Security of signed ELGamal encryption

Assuming a cryptographically strong cyclic group G of prime order q and a random hash function H, we show that ElGamal encryption with an added Schnorr signature is secure against the adaptive chosen ciphertext attack, in which an attacker can freely use a decryption oracle except for the target ciphertext. We also prove security against the novel one-more-decyption attack. Our security proofs are in a new model, corresponding to a combination of two previously introduced models, the Random Oracle model and the Generic model. The security extends to the distributed threshold version of the scheme. Moreover, we propose a very practical scheme for private information retrieval that is based on blind decryption of ElGamal ciphertexts

Constant-size ciphertexts in threshold attribute-based encryption without dummy attributes

Attribute-based encryption (ABE) is an augmentation of public key encryption that allows users to encrypt and decrypt messages based on users’ attributes. In a ( t, s ) threshold ABE, users who can decrypt a ciphertext must hold at least t attributes among the s attributes specified by the encryptor. At PKC 2010, Herranz, Laguillaumie and Ràfols proposed the first threshold ABE with constant-size ciphertexts. In order to ensure the encryptor can flexibly select the attribute set and a threshold value, they use dummy attributes to satisfy the decryption requirement. The advantage of their scheme is that any addition or removal of the attributes will not require any change to users’ private keys or public parameters. Unfortunately, the need for dummy attributes makes their scheme inefficient, since the computational cost of encryption is linear to the size of selected attribute set and dummy attribute set. In this work, we improve Herranz et al.’s work, and propose a new threshold ABE scheme which does not use any dummy attribute . Our scheme not only retains the nice feature of Herranz et al.’s scheme, but also offers two improvements in comparison to the previous work. Firstly, the computational costs of encryption and decryption are only linear in the size of the selected attribute set. Secondly, without any dummy attribute, most of the computations can be conducted without the knowledge of the threshold t . Hence, threshold change in the encryption phase does not require complete recomputation of the ciphertext

Heuristically secure threshold lattice-based cryptography schemes

In public-key encryption, a long-term private key can be an easy target for hacking and deserves extra protection. One way to enhance its security is to share the long-term private key among multiple (say n) distributed servers; any threshold number (t, t ≤ n) of these servers are needed to collectively use the shared private key without reconstructing it. As a result, an attacker who has compromised less than t servers will still not be able to reconstruct the shared private key. In this thesis, we studied threshold decryption schemes for lattice-based public-key en- cryption, which is one of the most promising post-quantum public-key encryption schemes. We developed threshold decryption schemes for Stinson’s, the standard NTRU, and NTRU with Ring Learning with Errors (R-LWE) cryptosystems. Prototype implementations were developed for validating the functionality of these threshold decryption schemes. Our de- signs achieve heuristic security, and its security is supported by mechanisms similar to that of R-LWE

Efficient distributed tag-based encryption and its application to group signatures with efficient distributed traceability

In this work, we first formalize the notion of dynamic group signatures with distributed traceability, where the capability to trace signatures is distributed among n managers without requiring any interaction. This ensures that only the participation of all tracing managers permits tracing a signature, which reduces the trust placed in a single tracing manager. The threshold variant follows easily from our definitions and constructions. Our model offers strong security requirements. Our second contribution is a generic construction for the notion which has a concurrent join protocol, meets strong security requirements, and offers efficient traceability, i.e. without requiring tracing managers to produce expensive zero-knowledge proofs for tracing correctness. To dispense with the expensive zero-knowledge proofs required in the tracing, we deploy a distributed tag-based encryption with public verifiability. Finally, we provide some concrete instantiations, which, to the best of our knowledge, are the first efficient provably secure realizations in the standard model simultaneously offering all the aforementioned properties. To realize our constructions efficiently, we construct an efficient distributed (and threshold) tag-based encryption scheme that works in the efficient Type-III asymmetric bilinear groups. Our distributed tag-based encryption scheme yields short ciphertexts (only 1280 bits at 128-bit security), and is secure under an existing variant of the standard decisional linear assumption. Our tag-based encryption scheme is of independent interest and is useful for many applications beyond the scope of this paper. As a special case of our distributed tag-based encryption scheme, we get an efficient tag-based encryption scheme in Type-III asymmetric bilinear groups that is secure in the standard model

Ciphertext-policy attribute based encryption supporting access policy update

Attribute-based encryption (ABE) allows one-to-many encryption with static access control. In many occasions, the access control policy must be updated and the original encryptor might be required to re-encrypt the message, which is impractical, since the encryptor might be unavailable. Unfortunately, to date the work in ABE does not consider this issue yet, and hence this hinders the adoption of ABE in practice. In this work, we consider how to efficiently update access policies in Ciphertext-policy Attribute-based Encryption (CP-ABE) systems without re-encryption. We introduce a new notion of CP-ABE supporting access policy update that captures the functionalities of attribute addition and revocation to access policies. We formalize the security requirements for this notion, and subsequently construct two provably secure CP-ABE schemes supporting AND-gate access policy with constant-size ciphertext for user decryption. The security of our schemes are proved under the Augmented Multi-sequences of Exponents Decisional Diffie-Hellman assumption

Improved ciphertext-policy time using short elliptic curve Diffie–Hellman

Ciphertext-policy attribute-based encryption (CP-ABE) is a suitable solution for the protection of data privacy and security in cloud storage services. In a CP-ABE scheme which provides an access structure with a set of attributes, users can decrypt messages only if they receive a key with the desired attributes. As the number of attributes increases, the security measures are strengthened proportionately, and they can be applied to longer messages as well. The decryption of these ciphertexts also requires a large decryption key which may increase the decryption time. In this paper, we proposed a new method for improving the access time to the CP using a new elliptic curve that enables a short key size to be distributed to the users that allows them to use the defined attributes for encryption and decryption. Each user has a specially created key which uses the defined attributes for encryption and decryption based on the Diffie-Hellman method. After the implement, the results show that this system saves nearly half of the execution time for encryption and decryption compared to previous methods. This proposed system provides guaranteed security by means of the elliptic curve discrete logarithmic problem