260 research outputs found
Efficient Identity-Based Encryption Without Random Oracles
We present the first efficient Identity-Based Encryption
(IBE) scheme that is fully secure without random
oracles. We first present our IBE construction and reduce the
security of our scheme to the decisional Bilinear Diffie-Hellman
(BDH) problem. Additionally, we show that our techniques can be used
to build a new signature scheme that is secure under the
computational Diffie-Hellman assumption without random oracles
Short and Stateless Signatures from the RSA Assumption
We present the first signature scheme which is \u27\u27short\u27\u27, stateless and secure under the RSA assumption in the standard model. Prior short, standard model signatures in the RSA setting required either a strong complexity assumption such as Strong RSA or (recently) that the signer maintain state. A signature in our scheme is comprised of one element in ZN* and one integer. The public key is also short, requiring only the modulus N, one element of ZN*, one integer, one PRF seed and some short chameleon hash parameters.
To design our signature, we employ the known generic construction of fully-secure signatures from weakly-secure signatures and a chameleon hash. We then introduce a new proof technique for reasoning about weakly-secure signatures. This technique enables the simulator to predict a prefix of the message on which the adversary will forge and to use knowledge of this prefix to embed the challenge. This technique has wider applications beyond RSA.
We also use it to provide an entirely new analysis of the security of the Waters signatures: the only short, stateless signatures known to be secure under the Computational Diffie-Hellman assumption in the standard model
How to Sample a Discrete Gaussian (and more) from a Random Oracle
The random oracle methodology is central to the design of many practical
cryptosystems. A common challenge faced in several systems is the need to have
a random oracle that outputs from a structured distribution , even though most
heuristic implementations such as SHA-3 are best suited for outputting bitstrings.
Our work explores the problem of sampling from discrete Gaussian (and related) distributions in a manner that they can be programmed into random oracles. We make the following contributions:
-We provide a definitional framework for our results. We say that a sampling algorithm for a distribution is explainable if there exists an algorithm where, for a in the domain, we have that such that . Moreover, if is sampled from the explained distribution is statistically close to choosing uniformly at random. We consider a variant of this definition that allows the statistical closeness to be a precision parameter\u27\u27 given to the algorithm. We show that sampling algorithms which satisfy our `explainability\u27 property can be programmed as a random oracle.
-We provide a simple algorithm for explaining \emph{any} sampling algorithm that works over distributions with polynomial sized ranges. This includes discrete Gaussians with small standard deviations.
-We show how to transform a (not necessarily explainable) sampling algorithm for a distribution into a new that is explainable. The requirements for doing this is that (1) the probability density function is efficiently computable (2) it is possible to efficiently uniformly sample from all elements that have a probability density above a given threshold , showing the equivalence of random oracles to these distributions and random oracles to uniform bitstrings. This includes a large class of distributions, including all discrete Gaussians.
-A potential drawback of the previous approach is that the transformation requires an additional computation of the density function. We provide a more customized approach that shows the Miccancio-Walter discrete Gaussian sampler is explainable as is. This suggests that other discrete Gaussian samplers in a similar vein might also be explainable as is
Decentralizing Attribute-Based Encryption
We propose a Multi-Authority Attribute-Based Encryption (ABE) system.
In our system, any party can become an authority and there is no
requirement for any global coordination other than the creation of an
initial set of common reference parameters. A party can simply act as
an ABE authority by creating a public key and issuing private keys to
different users that reflect their attributes. A user can encrypt
data in terms of any boolean formula over attributes issued from any
chosen set of authorities. Finally, our system does not require any
central authority.
In constructing our system, our largest technical hurdle is to make it collusion resistant. Prior Attribute-Based Encryption systems achieved collusion resistance when the ABE system authority ``tied\u27\u27 together different components (representing different attributes) of a user\u27s private key by randomizing the key. However, in our system each component will come from a potentially different authority, where we assume no coordination between such authorities. We create new techniques to tie key components together and prevent collusion attacks between users with different global identifiers.
We prove our system secure using the recent dual system encryption
methodology where the security proof works by first converting the
challenge ciphertexts and private keys to a semi-functional form and
then arguing security. We follow a recent variant of the dual system
proof technique due to Lewko and Waters and build our system using
bilinear groups of composite order. We prove security under similar
static assumptions to the LW paper in the random oracle model
Realizing Chosen Ciphertext Security Generically in Attribute-Based Encryption and Predicate Encryption
We provide generic and black box transformations from any chosen plaintext secure Attribute-Based Encryption (ABE) or One-sided Predicate Encryption system into a chosen ciphertext secure system.
Our transformation requires only the IND-CPA security of the original ABE scheme coupled with a pseudorandom generator (PRG) with a special security property.
