Generalized closest substring encryption

We propose a new cryptographic notion called generalized closest substring encryption. In this notion, a ciphertext encrypted with a string S can be decrypted with a private key of another string S′, if there exist a substring of S, i.e. S^, and a substring of S′, i.e. S^′, that are close to each other measured by their overlap distance . The overlap distance between S^ and S^′ is the number of identical positions at which the corresponding symbols are the same. In comparison with other encryption systems, the closest notion is the Fuzzy-IBE proposed by Sahai and Waters. The main difference is that the Fuzzy-IBE measures the overlap distance between S and S′, while ours measures the overlap distance of all of their substrings (including the complete string), and we take the maximum value among those. The overlap distance between their substrings will measure the similarity of S and S′ more precisely compared to the overlap distance between the two complete strings. We note that embedding this overlap distance in an encryption is a challenging task, in particular in order to achieve a practical scheme. Therefore, we invent a new approach to develop a practical generalized closest substring encryption system. The novelty of our approach relies on the way we generate ciphertext and private key representing the complete string so that they can still measure the overlap distance of substrings. The size of ciphertext and private key grow linearly only in the length of the input string. We prove the security in the selective model under a generalization of decision q-Bilinear Diffie-Hellman Exponent assumption

Ciphertext-policy attribute based encryption supporting access policy update

Attribute-based encryption (ABE) allows one-to-many encryption with static access control. In many occasions, the access control policy must be updated and the original encryptor might be required to re-encrypt the message, which is impractical, since the encryptor might be unavailable. Unfortunately, to date the work in ABE does not consider this issue yet, and hence this hinders the adoption of ABE in practice. In this work, we consider how to efficiently update access policies in Ciphertext-policy Attribute-based Encryption (CP-ABE) systems without re-encryption. We introduce a new notion of CP-ABE supporting access policy update that captures the functionalities of attribute addition and revocation to access policies. We formalize the security requirements for this notion, and subsequently construct two provably secure CP-ABE schemes supporting AND-gate access policy with constant-size ciphertext for user decryption. The security of our schemes are proved under the Augmented Multi-sequences of Exponents Decisional Diffie-Hellman assumption

Privacy-Preserving Mutual Authentication in RFID with Designated Readers

We study privacy-preserving mutual authentication in radio-frequency identification systems with designated readers (PP-MADR in short). In PP-MADR, each tag has its designated-reader group instead of all readers, and only tags and their designated readers can authenticate each other. Other readers and adversaries cannot trace tags or know their designated readers. The most challenging task of constructing such a PP-MADR protocol is the verification of reader designation without compromising tag privacy. We found that traditional solutions are impractical due to linear storage growth on tags, linear computation growth on tags, or requiring new key generations for designated readers. In this paper, we show how to construct such an efficient PP-MADR protocol. In our protocol, each tag stores constant-size secret state and performs constant-time computation for mutual authentication. When a tag is created, the server does not generate new private keys for designated readers. Our protocol captures the strong privacy property, where tags cannot be traced and designated readers cannot be distinguished, even if tags are corrupted by adversaries

Constant-size ciphertexts in threshold attribute-based encryption without dummy attributes

Attribute-based encryption (ABE) is an augmentation of public key encryption that allows users to encrypt and decrypt messages based on users’ attributes. In a ( t, s ) threshold ABE, users who can decrypt a ciphertext must hold at least t attributes among the s attributes specified by the encryptor. At PKC 2010, Herranz, Laguillaumie and Ràfols proposed the first threshold ABE with constant-size ciphertexts. In order to ensure the encryptor can flexibly select the attribute set and a threshold value, they use dummy attributes to satisfy the decryption requirement. The advantage of their scheme is that any addition or removal of the attributes will not require any change to users’ private keys or public parameters. Unfortunately, the need for dummy attributes makes their scheme inefficient, since the computational cost of encryption is linear to the size of selected attribute set and dummy attribute set. In this work, we improve Herranz et al.’s work, and propose a new threshold ABE scheme which does not use any dummy attribute . Our scheme not only retains the nice feature of Herranz et al.’s scheme, but also offers two improvements in comparison to the previous work. Firstly, the computational costs of encryption and decryption are only linear in the size of the selected attribute set. Secondly, without any dummy attribute, most of the computations can be conducted without the knowledge of the threshold t . Hence, threshold change in the encryption phase does not require complete recomputation of the ciphertext

