179 research outputs found
From Selective-ID to Full Security: The Case of the Inversion-Based Boneh-Boyen IBE Scheme
In this note we remark that the inversion-based selective-ID secure identity-based encryption (IBE) scheme from Boneh and Boyen
can be bootstrapped to full-ID security using a technique by Waters
Chosen-Ciphertext Secure Identity-Based Encryption in the Standard Model with short Ciphertexts
We describe a practical identity-based encryption scheme that is secure in the standard model against chosen-ciphertext (CCA2) attacks. Security is based on an assumption comparable to (but slightly stronger than) Bilinear Decisonal Diffie-Hellman (BDDH).
A comparison shows that our construction outperforms all known identity-based encryption schemes in the standard model and its performance is even comparable with the one from the random-oracle based Boneh/Franklin IBE scheme.
Our proposed IBE scheme has furthermore the property that it fulfills some notion of ``redundancy-freeness , i.e. the encryption algorithm is not only a probabilistic injection but also a surjection. As a consequence the ciphertext overhead is nearly optimal: to encrypt bit messages for bit identities and with bit randomness we get bit ciphertexts to guarantee (roughly) bits of security
Programmable hash functions and their applications
We introduce a new combinatorial primitive called *programmable hash functions* (PHFs). PHFs can be used to *program* the output of a hash function such that it contains solved or unsolved discrete logarithm instances with a certain probability. This is a technique originally used for security proofs in the random oracle model. We give a variety of *standard model* realizations of PHFs (with different parameters).
The programmability makes PHFs a suitable tool to obtain black-box proofs of cryptographic protocols when considering adaptive attacks. We propose generic digital signature schemes from the strong RSA problem and from some hardness assumption on bilinear maps that can be
instantiated with any PHF. Our schemes offer various improvements over known constructions. In particular, for a reasonable choice of parameters, we obtain short standard model digital signatures over bilinear maps
Limits in the Provable Security of ECDSA Signatures
Digital Signatures are ubiquitous in modern computing. One of the most widely used digital signature schemes is ECDSA due to its use in TLS, various Blockchains such as Bitcoin and Etherum, and many other applications. Yet the formal analysis of ECDSA is comparatively sparse. In particular, all known security results for ECDSA rely on some idealized model such as the generic group model or the programmable (bijective) random oracle model.
In this work, we study the question whether these strong idealized models are necessary for proving the security of ECDSA. Specifically, we focus on the programmability of ECDSA\u27s conversion function which maps an elliptic curve point into its -coordinate modulo the group order. Unfortunately, our main results are negative. We establish, by means of a meta reductions, that an algebraic security reduction for ECDSA can only exist if the security reduction is allowed to program the conversion function. As a consequence, a meaningful security proof for ECDSA is unlikely to exist without strong idealization
CCA2 Secure IBE: Standard Model Efficiency through Authenticated Symmetric Encryption
We propose two constructions of chosen-ciphertext secure identity-based encryption (IBE) schemes. Our schemes have a security proof in the standard model, yet they offer performance competitive with all known random-oracle based schemes.
The efficiency improvement is obtained by combining modifications of the IBE schemes
by Waters and Gentry with authenticated symmetric encryption
Quasi-Adaptive NIZK for Linear Subspaces Revisited
Non-interactive zero-knowledge (NIZK) proofs for algebraic relations in a group, such as the Groth-Sahai proofs, are an extremely powerful tool in pairing-based cryptography. A series of recent works focused on obtaining very efficient NIZK proofs for linear spaces in a weaker quasi-adaptive model. We revisit recent quasi-adaptive NIZK constructions, providing clean, simple, and improved constructions via a conceptually different approach inspired by recent developments in identity-based encryption. We then extend our techniques also to linearly homomorphic structure-preserving signatures, an object both of independent interest and with many applications
A Modular Analysis of the Fujisaki-Okamoto Transformation
The Fujisaki-Okamoto (FO) transformation (CRYPTO 1999 and Journal of Cryptology 2013) turns any weakly secure public-key encryption scheme into a strongly (i.e., IND-CCA) secure one in the random oracle model. Unfortunately, the FO analysis suffers from several drawbacks, such as a non-tight security reduction, and the need for a perfectly correct scheme. While several alternatives to the FO transformation have been proposed, they have stronger requirements, or do not obtain all desired properties.
In this work, we provide a fine-grained and modular toolkit of transformations for turning weakly secure into strongly secure public-key encryption schemes. All of our transformations are robust against schemes with correctness errors, and their combination leads to several tradeoffs among tightness of the reduction, efficiency, and the required security level of the used encryption scheme. For instance, one variant of the FO transformation constructs an IND-CCA secure scheme from an IND-CPA secure one with a tight reduction and very small efficiency overhead. Another variant assumes only an OW-CPA secure scheme, but leads to an IND-CCA secure scheme with larger ciphertexts.
We note that we also analyze our transformations in the quantum random oracle model, which yields security guarantees in a post-quantum setting
A Modular Treatment of Blind Signatures from Identification Schemes
We propose a modular security treatment of blind signatures derived from linear identification schemes in the random oracle model. To this end, we present a general framework that captures several well known schemes from the literature and allows to prove their security.
Our modular security reduction introduces a new security notion for identification schemes called One-More-Man In the Middle Security which we show equivalent to the classical One-More-Unforgeability notion for blind signatures.
We also propose a generalized version of the Forking Lemma due to Bellare and Neven (CCS 2006) and show how it can be used to greatly improve the understandability of the classical security proofs for blind signatures schemes by Pointcheval and Stern (Journal of Cryptology 2000)
Two-Round Man-in-the-Middle Security from LPN
Secret-key authentication protocols have recently
received a considerable amount of attention, and a long line of
research has been devoted to devising efficient protocols with
security based on the hardness of the learning-parity with noise
(LPN) problem, with the goal of achieving low communication and
round complexities, as well as highest possible security guarantees.
In this paper, we construct 2-round authentication protocols that
are secure against sequential man-in-the-middle (MIM) attacks with
tight reductions to LPN, Field-LPN, or other problems. The best
prior protocols had either loose reductions and required 3 rounds
(Lyubashevsky and Masny, CRYPTO\u2713) or had a much larger key (Kiltz
et al., EUROCRYPT\u2711 and Dodis et al., EUROCRYPT\u2712). Our
constructions follow from a new generic deterministic and
round-preserving transformation enhancing actively-secure protocols
of a special form to be sequentially MIM-secure while only adding a
limited amount of key material and computation
- …