An Efficient Adaptive-Deniable-Concurrent Non-malleable Commitment Scheme

It is known that composable secure commitments, that is, concurrent non-malleable commitments exist in the plain model, based only on standard assumptions such as the existence of claw-free permutations or even one-way functions. Since being based on the plain model, the deniability of them is trivially satisfied, and especially the latter scheme satisfies also adaptivity, hence it is adaptive-deniable-concurrent non-malleable. However, those schemes cannot be said to be practically efficient. We show a practically efficient (string) adaptive-deniable-concurrent commitment scheme is possible under a global setup model, called global CRS-KR model

A constant-round resettably-sound resettable zero-knowledge argument in the BPK model

In resetting attacks against a proof system, a prover or a verifier is reset and enforced to use the same random tape on various inputs as many times as an adversary may want. Recent deployment of cloud computing gives these attacks a new importance. This paper shows that argument systems for any NP language that are both resettably-sound and resettable zero-knowledge are possible by a constant-round protocol in the BPK model. For that sake, we define and construct a resettably-extractable {\em conditional} commitment scheme

Witness-Indistinguishable Arguments with Σ\Sigma-Protocols for Bundled Witness Spaces and its Application to Global Identities

We propose a generic construction of a $\Sigma$-protocol of commit-and-prove type, which is an AND-composition of $\Sigma$-protocols on statements that include a common commitment. Our protocol enables a prover to convince a verifier that the prover knows a bundle of witnesses that have a common component which we call a base witness point. When the component $\Sigma$-protocols are of witness-indistinguishable argument systems, our $\Sigma$-protocol is also a witness-indistinguishable argument system as a whole. As an application, we propose a decentralized multi-authority anonymous authentication scheme. We first give a syntax and security definitions of the scheme. Then we give a generic construction of the scheme. There a witness is a bundle of witnesses each of which decomposes into a common global identity string and a digital signature on it. We mention an instantiation in the setting of bilinear groups

Fully Homomorphic Encryption for Point Numbers

In this paper, based on the FV scheme, we construct a first fully homomorphic encryption scheme FHE4FX that can homomorphically compute addition and/or multiplication of encrypted fixed point numbers without knowing the secret key. Then, we show that in the FHE4FX scheme one can efficiently and homomorphically compare magnitude of two encrypted numbers. That is, one can compute an encryption of the greater-than bit that represents whether or not $x > x\u27$ given two ciphertexts $c$ and $c\u27$ (of $x$ and $x\u27$, respectively) without knowing the secret key. Finally we show that these properties of the FHE4FX scheme enables us to construct a fully homomorphic encryption scheme FHE4FL that can homomorphically compute addition and/or multiplication of encrypted floating point numbers

Subring Homomorphic Encryption

In this paper, we construct {\em subring homomorphic encryption} scheme that is a homomorphic encryption scheme build on the decomposition ring, which is a subring of cyclotomic ring. In the scheme, each plaintext slot contains an integer in $\mathbb{Z}_{p^l}$, rather than an element of $\mathrm{GF}(p^d)$ as in conventional homomorphic encryption schemes on cyclotomic rings. Our benchmark results indicate that the subring homomorphic encryption scheme is several times faster than HElib {\em for mod-$p^l$ plaintexts}, due to its high parallelism of mod-$p^l$ slot structure. We believe in that the plaintext structure composed of mod-$p^l$ slots will be more natural, easy to handle, and significantly more efficient for many applications such as outsourced data mining

Proofs of Knowledge on Monotone Predicates and its Application to Attribute-Based Identifications and Signatures

We propose a concrete procedure of the $\Sigma$-protocol introduced by Cramer, Damgård and Schoenmakers at CRYPTO \u2794, which is for proving knowledge that a set of witnesses satisfies a monotone predicate in witness-indistinguishable way; that is, hiding the assignment of truth in the predicate. We provide a detailed procedure by extending the so-called OR-proof

Short CCA-Secure Attribute-Based Encryption

Chosen-ciphertext attacks (CCA) are typical threat on public-key encryption schemes. We show direct chosen-ciphertext security modification in the case of attribute-based encryption (ABE), where an ABE scheme secure against chosen-plaintext attacks (CPA) is converted into an ABE scheme secure against CCA by individual techniques. Our modification works in the setting that the Diffie-Hellman tuple to be verified in decryption is in the target group of a bilinear map. The employed techniques result in expansion of the secret-key length and the decryption cost by a factor of four, while the public-key and the ciphertext lengths and the encryption cost remain almost the same