Improved identity-based online/offline encryption

The notion of online/offline encryption was put forth by Guo, Mu and Chen (FC 2008), where they proposed an identity-based scheme called identity-based online/offline encryption (IBOOE). An online/ offline encryption separates an encryption into two stages: offline and online. The offline phase carries much more computational load than the online phase, where the offline phase does not require the information of the message to be encrypted and the identity of the receiver. Subsequently, many applications of IBOOE have been proposed in the literature. As an example, Hobenberger and Waters (PKC 2014) have recently applied it to attribute-based encryption. In this paper, we move one step further and explore a much more efficient variant.We propose an efficient semi-generic transformation to obtain an online/offline encryption from a tradition identity-based encryption (IBE). Our transformation provides a new method to separate the computation of receiver’s identity into offline and online phases. The IBOOE schemes using our transformation saves one group element in both offline and online phases compared to other IBOOE schemes in identity computing. The transformed scheme still maintains the same level of security as in the original IBE scheme

MQA: Answering the Question via Robotic Manipulation

In this paper, we propose a novel task -- Manipulation Question Answering (MQA), where the robot is required to find the answer to the question by actively exploring the environment via manipulation. A framework consisting of a QA model and a manipulation model is proposed to solve this problem. For the QA model, we adopt the method of Visual Question Answering (VQA). For the manipulation model, a Deep Q Network (DQN) model is proposed to generate manipulations. By manipulating objects, the robot can continuously explore the bin until the answer to the question is found. Besides, a novel dataset for simulation that contains a variety of object models, complicated scenarios and corresponding question-answer pairs is established. Extensive experiments have been conducted to validate the effectiveness of the proposed framework

A Lightweight Privacy-Preserving Fair Meeting Location Determination Scheme

Equipped with mobile devices, people relied on location-based services can expediently and reasonably organize their activities. But location information may disclose people\u27s sensitive information, such as interests, health status. Besides, the limited resources of mobile devices restrict the further development of location-based services. In this paper, aiming at the fair meeting position determination service, we design a lightweight privacy-preserving solution. In our scheme, mobile users only need to submit service requests. A cloud server and a location services provider are responsible for service response, where the cloud server achieves most of the calculation, and the location services provider determines the fair meeting location based on the computational results of the cloud server and broadcasts it to mobile users. The proposed scheme adopts homomorphic encryptions and random permutation methods to preserve the location privacy of mobile users. The security analyses show that the proposed scheme is privacy-preserving under our defined threat models. Besides, the presented solution only needs to calculate n Euclidean distances, and hence, our scheme has linear computation and communication complexity

Privacy-preserving authorised RFID authentication protocols

Radio Frequency Identification (RFID) has been widely adopted for object identification. An RFID system comprises three essential components, namely RFID tags, readers and a backend server. Conventionally, the system is considered to be controlled by a single party who maintains all the secret information. However, in some practical scenarios, RFID tags, readers and servers could be operated by different parties. Although the private information should not be shared, the system should allow a valid tag to be authenticated by a legal reader. The challenge in designing the system is preserving the tag and reader\u27s privacy. In this paper, we propose a novel concept of authorized RFID authentication. The proposed protocols allow the tag to be merely identifiable by an authorized reader and the server cannot reveal the tag during the reader-server interaction. We provide a formal definition of privacy and security models of authorized authentication protocols under the strong and weak notions and propose three provably secure protocol

Efficient Construction for Full Black-Box Accountable Authority Identity-Based Encryption

Accountable authority identity-based encryption (A-IBE), as an attractive way to guarantee the user privacy security, enables a malicious private key generator (PKG) to be traced if it generates and re-distributes a user private key. Particularly, an A-IBE scheme achieves full black-box security if it can further trace a decoder box and is secure against a malicious PKG who can access the user decryption results. In PKC\u2711, Sahai and Seyalioglu presented a generic construction for full black-box A-IBE from a primitive called dummy identity-based encryption, which is a hybrid between IBE and attribute-based encryption (ABE). However, as the complexity of ABE, their construction is inefficient and the size of private keys and ciphertexts in their instantiation is linear in the length of user identity. In this paper, we present a new efficient generic construction for full black-box A-IBE from a new primitive called token-based identity-based encryption (TB-IBE), without using ABE. We first formalize the definition and security model for TB-IBE. Subsequently, we show that a TB-IBE scheme satisfying some properties can be converted to a full black-box A-IBE scheme, which is as efficient as the underlying TB-IBE scheme in terms of computational complexity and parameter sizes. Finally, we give an instantiation with the computational complexity as O(1) and the constant size master key pair, private keys, and ciphertexts