On the Generalizations of Identity-Based Encryption

2011 - 2012Today public-key cryptographic is widely deployed and successfully used but still a major drawback exists. In fact, from encrypted data a party can either decrypt or cannot learn anything at all about the message other than intentionally leaked information such as its length. In the recent years, the cloud computing paradigm has emerged as the new standard to use computing resources, such as storage devices, that are delivered as a service over a network. In such a scenario, the notion of public key cryptography is not enough. It would be desirable to specify a decryption policy in the encrypted data in such a way that only the parties who satisfy the policy can decrypt. In a more general form, we may want to only give access to a function of the message, depending on the decryptor’s authorization. Thus, in the last decade researchers have started looking at a more sophisticated type of encryption called functional encryption. A functionality F is a function F : K × M ! where K is the key space and M is the message space. In the public-key setting, a functional encryption scheme for F is a special encryption scheme in which, for every key k 2 K, the owner of the master secret key msk associated with the master public key mpk can generate a special secret-key skk that allows the computation of F(k,m) from a ciphertext of m 2 M computed under public key mpk . In other words, whereas in traditional encryption schemes decryption is an all-or-nothing affair, in functional encryption it is possible to finely control the amount of information that is revealed by a ciphertext. One of the most notable example of functional encryption is identity-based encryption first introduced by Shamir as an alternative to the standard notion of public-key encryption. In this thesis, we discuss several instantiations of function encryption that can all be seen as generalisations of identity-based encryption. We improve on previous constructions in terms of performance and security guarantees. [edited by author]XI n.s

Hidden Vector Encryption Fully Secure Against Unrestricted Queries

Predicate encryption is an important cryptographic primitive (see \cite{BDOP04,BoWa07,Goyal06,KaSaWa08}) that enables fine-grained control on the decryption keys. Roughly speaking, in a predicate encryption scheme the owner of the master secret key \MSK can derive secret key \SK_P, for any predicate $P$ from a specified class of predicates $\mathbb{P}$. In encrypting a message $M$, the sender can specify an {\em attribute} vector \x and the resulting ciphertext $\tilde X$ can be decrypted only by using keys \SK_P such that P(\x)=1. Our main contribution is the {\em first} construction of a predicate encryption scheme that can be proved {\em fully} secure against {\em unrestricted} queries by probabilistic polynomial-time adversaries under non-interactive constant sized (that is, independent of the length $\ell$ of the attribute vectors) hardness assumptions on bilinear groups of composite order. Specifically, we consider {\em hidden vector encryption} (HVE in short), a notable case of predicate encryption introduced by Boneh and Waters \cite{BoWa07} and further developed in \cite{ShWa08, IoPe08, SLNHJ10}. In a HVE scheme, the ciphertext attributes are vectors \x=\langle x_1,\ldots,x_\ell\rangle of length $\ell$ over alphabet $\Sigma$, keys are associated with vectors \y=\langle y_1,\ldots,y_\ell\rangle of length $\ell$ over alphabet $\Sigma\cup\{\star\}$ and we consider the \Match(\x,\y) predicate which is true if and only if, for all $i$, $y_i\ne\star$ implies $x_i=y_i$. Previous constructions restricted the proof of security to adversaries that could ask only {\em non-matching} queries; that is, for challenge attribute vectors \x_0 and \x_1, the adversary could ask only for keys of vectors \y for which\Match(\x_0,\y)=\Match(\x_1,\y)= false. Our proof employs the dual system methodology of Waters \cite{Waters09}, that gave one of the first fully secure construction in this area, blended with a careful design of intermediate security games that keep into account the relationship between challenge ciphertexts and key queries

Multi-Issuer Anonymous Credentials Without a Root Authority

The rise of blockchain technology has boosted interest in privacy-enhancing technologies, in particular, anonymous transaction authentication. Permissionless blockchains realize transaction anonymity through one-time pseudonyms, whereas permissioned blockchains leverage anonymous credentials. Earlier solutions of anonymous credentials assume a single issuer; as a result, they hide the identity of users but still reveal the identity of the issuer. A countermeasure is delegatable credentials, which support multiple issuers as long as a root authority exists. Assuming a root authority however, is unsuitable for blockchain technology and decentralized applications. This paper introduces a solution for anonymous credentials that guarantees user anonymity, even without a root authority. The proposed solution is secure in the universal composability framework and allows users to produce anonymous signatures that are logarithmic in the number of issuers and constant in the number of user attributes