In particular, we consider a PRG with an bit input and bit output where each is an bit string. Then for a randomly chosen the following two distributions should be computationally indistinguishable. In the first distribution and is chosen randomly for .
In the second distribution all are chosen randomly for
New Constructions and Proof Methods for Large Universe Attribute-Based Encryption
We propose two large universe Attribute-Based Encryption constructions. In a large universe ABE construction any string can be used as an attribute and attributes need not be enumerated at system setup. Our first construction establishes a novel large universe Ciphertext-Policy ABE scheme on prime order bilinear groups, while the second achieves
a significant efficiency improvement over the large universe Key-Policy ABE systems of Lewko-Waters and Lewko. Both schemes are selectively secure in the standard model under two q-type assumptions similar to ones used in prior works. Our work brings back program and cancel techniques to this problem.
We provide implementations and benchmarks of our constructions
in Charm; a programming environment for rapid prototyping of cryptographic primitives
Universal Amplification of KDM Security: From 1-Key Circular to Multi-Key KDM
An encryption scheme is Key Dependent Message (KDM) secure if it is safe to encrypt messages that can arbitrarily depend on the secret keys themselves. In this work, we show how to upgrade essentially the weakest form of KDM security into the strongest one. In particular, we assume the existence of a symmetric-key bit-encryption that is circular-secure in the -key setting, meaning that it maintains security even if one can encrypt individual bits of a single secret key under itself. We also rely on a standard CPA-secure public-key encryption. We construct a public-key encryption scheme that is KDM secure for general functions (of a-priori bounded circuit size) in the multi-key setting, meaning that it maintains security even if one can encrypt arbitrary functions of arbitrarily many secret keys under each of the public keys. As a special case, the latter guarantees security in the presence of arbitrary length key cycles. Prior work already showed how to amplify -key circular to -key KDM security for general functions. Therefore, the main novelty of our work is to upgrade from -key to -key security for arbitrary .
As an independently interesting feature of our result, our construction does not need to know the actual specification of the underlying 1-key circular secure scheme, and we only rely on the existence of some such scheme in the proof of security. In particular, we present a universal construction of a multi-key KDM-secure encryption that is secure as long as some 1-key circular-secure scheme exists. While this feature is similar in spirit to Levin\u27s universal construction of one-way functions, the way we achieve it is quite different technically, and does not come with the same ``galactic inefficiency\u27\u27
Circular Security Separations for Arbitrary Length Cycles from LWE
We describe a public key encryption that is IND-CPA secure under the Learning with Errors (LWE) assumption, but that is not circular secure for arbitrary length cycles. Previous separation results for cycle length greater than 2 require the use of indistinguishability obfuscation, which is not currently realizable under standard assumptions
Constructing VeriïŹable Random Functions with Large Input Spaces
We present a family of verifiable random functions which are provably secure for exponentially-large input spaces under a non-interactive complexity assumption. Prior constructions required either an interactive complexity assumption or one that could tolerate a factor 2^n security loss for n-bit inputs. Our construction is practical and inspired by the pseudorandom functions of Naor and Reingold and the verifiable random functions of Lysyanskaya. Set in a bilinear group, where the Decisional Diffie-Hellman problem is easy to solve, we require the Decisional Diffie-Hellman Exponent assumption in the standard model, without a common reference string. Our core idea is to apply a simulation technique where the large space of VRF inputs is collapsed into a small (polynomial-size) input in the view of the reduction algorithm. This view, however, is information-theoretically hidden from the attacker. Since the input space is exponentially large, we can first apply a collision-resistant hash function to handle arbitrarily-large inputs
The Internal Extinction Curve of NGC 6302 and its Extraordinary Spectrum
In this paper we present a new method for obtaining the optical
wavelength-dependent reddening function of planetary nebulae, using the nebular
and stellar continuum. The data used was a spectrum of NGC 6302 obtained with a
mean signal to noise of >10^2 A^-1 in the nebular continuum. With such a high
S/N the continuum can be accurately compared with a theoretical model nebular
plus stellar continuum. The nebular electron temperature and density used in
the model are determined using ratios of prominent emission lines. The
reddening function can then be obtained from the ratio of the theoretical and
the observed continuum. We find that for NGC 6302, the visible to IR extinction
law is indistinguishable from `standard' interstellar reddening, but that the
UV extinction curve is much steeper than normal, suggesting that more small
dust grains had been ejected into the nebula by the PN central star. Finally,
using the extinction law that we have determined, we present a complete
de--reddened line list of nearly 600 emission lines, and report on the
detection of the He(2-10) and He(2-8) Raman Features at 4331 A and 4852 A, and
the detection of Raman-Scattered OVI features at 6830 and 7087 AA.Comment: 32 pages, 7 figures, to appear in PASA 2002, 1
- âŠ