Remarks on the Cryptographic Primitive of Attribute-based Encryption

Attribute-based encryption (ABE) which allows users to encrypt and decrypt messages based on user attributes is a type of one-to-many encryption. Unlike the conventional one-to-one encryption which has no intention to exclude any partners of the intended receiver from obtaining the plaintext, an ABE system tries to exclude some unintended recipients from obtaining the plaintext whether they are partners of some intended recipients. We remark that this requirement for ABE is very hard to meet. An ABE system cannot truly exclude some unintended recipients from decryption because some users can exchange their decryption keys in order to maximize their own interests. The flaw discounts the importance of the cryptographic primitive.Comment: 9 pages, 4 figure

Асимптотические соотношения для вероятностей числа нескомпрометированных ключей в схемах распределения ключей, построенных на основе блочных кодов

It is considered the probabilistic model of the correspondents compromising process in some broadcast key distribution schemes, built on base of orthogonal arrays of strength 1 or 2. As a result, we obtain proper bounds for binomial moments and asymptotic expressions of probability of the number non-compromising keys in these schemes under condition of random equiprobable t- subset correspondents compromising.Рассматривается вероятностная модель процесса компрометаций корреспондентов в определенных схемах широковещательного распределения ключей, построенных на основе ортогональных таблиц силы 1 или 2. Получены точные оценки биномиальных моментов и асимптотические выражения вероятностей числа нескомпрометированных ключей в этих схемах после компрометации случайного равновероятного t-подмножества корреспондентов

Достаточные условия стойкости рандомизированных блочных cистем шифрования относительно метода криптоанализа на основе коммутативных диаграмм

Получены достаточные условия отсутствия определенных нетривиальных конгруэнций многоосновных алгебр, описывающих рандомизированные блочные системы шифрования, соответствующие SPN-подобным шифрам или шифрам Фейстеля. Указанные условия исключают возможность применения к таким системам шифрования метода криптоанализа на основе коммутативных диаграмм.Отримано достатні умови відсутності певних нетривіальних конгруенцій багатоосновних універсальних алгебр, що описують рандомізовані блокові системи шифрування, які відповідають SPN-подібним шифрам або шифрам Фейстеля. Зазначені умови виключають можливість застосування до таких систем шифрування методу криптоаналізу на основі комутативних діаграм.Sufficient conditions for the non-existence of certain nontrivial congruences of many-sorted universal algebras, that describe randomized block cipher systems based on the SPN-like ciphers or on Feistel ciphers, are obtained. These conditions guarantee that such cipher systems are secure against commutative diagram attacks

Совершенные схемы разделения секрета и конечные универсальные алгебры

Предложен метод построения совершенных схем разделения секрета по конгруэнциям конечных универсальных алгебр, обобщающий известные способы синтеза линейных схем разделения секрета над конечными полями или коммутативными кольцами.Запропоновано метод побудови досконалих схем розділення секрету за конгруенціями скінчених універсальних алгебр, який узагальнює відомі способи синтезу лінійних схем розділення секрету над скінченими полями або комутативними кільцями.A method of constructing perfect secret sharing schemes which are obtained from congruences of finite universal algebras is provided. This method extends well-known constructions of linear secret sharing schemes over finite fields or commutative rings

DGKD: Distributed Group Key Distribution with Authentication Capability

Group key management (GKM} is the most important issue in secure group communication (SCC). The existing GKM protocols fall into three typical classes: centralized group key distribution (CGKD), decentralized group key management (DGKM), and distributed/contributory group key agreement (CGKA). Serious problems remains in these protocols, as they require existence of central trusted entities (such as group controller or subgroup controllers), relaying of messages (by subgroup controllers), or strict member synchronization (JOT multiple round stepwise key agreement), thus suffering from the single point of failure and attack, performance bottleneck, or mis-operations in the situation of transmission delay or network failure. In this paper, we propose a new class of GKM protocols: distributed group key distribution (DGKD). The new DGKD protocol solves the above problems and surpasses the existing GKM protocols ZR terms of simplicity, efficiency, scalability, and robustness

DGKD: Distributed Group Key Distribution with Authentication Capability

Group key management (GKM} is the most important issue in secure group communication (SCC). The existing GKM protocols fall into three typical classes: centralized group key distribution (CGKD), decentralized group key management (DGKM), and distributed/contributory group key agreement (CGKA). Serious problems remains in these protocols, as they require existence of central trusted entities (such as group controller or subgroup controllers), relaying of messages (by subgroup controllers), or strict member synchronization (JOT multiple round stepwise key agreement), thus suffering from the single point of failure and attack, performance bottleneck, or mis-operations in the situation of transmission delay or network failure. In this paper, we propose a new class of GKM protocols: distributed group key distribution (DGKD). The new DGKD protocol solves the above problems and surpasses the existing GKM protocols ZR terms of simplicity, efficiency, scalability, and robustness

Bounded-Collusion IBE from Key Homomorphism

In this work, we show how to construct IBE schemes that are secure against a bounded number of collusions, starting with underlying PKE schemes which possess linear homomorphisms over their keys. In particular, this enables us to exhibit a new (bounded-collusion) IBE construction based on the quadratic residuosity assumption, without any need to assume the existence of random oracles. The new IBE’s public parameters are of size O(tλlogI) where I is the total number of identities which can be supported by the system, t is the number of collusions which the system is secure against, and λ is a security parameter. While the number of collusions is bounded, we note that an exponential number of total identities can be supported. More generally, we give a transformation that takes any PKE satisfying Linear Key Homomorphism, Identity Map Compatibility, and the Linear Hash Proof Property and translates it into an IBE secure against bounded collusions. We demonstrate that these properties are more general than our quadratic residuosity-based scheme by showing how a simple PKE based on the DDH assumption also satisfies these properties.National Science Foundation (U.S.) (NSF CCF-0729011)National Science Foundation (U.S.) (NSF CCF-1018064)United States. Defense Advanced Research Projects Agency (DARPA FA8750-11-2-0225