9,079 research outputs found
Identity-based Hierarchical Key-insulated Encryption without Random Oracles
Key-insulated encryption is one of the effective solutions to a key exposure problem. At Asiacrypt\u2705, Hanaoka et al. proposed an identity-based hierarchical key-insulated encryption (hierarchical IKE) scheme. Although their scheme is secure in the random oracle model, it has a ``hierarchical key-updating structure,\u27\u27 which is attractive functionality that enhances key exposure resistance.
In this paper, we first propose the hierarchical IKE scheme without random oracles. Our hierarchical IKE scheme is secure under the symmetric external Diffie-Hellman (SXDH) assumption, which is known as the simple and static one. Particularly, in the non-hierarchical case, our construction is the first IKE scheme that achieves constant-size parameters including public parameters, secret keys, and ciphertexts.
Furthermore, we also propose the first public-key-based key-insulated encryption (PK-KIE) in the hierarchical setting by using our technique
On Using Encryption Techniques to Enhance Sticky Policies Enforcement
How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waidner, provides very useful inspiration on how we can protect sensitive personal data, but the enforcement is very weak. In this paper we provide an overview of the state of the art in enforcing sticky policies, especially the concept of sticky policy enforcement using encryption techniques including Public-Key Encryption (PKE), Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and Proxy Re-Encryption (PRE). We provide detailed comparison results on the (dis)advantages of these enforcement mechanisms. As a result of the analysis, we provide a general framework for enhancing sticky policy enforcement using Type-based PRE (TPRE), which is an extension of general PRE
Server-Aided Revocable Predicate Encryption: Formalization and Lattice-Based Instantiation
Efficient user revocation is a necessary but challenging problem in many
multi-user cryptosystems. Among known approaches, server-aided revocation
yields a promising solution, because it allows to outsource the major workloads
of system users to a computationally powerful third party, called the server,
whose only requirement is to carry out the computations correctly. Such a
revocation mechanism was considered in the settings of identity-based
encryption and attribute-based encryption by Qin et al. (ESORICS 2015) and Cui
et al. (ESORICS 2016), respectively.
In this work, we consider the server-aided revocation mechanism in the more
elaborate setting of predicate encryption (PE). The latter, introduced by Katz,
Sahai, and Waters (EUROCRYPT 2008), provides fine-grained and role-based access
to encrypted data and can be viewed as a generalization of identity-based and
attribute-based encryption. Our contribution is two-fold. First, we formalize
the model of server-aided revocable predicate encryption (SR-PE), with rigorous
definitions and security notions. Our model can be seen as a non-trivial
adaptation of Cui et al.'s work into the PE context. Second, we put forward a
lattice-based instantiation of SR-PE. The scheme employs the PE scheme of
Agrawal, Freeman and Vaikuntanathan (ASIACRYPT 2011) and the complete subtree
method of Naor, Naor, and Lotspiech (CRYPTO 2001) as the two main ingredients,
which work smoothly together thanks to a few additional techniques. Our scheme
is proven secure in the standard model (in a selective manner), based on the
hardness of the Learning With Errors (LWE) problem.Comment: 24 page
Adaptively Secure Computationally Efficient Searchable Symmetric Encryption
Searchable encryption is a technique that allows a client to store documents on a server in encrypted form. Stored documents can be retrieved selectively while revealing as little information as\ud
possible to the server. In the symmetric searchable encryption domain, the storage and the retrieval are performed by the same client. Most conventional searchable encryption schemes suffer\ud
from two disadvantages.\ud
First, searching the stored documents takes time linear in the size of the database, and/or uses heavy arithmetic operations.\ud
Secondly, the existing schemes do not consider adaptive attackers;\ud
a search-query will reveal information even about documents stored\ud
in the future. If they do consider this, it is at a significant\ud
cost to updates.\ud
In this paper we propose a novel symmetric searchable encryption\ud
scheme that offers searching at constant time in the number of\ud
unique keywords stored on the server. We present two variants of\ud
the basic scheme which differ in the efficiency of search and\ud
update. We show how each scheme could be used in a personal health\ud
record system
Private Data System Enabling Self-Sovereign Storage Managed by Executable Choreographies
With the increased use of Internet, governments and large companies store and
share massive amounts of personal data in such a way that leaves no space for
transparency. When a user needs to achieve a simple task like applying for
college or a driving license, he needs to visit a lot of institutions and
organizations, thus leaving a lot of private data in many places. The same
happens when using the Internet. These privacy issues raised by the centralized
architectures along with the recent developments in the area of serverless
applications demand a decentralized private data layer under user control. We
introduce the Private Data System (PDS), a distributed approach which enables
self-sovereign storage and sharing of private data. The system is composed of
nodes spread across the entire Internet managing local key-value databases. The
communication between nodes is achieved through executable choreographies,
which are capable of preventing information leakage when executing across
different organizations with different regulations in place. The user has full
control over his private data and is able to share and revoke access to
organizations at any time. Even more, the updates are propagated instantly to
all the parties which have access to the data thanks to the system design.
Specifically, the processing organizations may retrieve and process the shared
information, but are not allowed under any circumstances to store it on long
term. PDS offers an alternative to systems that aim to ensure self-sovereignty
of specific types of data through blockchain inspired techniques but face
various problems, such as low performance. Both approaches propose a
distributed database, but with different characteristics. While the
blockchain-based systems are built to solve consensus problems, PDS's purpose
is to solve the self-sovereignty aspects raised by the privacy laws, rules and
principles.Comment: DAIS 201
Lattice-Based Group Signatures: Achieving Full Dynamicity (and Deniability) with Ease
In this work, we provide the first lattice-based group signature that offers
full dynamicity (i.e., users have the flexibility in joining and leaving the
group), and thus, resolve a prominent open problem posed by previous works.
Moreover, we achieve this non-trivial feat in a relatively simple manner.
Starting with Libert et al.'s fully static construction (Eurocrypt 2016) -
which is arguably the most efficient lattice-based group signature to date, we
introduce simple-but-insightful tweaks that allow to upgrade it directly into
the fully dynamic setting. More startlingly, our scheme even produces slightly
shorter signatures than the former, thanks to an adaptation of a technique
proposed by Ling et al. (PKC 2013), allowing to prove inequalities in
zero-knowledge. Our design approach consists of upgrading Libert et al.'s
static construction (EUROCRYPT 2016) - which is arguably the most efficient
lattice-based group signature to date - into the fully dynamic setting.
Somewhat surprisingly, our scheme produces slightly shorter signatures than the
former, thanks to a new technique for proving inequality in zero-knowledge
without relying on any inequality check. The scheme satisfies the strong
security requirements of Bootle et al.'s model (ACNS 2016), under the Short
Integer Solution (SIS) and the Learning With Errors (LWE) assumptions.
Furthermore, we demonstrate how to equip the obtained group signature scheme
with the deniability functionality in a simple way. This attractive
functionality, put forward by Ishida et al. (CANS 2016), enables the tracing
authority to provide an evidence that a given user is not the owner of a
signature in question. In the process, we design a zero-knowledge protocol for
proving that a given LWE ciphertext does not decrypt to a particular message
- ā¦