Receiver and Sender Deniable Functional Encryption

Deniable encryption, first introduced by Canetti et al. (CRYPTO 1997), allows equivocation of encrypted communication. In this work we generalize its study to functional encryption (FE). Our results are summarized as follows: We first put forward and motivate the concept of receiver deniable FE, for which we consider two models. In the first model, as previously considered by O'Neill et al. (CRYPTO 2011) in the case of identity-based encryption, a receiver gets assistance from the master authority to generate a fake secret key. In the second model, there are ``normal'' and ``deniable'' secret keys, and a receiver in possession of a deniable secret key can produce a fake but authentic-looking normal key on its own. In the first model, we show a compiler from any FE scheme for the general circuit functionality to a FE scheme having receiver deniability. In addition we show an efficient receiver deniable FE scheme for Boolean Formulae from bilinear maps. In the second (multi-distributional) model, we present a specific FE scheme for the general circuit functionality having receiver deniability. To our knowledge, a scheme in the multi-distributional model was not previously known even for the special case of identity-based encryption. Finally, we construct the first sender (non-multi-distributional) deniable FE scheme

Anonymous Transactions with Revocation and Auditing in Hyperledger Fabric

In permissioned blockchain systems, participants are admitted to the network by receiving a credential from a certification authority. Each transaction processed by the network is required to be authorized by a valid participant who authenticates via her credential. Use case settings where privacy is a concern thus require proper privacy-preserving authentication and authorization mechanisms. Anonymous credential schemes allow a user to authenticate while showing only those attributes necessary in a given setting. This makes them a great tool for authorizing transactions in permissioned blockchain systems based on the user\u27s attributes. In most setups, there is one distinct certification authority for each organization in the network. Consequently, the use of plain anonymous credential schemes still leaks the association of a user to the organization that issued her credentials. Camenisch, Drijvers and Dubovitskaya (CCS 2017) therefore suggest the use of a delegatable anonymous credential scheme to also hide that remaining piece of information. In this paper, we propose the revocation and auditability - two functionalities that are necessary for real-world adoption - and integrate them into the scheme. We present a complete protocol, its security definition and the proof, and provide its open-source implementation. Our distributed-setting performance measurements show that the integration of the scheme with Hyperledger Fabric, while incurring an overhead in comparison to the less privacy-preserving solutions, is practical for settings with stringent privacy requirements

Neurotransmitter and receptor systems in the subthalamic nucleus

The Subthalamic Nucleus (STh) is a lens-shaped subcortical structure located ventrally to the thalamus, that despite being embryologically derived from the diencephalon, is functionally implicated in the basal ganglia circuits. Because of this strict structural and functional relationship with the circuits of the basal ganglia, the STh is a current target for deep brain stimulation, a neurosurgical procedure employed to alleviate symptoms in movement disorders, such as Parkinson's disease and dystonia. However, despite the great relevance of this structure for both basal ganglia physiology and pathology, the neurochemical and molecular anatomy of the STh remains largely unknown. Few studies have specifically addressed the detection of neurotransmitter systems and their receptors within the structure, and even fewer have investigated their topographical distribution. Here, we have reviewed the scientific literature on neurotransmitters relevant in the STh function of rodents, non-human primates and humans including glutamate, GABA, dopamine, serotonin, noradrenaline with particular focus on their subcellular, cellular and topographical distribution. Inter-species differences were highlighted to provide a framework for further research priorities, particularly in humans

Channels: Horizontal Scaling and Confidentiality on Permissioned Blockchains with Application on Hyperledger Fabric

Sharding, or partitioning the system’s state so that different subsets of participants handle it, is a proven approach to building distributed systems whose total capacity scales horizontally with the number of participants. Many distributed ledgers have adopted this approach to increase their performance, however, they focus on the permissionless setting that assumes the existence of a strong adversary. In this paper, we deploy channels for permissioned blockchains. Our first contribution is to adapt sharding on asset-management applications for the permissioned setting, while preserving liveness and safety even on transactions spanning across-channels. Our second contribution is to leverage channels as a confidentiality boundary, enabling different organizations and consortia to preserve their privacy within their channels and still be part of a bigger collaborative ecosystem. To make our system concrete we map it on top of Hyperledger Fabric

