16,383 research outputs found
Function-Private Subspace-Membership Encryption and Its Applications
Boneh, Raghunathan, and Segev (CRYPTO \u2713) have recently put forward the notion of function privacy and applied it to identity-based encryption, motivated by the need for providing predicate privacy in public-key searchable encryption. Intuitively, their notion asks that decryption keys reveal essentially no information on their corresponding identities, beyond the absolute minimum necessary. While Boneh et al. showed how to construct function-private identity-based encryption (which implies predicate-private encrypted keyword search), searchable encryption typically requires a richer set of predicates.
In this paper we significantly extend the function privacy framework. First, we introduce the new notion of subspace-membership encryption, a generalization of inner-product encryption, and formalize a meaningful and realistic notion for capturing its function privacy. Then, we present a generic construction of a function-private subspace-membership encryption scheme based on any inner-product encryption scheme. Finally, we show that function-private subspace-membership encryption can be used to construct function-private identity-based encryption. These are the first generic constructions of function-private encryption schemes based on non-function-private ones, resolving one of the main open problems posed by Boneh, Raghunathan, and Segev
General Impossibility of Group Homomorphic Encryption in the Quantum World
Group homomorphic encryption represents one of the most important building
blocks in modern cryptography. It forms the basis of widely-used, more
sophisticated primitives, such as CCA2-secure encryption or secure multiparty
computation. Unfortunately, recent advances in quantum computation show that
many of the existing schemes completely break down once quantum computers reach
maturity (mainly due to Shor's algorithm). This leads to the challenge of
constructing quantum-resistant group homomorphic cryptosystems.
In this work, we prove the general impossibility of (abelian) group
homomorphic encryption in the presence of quantum adversaries, when assuming
the IND-CPA security notion as the minimal security requirement. To this end,
we prove a new result on the probability of sampling generating sets of finite
(sub-)groups if sampling is done with respect to an arbitrary, unknown
distribution. Finally, we provide a sufficient condition on homomorphic
encryption schemes for our quantum attack to work and discuss its
satisfiability in non-group homomorphic cases. The impact of our results on
recent fully homomorphic encryption schemes poses itself as an open question.Comment: 20 pages, 2 figures, conferenc
A New PVSS Scheme with a Simple Encryption Function
A Publicly Verifiable Secret Sharing (PVSS) scheme allows anyone to verify
the validity of the shares computed and distributed by a dealer. The idea of
PVSS was introduced by Stadler in [18] where he presented a PVSS scheme based
on Discrete Logarithm. Later, several PVSS schemes were proposed. In [2],
Behnad and Eghlidos present an interesting PVSS scheme with explicit membership
and disputation processes. In this paper, we present a new PVSS having the
advantage of being simpler while offering the same features.Comment: In Proceedings SCSS 2012, arXiv:1307.8029. This PVSS scheme was
proposed to be used to provide a distributed Timestamping schem
MLCapsule: Guarded Offline Deployment of Machine Learning as a Service
With the widespread use of machine learning (ML) techniques, ML as a service
has become increasingly popular. In this setting, an ML model resides on a
server and users can query it with their data via an API. However, if the
user's input is sensitive, sending it to the server is undesirable and
sometimes even legally not possible. Equally, the service provider does not
want to share the model by sending it to the client for protecting its
intellectual property and pay-per-query business model.
In this paper, we propose MLCapsule, a guarded offline deployment of machine
learning as a service. MLCapsule executes the model locally on the user's side
and therefore the data never leaves the client. Meanwhile, MLCapsule offers the
service provider the same level of control and security of its model as the
commonly used server-side execution. In addition, MLCapsule is applicable to
offline applications that require local execution. Beyond protecting against
direct model access, we couple the secure offline deployment with defenses
against advanced attacks on machine learning models such as model stealing,
reverse engineering, and membership inference
Flexible Yet Secure De-Duplication Service for Enterprise Data on Cloud Storage
The cloud storage services bring forth infinite storage capacity and flexible access capability to store and share
large-scale content. The convenience brought forth has attracted both individual and enterprise users to outsource data service to a cloud provider. As the survey shows 56% of the usages of cloud storage applications are for data back up and up to 68% of data backup are user assets. Enterprise tenants would need to protect their data privacy before uploading them to the cloud and expect a reasonable performance while they try to reduce the operation cost in terms of cloud storage, capacity and I/Os matter as well
as systems’ performance, bandwidth and data protection. Thus, enterprise tenants demand secure and economic data storage yet flexible access on their cloud data.
In this paper, we propose a secure de-duplication solution
for enterprise tenants to leverage the benefits of cloud storage while reducing operation cost and protecting privacy. First, the solution uses a proxy to do flexible group access control which supports secure de-duplication within a group; Second, the solution supports scalable clustering of proxies to support large-scale data access; Third, the solution can be integrated with cloud storage seamlessly. We implemented and tested our solution by integrating it with Dropbox. Secure de-duplication in a group is performed at low data transfer latency and small
storage overhead as compared to de-duplication on plaintext
Secure and Trustable Electronic Medical Records Sharing using Blockchain
Electronic medical records (EMRs) are critical, highly sensitive private
information in healthcare, and need to be frequently shared among peers.
Blockchain provides a shared, immutable and transparent history of all the
transactions to build applications with trust, accountability and transparency.
This provides a unique opportunity to develop a secure and trustable EMR data
management and sharing system using blockchain. In this paper, we present our
perspectives on blockchain based healthcare data management, in particular, for
EMR data sharing between healthcare providers and for research studies. We
propose a framework on managing and sharing EMR data for cancer patient care.
In collaboration with Stony Brook University Hospital, we implemented our
framework in a prototype that ensures privacy, security, availability, and
fine-grained access control over EMR data. The proposed work can significantly
reduce the turnaround time for EMR sharing, improve decision making for medical
care, and reduce the overall costComment: AMIA 2017 Annual Symposium Proceeding
- …