Semantic Security and Indistinguishability in the Quantum World

At CRYPTO 2013, Boneh and Zhandry initiated the study of quantum-secure encryption. They proposed first indistinguishability definitions for the quantum world where the actual indistinguishability only holds for classical messages, and they provide arguments why it might be hard to achieve a stronger notion. In this work, we show that stronger notions are achievable, where the indistinguishability holds for quantum superpositions of messages. We investigate exhaustively the possibilities and subtle differences in defining such a quantum indistinguishability notion for symmetric-key encryption schemes. We justify our stronger definition by showing its equivalence to novel quantum semantic-security notions that we introduce. Furthermore, we show that our new security definitions cannot be achieved by a large class of ciphers -- those which are quasi-preserving the message length. On the other hand, we provide a secure construction based on quantum-resistant pseudorandom permutations; this construction can be used as a generic transformation for turning a large class of encryption schemes into quantum indistinguishable and hence quantum semantically secure ones. Moreover, our construction is the first completely classical encryption scheme shown to be secure against an even stronger notion of indistinguishability, which was previously known to be achievable only by using quantum messages and arbitrary quantum encryption circuits.Comment: 37 pages, 2 figure

A Trusted Third-party (TTP) based Encryption Scheme for Ensuring Data Confidentiality in Cloud Environment

AbstractCloud computing is an emerging paradigm that affects a large part of the IT industry by offering dynamically scalable resources (e.g., hardware and software) that are provisioned as a service over the Internet. Cloud computing provides numerous advantages to organizations in terms of improved scalability, lower cost, and flexibility, to name a few. Despite these technical and economical advantages, many potential cloud consumers are still hesitant to adopt cloud computing due to security and privacy concerns. In particular, one of the main factors for the reluctance of organizations to adopt cloud computing is the lack of strong encryption scheme that can ensure the confidentiality of client's data while store in cloud service provider's (CSPs) data centers. With the existing encryption schemes adopted by the CSPs, there is always a possibility that the client's data can be compromised due to insider threats. In this paper, we propose a new scheme capable to secure client information from both insider and outsider threats. In particular, we develop an encryption scheme by combining both symmetric and asymmetric cryptographic algorithms, which provide strong data confidentiality preserving secret key encryption functionalities, including periodically renewable public key certificates through trusted third parties. Due to these functionalities, the data owner can utilize the best secret key encryption schemes while the trusted third party will hold and communicate the secret keys to CSPs on behalf of cloud service users (CSUs)

Key Dependent Message Security and Receiver Selective Opening Security for Identity-Based Encryption

We construct two identity-based encryption (IBE) schemes. The first one is IBE satisfying key dependent message (KDM) security for user secret keys. The second one is IBE satisfying simulation-based receiver selective opening (RSO) security. Both schemes are secure against adaptive-ID attacks and do not have any a-priori bound on the number of challenge identities queried by adversaries in the security games. They are the first constructions of IBE satisfying such levels of security. Our constructions of IBE are very simple. We construct our KDM secure IBE by transforming KDM secure secret-key encryption using IBE satisfying only ordinary indistinguishability against adaptive-ID attacks (IND-ID-CPA security). Our simulation-based RSO secure IBE is based only on IND-ID-CPA secure IBE. We also demonstrate that our construction technique for KDM secure IBE is used to construct KDM secure public-key encryption. More precisely, we show how to construct KDM secure public-key encryption from KDM secure secret-key encryption and public-key encryption satisfying only ordinary indistinguishability against chosen plaintext attacks

DoubleMod and SingleMod: Simple Randomized Secret-Key Encryption with Bounded Homomorphicity

An encryption relation f Z Z with decryption function f 1 is “group-homomorphic” if, for any suitable plaintexts x1 and x2, x1+x2 = f 1( f (x1)+f (x2)). It is “ring-homomorphic” if furthermore x1x2 = f 1( f (x1) f (x2)); it is “field-homomorphic” if furthermore 1=x1 = f 1( f (1=x1)). Such relations would support oblivious processing of encrypted data. We propose a simple randomized encryption relation f over the integers, called DoubleMod, which is “bounded ring-homomorphic” or what some call ”somewhat homomorphic.” Here, “bounded” means that the number of additions and multiplications that can be performed, while not allowing the encrypted values to go out of range, is limited (any pre-specified bound on the operation-count can be accommodated). Let R be any large integer. For any plaintext x 2 ZR, DoubleMod encrypts x as f (x) = x + au + bv, where a and b are randomly chosen integers in some appropriate interval, while (u; v) is the secret key. Here u > R2 is a large prime and the smallest prime factor of v exceeds u. With knowledge of the key, but not of a and b, the receiver decrypts the ciphertext by computing f 1(y) = (y mod v) mod u. DoubleMod generalizes an independent idea of van Dijk et al. 2010. We present and refine a new CCA1 chosen-ciphertext attack that finds the secret key of both systems (ours and van Dijk et al.’s) in linear time in the bit length of the security parameter. Under a known-plaintext attack, breaking DoubleMod is at most as hard as solving the Approximate GCD (AGCD) problem. The complexity of AGCD is not known. We also introduce the SingleMod field-homomorphic cryptosystems. The simplest SingleMod system based on the integers can be broken trivially. We had hoped, that if SingleMod is implemented inside non-Euclidean quadratic or higher-order fields with large discriminants, where GCD computations appear di cult, it may be feasible to achieve a desired level of security. We show, however, that a variation of our chosen-ciphertext attack works against SingleMod even in non-Euclidean fields

Obfuscation for Cryptographic Purposes

An obfuscation of a function F should satisfy two requirements: firstly, using it should be possible to evaluate F; secondly, should not reveal anything about F that cannot be learnt from oracle access to F. Several definitions for obfuscation exist. However, most of them are either too weak for or incompatible with cryptographic applications, or have been shown impossible to achieve, or both. We give a new definition of obfuscation and argue for its reasonability and usefulness. In particular, we show that it is strong enough for cryptographic applications, yet we show that it has the potential for interesting positive results. We illustrat