The Transaction Graph for Modeling Blockchain Semantics

The advent of Bitcoin paved the way for a plethora of blockchain systems supporting diverse applications beyond cryptocurrencies. Although in-depth studies of the protocols, security, and privacy of blockchains are available, there is no formal model of the transaction semantics that a blockchain is supposed to guarantee. In this work, we fill this gap, motivated by the observation that the semantics of transactions in blockchain systems can be captured by a directed acyclic graph. Such a transaction graph, or TDAG, generally consists of the states and the transactions as transitions between the states, together with conditions for the consistency and validity of transactions. We instantiate the TDAG model for three prominent blockchain systems: Bitcoin, Ethereum, and Hyperledger Fabric. We specify the states and transactions as well as the validity conditions of the TDAG for each one. This demonstrates the applicability of the model and formalizes the transaction-level semantics that these systems aim for

Privacy-preserving auditable token payments in a permissioned blockchain system

Token management systems were the first application of blockchain technology and are still the most widely used one. Early implementations such as Bitcoin or Ethereum provide virtually no privacy beyond basic pseudonymity: all transactions are written in plain to the blockchain, which makes them perfectly linkable and traceable. Several more recent blockchain systems, such as Monero or Zerocash, implement improved levels of privacy. Most of these systems target the permissionless setting, just like Bitcoin. Many practical scenarios, in contrast, require token systems to be permissioned, binding the tokens to user identities instead of pseudonymous addresses, and also requiring auditing functionality in order to satisfy regulation such as AML/KYC. We present a privacy-preserving token management system that is designed for permissioned blockchain systems and supports fine-grained auditing. The scheme is secure under computational assumptions in bilinear groups, in the random-oracle model

A first insight into the Marsili volcanic seamount (Tyrrhenian Sea, Italy): results from ORION-GEOSTAR3 experiment

The Marsili Seamount is the largest European underwater volcano. It is Plio-Pleistocenic in age, rising up to more than 3000m from the seafloor in the SE Tyrrhenian basin (Central Mediterranean), a back arc basin which began progressively opening 10 Ma ago (Kastens et al., 1988). The seamount lies in a key area for understanding the evolution of the Tyrrhenian region, characterized by high values of heat flow (Della Vedova et al., 2001) and low values of Moho isobaths (Locardi and Nicolich, 1988). In spite of the large dimensions of the Marsili seamount, we still have limited knowledge of its present activity. Ocean exploration is dependent on available technology and infrastructure, which started to develop strongly only after the 1980s. In fact, from its discovery in the 1920s, very little was known of the Marsili Seamount until the late 1990s when new techniques such as multibeam acoustic bathymetry were developed allowed to reveal at least the morphology. Some dedicated expeditions then obtained the first morpho-bathimetric map of the entire Tyrrhenian seafloor, based on multibeam swath-mapping together with seismic, gravimetric and magnetometric data (e.g. Marani and Gamberi, 2004). Although these data have greatly contributed to our understanding, the necessarily short measurement time limits the extent to which they reflect short- to medium-term geophysical processes in the Tyrrhenian basin. New technologies, such as multiparameter seafloor observatories, provide long-term continuous time-series in deep ocean waters, which are the basis for an original approach in ocean exploration. The observation of phenomena variability over time is key to understanding many Earth processes, among which we recall hydrothermal activity, active tectonics, and ecosystem life cycles. The development in Europe of multidisciplinary seafloor observatories has been pioneered under the EC Framework Programmes, specifically in the GEOSTAR projects (Beranzoli et al., 1988, 2000). From 2003 to 2005, long-term geophysical and oceanographic monitoring was conducted within the EC ORION-GEOSTAR3 project with two multiparameter observatories deployed on the seafloor 3320m below sea level (b.s.l.) in the vicinity of the Marsili Seamount. The two observatories were equipped with a set of sensors providing long-term continuous time-series of various physical measurements. The acquired time series are the longest continuous data record of the Marsili Basin available so far. This chaper intends to provide the main information on this experiment and present some results of the processing of the corresponding time-series, adding new valuable information on the still poorly explored activity of the volcano seamount. This chapter is organized as follows: The next section will provide the geological setting to understanding the importance of the Marsili Seamount and its basin; the ORION-GEOSTAR3 experiment is described in Section 24.3; some results from this unprecedented seismic, magnetic and gravimetric data analyses are shown in Section 24.4; and finally, in the last section we present our discussion with the main conclusions.Published623-6413A. Geofisica marina e osservazioni multiparametriche a fondo mar