Identity-Based Key Aggregate Cryptosystem from Multilinear Maps

The key-aggregate cryptosystem~(KAC) proposed by Chu et al. in 2014 offers a solution to the flexible access delegation problem in shared data environments such as the cloud. KAC allows a data owner, owning $N$ classes of encrypted data, to securely grant access to any subset $S$ of these data classes among a subset $\hat{S}$ of data users, via a single low overhead \emph{aggregate key} $K_{\mathcal{S}}$. Existing constructions for KAC are efficient in so far they achieve constant size ciphertexts and aggregate keys. But they resort to a public parameter that has size linear in the number of data classes $N$, and require $O(M\u27M)$ secure channels for distribution of aggregate keys in a system with $M\u27$ data owners and $M$ data users. In this paper, we propose three different multilinear-map based KAC constructions that have at most polylogarithmic overhead for both ciphertexts and public parameters, and generate constant size aggregate keys. We further demonstrate how the aggregate keys may be efficiently broadcast among any arbitrary size subset of $M$ data users using only $O(M\u27+M)$ secure channels, in a system with $M\u27$ data owners. Our constructions are secure in the generic multilinear group model and are fully collusion resistant against any number of colluding parties. In addition, they naturally give rise to \emph{identity based} secure access delegation schemes

多人数署名の証明可能安全性に関する研究

筑波大学 (University of Tsukuba)201

Revocable Key-Aggregate Cryptosystem for Data Sharing in Cloud

With the rapid development of network and storage technology, cloud storage has become a new service mode, while data sharing and user revocation are important functions in the cloud storage. Therefore, according to the characteristics of cloud storage, a revocable key-aggregate encryption scheme is put forward based on subset-cover framework. The proposed scheme not only has the key-aggregate characteristics, which greatly simplifies the user’s key management, but also can revoke user access permissions, realizing the flexible and effective access control. When user revocation occurs, it allows cloud server to update the ciphertext so that revoked users can not have access to the new ciphertext, while nonrevoked users do not need to update their private keys. In addition, a verification mechanism is provided in the proposed scheme, which can verify the updated ciphertext and ensure that the user revocation is performed correctly. Compared with the existing schemes, this scheme can not only reduce the cost of key management and storage, but also realize user revocation and achieve user’s access control efficiently. Finally, the proposed scheme can be proved to be selective chosen-plaintext security in the standard model

Multilinear Maps in Cryptography

Multilineare Abbildungen spielen in der modernen Kryptographie eine immer bedeutendere Rolle. In dieser Arbeit wird auf die Konstruktion, Anwendung und Verbesserung von multilinearen Abbildungen eingegangen

Data Sharing and Access Using Aggregate Key Concept

Cloud Storage is a capacity of information online in the cloud, which is available from different and associated assets. Distributed storage can provide high availability and consistent quality, reliable assurance, debacle free restoration, and reduced expense. Distributed storage has imperative usefulness, i.e., safely, proficiently, adaptably offering information to others. Data privacy is essential in the cloud to ensure that the user’s identity is not leaked to unauthorized persons. Using the cloud, anyone can share and store the data, as much as they want. To share the data in a secure way, cryptography is very useful. By using different encryption techniques, a user can store data in the cloud. Encryption and decryption keys are created for unique data that the user provides. Only a particular set of decryption keys are shared so that the data can be decrypted. A public–key encryption system which is called a Key-Aggregate cryptosystem (KAC) is presented. This system produces constant size ciphertexts. Any arrangement of secret keys can be aggregated and make them into a single key, which has the same power of the keys that are being used. This total key can then be sent to the others for decoding of a ciphertext set and remaining encoded documents outside the set stays private. The project presented in this paper is an implementation of the proposed system

Mathematics and Cryptography: A Marriage of Convenience?

Mathematics and cryptography have a long history together, with the ups and downs inherent in any long relationship. Whether it is a marriage of convenience or a love match, their progeny have lives of their own and have had an impact on the world. This invited lecture will briefly recall some high points from the past, give speculation and encouragement for the future of this marriage, and give counseling on how to improve communication, resolve conflicts, and play well together, based on personal experience and lessons learned

New multilinear maps from ideal lattices

Recently, Hu and Jia presented an efficient attack on the GGH13 map. They show that the MPKE and WE based on GGH13 with public tools of encoding are not secure. Currently, an open problem is to fix GGH13 with functionality-preserving. By modifying zero-testing parameter and using switching modulus method, we present a new construction of multilinear map from ideal lattices. Our construction maintains functionality of GGH13 with public tools of encoding, such as applications of GGH13-based MPKE and WE. The security of our construction depends upon new hardness assumption

Critical Perspectives on Provable Security: Fifteen Years of Another Look Papers

We give an overview of our critiques of “proofs” of security and a guide to our papers on the subject that have appeared over the past decade and a half. We also provide numerous additional examples and a few updates and errata

LCPR: High Performance Compression Algorithm for Lattice-Based Signatures

Many lattice-based signature schemes have been proposed in recent years. However, all of them suffer from huge signature sizes as compared to their classical counterparts. We present a novel and generic construction of a lossless compression algorithm for Schnorr-like signatures utilizing publicly accessible randomness. Conceptually, exploiting public randomness in order to reduce the signature size has never been considered in cryptographic applications. We illustrate the applicability of our compression algorithm using the example of a current state-of-the-art signature scheme due to Gentry et al. (GPV scheme) instantiated with the efficient trapdoor construction from Micciancio and Peikert. This scheme benefits from increasing the main security parameter $n$, which is positively correlated with the compression rate measuring the amount of storage savings. For instance, GPV signatures admit improvement factors of approximately $\lg n$ implying compression rates of about $65$\% at a security level of about 100 bits without suffering loss of information or decrease in security, meaning that the original signature can always be recovered from its compressed state. As a further result, we propose a multi-signer compression strategy in case more than one signer agree to share the same source of public randomness. Such a strategy of bundling compressed signatures together to an aggregate has many advantages over the single signer approach