmetric Cryptographic Primitives

The main goal of asymmetric cryptography is to provide confidential communication, which allows two parties to communicate securely even in the presence of adversaries. Ever since its invention in the seventies, asymmetric cryptography has been improved and developed further, and a formal security framework has been established around it. This framework includes different security goals, attack models, and security notions. As progress was made in the field, more advanced asymmetric cryptographic primitives were proposed, with other properties in addition to confidentiality. These new primitives also have their own definitions and notions of security. This thesis consists of two parts, where the first relates to the security of fully homomorphic encryption and related primitives. The second part presents a novel cryptographic primitive, and defines what security goals the primitive should achieve. The first part of the thesis consists of Article I, II, and III, which all pertain to the security of homomorphic encryption schemes in one respect or another. Article I demonstrates that a particular fully homomorphic encryption scheme is insecure in the sense that an adversary with access only to the public material can recover the secret key. It is also shown that this insecurity mainly stems from the operations necessary to make the scheme fully homomorphic. Article II presents an adaptive key recovery attack on a leveled homomorphic encryption scheme. The scheme in question claimed to withstand precisely such attacks, and was the only scheme of its kind to do so at the time. This part of the thesis culminates with Article III, which is an overview article on the IND-CCA1 security of all acknowledged homomorphic encryption schemes. The second part of the thesis consists of Article IV, which presents Vetted Encryption (VE), a novel asymmetric cryptographic primitive. The primitive is designed to allow a recipient to vet who may send them messages, by setting up a public filter with a public verification key, and providing each vetted sender with their own encryption key. There are three different variants of VE, based on whether the sender is identifiable to the filter and/or the recipient. Security definitions, general constructions and comparisons to already existing cryptographic primitives are provided for all three variants.Doktorgradsavhandlin

Symbolic Proofs for Lattice-Based Cryptography

International audienceSymbolic methods have been used extensively for proving security of cryptographic protocols in the Dolev-Yao model, and more recently for proving security of cryptographic primitives and constructions in the computational model. However, existing methods for proving security of cryptographic constructions in the computational model often require significant expertise and interaction, or are fairly limited in scope and expressivity. This paper introduces a symbolic approach for proving security of cryptographic constructions based on the Learning With Errors assumption (Regev, STOC 2005). Such constructions are instances of lattice-based cryptography and are extremely important due to their potential role in post-quantum cryptography. Following (Barthe, Grégoire and Schmidt, CCS 2015), our approach combines a computational logic and deducibility problems-a standard tool for representing the adversary's knowledge, the Dolev-Yao model. The computational logic is used to capture (indistinguishability-based) security notions and drive the security proofs whereas deducibility problems are used as side-conditions to control that rules of the logic are applied correctly. We then use AutoLWE, an implementation of the logic, to deliver very short or even automatic proofs of several emblematic constructions, including CPA-PKE (Gentry et al., STOC 2008), (Hierarchical) Identity-Based Encryption (Agrawal et al. Eurocrypt 2010), Inner Product Encryption (Agrawal et al. Asiacrypt 2011), CCA-PKE (Micciancio et al., Eurocrypt 2012). The main technical novelty beyond AutoLWE is a set of (semi-)decision procedures for deducibility problems, using extensions of Gröbner basis computations for subalgebras in the (non-)commutative setting (instead of ideals in the commutative setting). Our procedures cover the theory of matrices, which is required for lattice-based assumption, as well as the theory of non-commutative rings, fields, and Diffie-Hellman exponentiation, in its standard, bilinear and mul-tilinear forms. Additionally, AutoLWE supports oracle-relative assumptions , which are used specifically to apply (advanced forms of) the Leftover Hash Lemma, an information-theoretical tool widely used in lattice-based proofs