871 research outputs found
Semantic Security and Indistinguishability in the Quantum World
At CRYPTO 2013, Boneh and Zhandry initiated the study of quantum-secure
encryption. They proposed first indistinguishability definitions for the
quantum world where the actual indistinguishability only holds for classical
messages, and they provide arguments why it might be hard to achieve a stronger
notion. In this work, we show that stronger notions are achievable, where the
indistinguishability holds for quantum superpositions of messages. We
investigate exhaustively the possibilities and subtle differences in defining
such a quantum indistinguishability notion for symmetric-key encryption
schemes. We justify our stronger definition by showing its equivalence to novel
quantum semantic-security notions that we introduce. Furthermore, we show that
our new security definitions cannot be achieved by a large class of ciphers --
those which are quasi-preserving the message length. On the other hand, we
provide a secure construction based on quantum-resistant pseudorandom
permutations; this construction can be used as a generic transformation for
turning a large class of encryption schemes into quantum indistinguishable and
hence quantum semantically secure ones. Moreover, our construction is the first
completely classical encryption scheme shown to be secure against an even
stronger notion of indistinguishability, which was previously known to be
achievable only by using quantum messages and arbitrary quantum encryption
circuits.Comment: 37 pages, 2 figure
POPE: Partial Order Preserving Encoding
Recently there has been much interest in performing search queries over
encrypted data to enable functionality while protecting sensitive data. One
particularly efficient mechanism for executing such queries is order-preserving
encryption/encoding (OPE) which results in ciphertexts that preserve the
relative order of the underlying plaintexts thus allowing range and comparison
queries to be performed directly on ciphertexts. In this paper, we propose an
alternative approach to range queries over encrypted data that is optimized to
support insert-heavy workloads as are common in "big data" applications while
still maintaining search functionality and achieving stronger security.
Specifically, we propose a new primitive called partial order preserving
encoding (POPE) that achieves ideal OPE security with frequency hiding and also
leaves a sizable fraction of the data pairwise incomparable. Using only O(1)
persistent and non-persistent client storage for
, our POPE scheme provides extremely fast batch insertion
consisting of a single round, and efficient search with O(1) amortized cost for
up to search queries. This improved security and
performance makes our scheme better suited for today's insert-heavy databases.Comment: Appears in ACM CCS 2016 Proceeding
Cloud-based Quadratic Optimization with Partially Homomorphic Encryption
The development of large-scale distributed control systems has led to the
outsourcing of costly computations to cloud-computing platforms, as well as to
concerns about privacy of the collected sensitive data. This paper develops a
cloud-based protocol for a quadratic optimization problem involving multiple
parties, each holding information it seeks to maintain private. The protocol is
based on the projected gradient ascent on the Lagrange dual problem and
exploits partially homomorphic encryption and secure multi-party computation
techniques. Using formal cryptographic definitions of indistinguishability, the
protocol is shown to achieve computational privacy, i.e., there is no
computationally efficient algorithm that any involved party can employ to
obtain private information beyond what can be inferred from the party's inputs
and outputs only. In order to reduce the communication complexity of the
proposed protocol, we introduced a variant that achieves this objective at the
expense of weaker privacy guarantees. We discuss in detail the computational
and communication complexity properties of both algorithms theoretically and
also through implementations. We conclude the paper with a discussion on
computational privacy and other notions of privacy such as the non-unique
retrieval of the private information from the protocol outputs
Efficient Cloud-based Secret Shuffling via Homomorphic Encryption
When working with joint collections of confidential data from multiple
sources, e.g., in cloud-based multi-party computation scenarios, the ownership
relation between data providers and their inputs itself is confidential
information. Protecting data providers' privacy desires a function for secretly
shuffling the data collection. We present the first efficient secure
multi-party computation protocol for secret shuffling in scenarios with a
central server. Based on a novel approach to random index distribution, our
solution enables the randomization of the order of a sequence of encrypted data
such that no observer can map between elements of the original sequence and the
shuffled sequence with probability better than guessing. It allows for
shuffling data encrypted under an additively homomorphic cryptosystem with
constant round complexity and linear computational complexity. Being a
general-purpose protocol, it is of relevance for a variety of practical use
cases
Public Key Encryption Supporting Plaintext Equality Test and User-Specified Authorization
In this paper we investigate a category of public key encryption schemes which supports plaintext equality test and user-specified authorization. With this new primitive, two users, who possess their own public/private key pairs, can issue token(s) to a proxy to authorize it to perform plaintext equality test from their ciphertexts. We provide a formal formulation for this primitive, and present a construction with provable security in our security model. To mitigate the risks against the semi-trusted proxies, we enhance the proposed cryptosystem by integrating the concept of computational client puzzles. As a showcase, we construct a secure personal health record application based on this primitive
Novel Order preserving encryption Scheme for Wireless Sensor Networks
International audienceAn Order-Preserving Encryption (OPE) scheme is a deterministic cipher scheme, whose encryption algorithm produces cipher texts that preserve the numerical ordering of the plain-texts. It is based on strictly increasing functions. It is a kind of homomorphic encryption where the homomorphic operation is order comparison. This means that comparing encrypted data provides the exact result than comparing the original data. It is attractive to be used in databases, especially in cloud ones as a method to enhance security, since it allows applications to perform order queries over encrypted data efficiently (without the need of decrypting the data). Wireless sensor network is another potential domain in which order preserving encryption can be adopted and used with high impact. It can be integrated with secure data aggregation protocols that use comparison operations to aggregate data (MAX, MIN, etc.) in a way that no decryption is being performed on the sensor nodes, which means directly less power consumption. In this paper, we will review many existing order-preserving encryption schemes with their related brief explanation, efficiency level, and security. Then, and based on the comparative table generated, we will propose a novel order-preserving encryption scheme that has a good efficiency level and less complexity, in order to be used in a wireless sensor network with an enhanced level of security
- …