Public key encryption with keyword search secure against keyword guessing attacks without random oracle

The notion of public key encryption with keyword search (PEKS) was put forth by Boneh et al. to enable a server to search from a collection of encrypted emails given a “trapdoor” (i.e., an encrypted keyword) provided by the receiver. The nice property in this scheme allows the server to search for a keyword, given the trapdoor. Hence, the verifier can merely use an untrusted server, which makes this notion very practical. Following Boneh et al.’s work, there have been subsequent works that have been proposed to enhance this notion. Two important notions include the so-called keyword guessing attack and secure channel free, proposed by Byun et al. and Baek et al., respectively. The former realizes the fact that in practice, the space of the keywords used is very limited, while the latter considers the removal of secure channel between the receiver and the server to make PEKS practical. Unfortunately, the existing construction of PEKS secure against keyword guessing attack is only secure under the random oracle model, which does not reflect its security in the real world. Furthermore, there is no complete definition that captures secure channel free PEKS schemes that are secure against chosen keyword attack, chosen ciphertext attack, and against keyword guessing attacks, even though these notions seem to be the most practical application of PEKS primitives. In this paper, we make the following contributions. First, we define the strongest model of PEKS which is secure channel free and secure against chosen keyword attack, chosen ciphertext attack, and keyword guessing attack. In particular, we present two important security notions namely IND-SCF-CKCA and IND-KGA. The former is to capture an inside adversary, while the latter is to capture an outside adversary. Intuitively, it should be clear that IND-SCF-CKCA captures a more stringent attack compared to IND-KGA. Second, we present a secure channel free PEKS scheme secure without random oracle under the well known assumptions, namely DLP, DBDH, SXDH and truncated q-ABDHE assumption. Our contributions fill the gap in the literature and hence, making the notion of PEK

Congo Basin peatlands: threats and conservation priorities

The recent publication of the first spatially explicit map of peatlands in the Cuvette Centrale, central Congo Basin, reveals it to be the most extensive tropical peatland complex, at ca. 145,500 km2. With an estimated 30.6 Pg of carbon stored in these peatlands, there are now questions about whether these carbon stocks are under threat and, if so, what can be done to protect them. Here, we analyse the potential threats to Congo Basin peat carbon stocks and identify knowledge gaps in relation to these threats, and to how the peatland systems might respond. Climate change emerges as a particularly pressing concern, given its potential to destabilise carbon stocks across the whole area. Socio-economic developments are increasing across central Africa and, whilst much of the peatland area is protected on paper by some form of conservation designation, the potential exists for hydrocarbon exploration, logging, plantations and other forms of disturbance to significantly damage the peatland ecosystems. The low level of human intervention at present suggests that the opportunity still exists to protect the peatlands in a largely intact state, possibly drawing on climate change mitigation funding, which can be used not only to protect the peat carbon pool but also to improve the livelihoods of people living in and around these peatlands

Chosen-ciphertext secure anonymous conditional proxy re-encryption with keyword search

Weng et al. introduced the notion of conditional proxy re-encryption (or C-PRE, for short), whereby only the ciphertext satisfying one condition set by the delegator can be transformed by the proxy and then decrypted by delegatee. Nonetheless, they left an open problem on how to construct CCA-secure C-PRE schemes with anonymity. Fang et al. answered this question by presenting a construction of anonymous condi- tional proxy re-encryption (C-PRE) scheme without requiring random oracle. Nev- ertheless, Fang et al.\u27s scheme only satises the RCCA-security (which is a weaker variant of CCA-security assuming a harmless mauling of the challenge ciphertext is tolerated). Hence, it remains an open problem whether CCA-secure C-PRE schemes that satisfy both anonymity and full CCA-security can really be realized. Shao et al. introduced a new cryptographic primitive, called proxy re-encryption with keyword search (PRES), which is a combination of PRE and public key encryption with key- word search (PEKS), and they left an open problem on how to design an efficient unidirectional PRES scheme. In this paper, we answer the above open problems by proposing a new crypto- graphic primitive called conditional proxy re-encryption with keyword search (C- PRES), which combines C-PRE and PEKS. We note that there are subtleties in combining these two notions to achieve a secure scheme, and hence, the combination is not trivial. We propose a denition of security against chosen ciphertext attacks for C-PRES schemes with keyword anonymity, and thereafter present a scheme that satises the denition. The performance of our scheme outperforms Weng et al.\u27s construction, which has been regarded as the most efficient C-PRE scheme to date

Generalized public-key cryptography with tight security

Tightly secure public-key cryptographic schemes enjoy the advantage that the selection of the security parameter can be optimal to achieve a certain security level. Security models in the multi-user setting with corruptions (MU-C) consider more realistic threats in practice. Many efforts have been devoted to constructing tightly MU-C secure schemes. To date, we have many concrete constructions. Nevertheless, the study on how to generally achieve tight security in public-key cryptography remains lacking. In this paper, we take an insight into the key generations in public-key cryptography. We first generalize the key generation algorithms of traditional schemes and discuss the requirements of achieving tight security. We notice that for some schemes (e.g. key-unique schemes), these requirements inherently cannot be satisfied and hence these schemes cannot achieve tight security. This is in accordance with the impossibility results of tight reductions by Bader et al. (EUROCRYPT 2016). To further study possible constructions, we extend the key generations of public-key cryptographic schemes to obtain a different framework. To demonstrate its applications, we illustrate how to construct tightly secure key-unique schemes under the extended framework. This circumvents the impossibility results of tight security for key-unique schemes

Hierarchical conditional proxy re-encryption

In this paper, we introduce a new primitive called hierarchical conditional proxy re-encryption (HC-PRE) that enhances the concept of C-PRE by allowing more general re-encryption key delegation patterns. Hierarchical conditional proxy re-encryption (HC-PRE) scheme is the hierarchical extension of conditional proxy re-encryption (C-PRE) where the condition is a vector of keywords. We present an efficient construction of hierarchical key derivation C-PRE scheme where the ciphertext length is independent from the depth of the hierarchy. We further extend our work by presenting a more generalized key delegation, by allowing the use of a wildcard in the keyword vector

Data-Matching-Based Privacy-Preserving Statistics and Its Applications in Digital Publishing Industry

With the rapid development of digital media technology, many people prefer to read e-books over article versions. The digital publishing platform can collect and analyze massive amounts of readers\u27 reading information. The statistical analysis results can be regarded as the platform\u27s digital assets based on which it provides paid services for its users. However, three privacy issues are related to readers\u27 reading information, users\u27 statistical preferences, and the platform\u27s digital assets. This article proposes a data-matching-based privacy-preserving statistic scheme. The proposed solution combines bloom filters, secret sharing, and perturbing technologies to realize an efficient match between users\u27 statistical preferences and massive readers\u27 corresponding reading information and statistical analysis of the matching results without compromising the privacy of different parties. Besides, the proposed solution adopts an edge computing paradigm to realize the process of massive data in a divide-and-conquer parallel way. It introduces the concepts of Mirror Secret Shares and Buddy Edge Devices to virtualize the $(m+1, m+1)$(m+1,m+1)-threshold secret sharing scheme to an $(m+1, m+\lfloor m/2 \rfloor +2)$(m+1,m+⌊m/2⌋+2)-threshold secret sharing scheme for achieving good robustness without adding hardware devices. The detailed analyses show that our solution meets the defined design goals. Furthermore, the experimental results demonstrate the efficiency of the proposed work

Identity-based conditional proxy re-encryption with fine grain policy

2017 Elsevier B.V.An identity-based conditional proxy re-encryption scheme (IB-CPRE) allows a semi-trusted proxy to convert a ciphertext satisfying one condition, which is set by the delegator, under one identity to another without the necessity to reveal the underlying message. In ICISC 2012, Liang, Liu, Tan, Wong and Tang proposed an IB-CPRE scheme, and left an open problem on how to construct chosen-ciphertext secure IB-CPRE supporting OR gates on conditions. In this work, we answer this aforementioned problem by constructing an identity-based conditional proxy re-encryption scheme with fine grain policy (IB-CPRE-FG). In an IB-CPRE-FG scheme, each ciphertext is labeled with a set of descriptive conditions and each re-encryption key is associated with an access tree that specifies which type of ciphertexts the proxy can re-encrypt. Furthermore, our scheme can be proved secure against adaptive access tree and adaptive identity chosen-ciphertext attack