IEEE Draft P Identity Based Public Key Cryptography Based On Pairings. Daniel Schliebner. 14. Dezember 2009


 Roger Warner
 2 years ago
 Views:
Transcription
1 Identity Based Public Key Cryptography Based On Pairings 14. Dezember 2009
2 Gliederung Introduction Identity Based Encryption The Protocol Security Of The Protocol Discussion
3 About The Headline Identity Based Public Key Cryptography Is a type of publickey cryptography. Difference: the publickey is some unique information ID about the identity of a user. Proposed by Adi Shamir for the first time in 1984 (see [ASha84] page 47 53). Paring: mapping between groups (correct definition later). Used for: encryption (IBE), key encapsulation, signatures (and combinations).
4 About The Headline Identity Based Public Key Cryptography Is a type of publickey cryptography. Difference: the publickey is some unique information ID about the identity of a user. Proposed by Adi Shamir for the first time in 1984 (see [ASha84] page 47 53). Paring: mapping between groups (correct definition later). Used for: encryption (IBE), key encapsulation, signatures (and combinations).
5 About The Headline Identity Based Public Key Cryptography Is a type of publickey cryptography. Difference: the publickey is some unique information ID about the identity of a user. Proposed by Adi Shamir for the first time in 1984 (see [ASha84] page 47 53). Paring: mapping between groups (correct definition later). Used for: encryption (IBE), key encapsulation, signatures (and combinations).
6 About The Headline Identity Based Public Key Cryptography Is a type of publickey cryptography. Difference: the publickey is some unique information ID about the identity of a user. Proposed by Adi Shamir for the first time in 1984 (see [ASha84] page 47 53). Paring: mapping between groups (correct definition later). Used for: encryption (IBE), key encapsulation, signatures (and combinations).
7 About The Headline Identity Based Public Key Cryptography Is a type of publickey cryptography. Difference: the publickey is some unique information ID about the identity of a user. Proposed by Adi Shamir for the first time in 1984 (see [ASha84] page 47 53). Paring: mapping between groups (correct definition later). Used for: encryption (IBE), key encapsulation, signatures (and combinations).
8 About The Paper IEEE: Institute of Electrical and Electronics Engineers. P1363: Standardization project for publickey cryptography..3: Specifications for identitybased publickey cryptography using pairings. Chair of working group (as of Oct. 08): William Whyte (NTRU Cryptosystems Inc).
9 About The Paper IEEE: Institute of Electrical and Electronics Engineers. P1363: Standardization project for publickey cryptography..3: Specifications for identitybased publickey cryptography using pairings. Chair of working group (as of Oct. 08): William Whyte (NTRU Cryptosystems Inc).
10 About The Paper IEEE: Institute of Electrical and Electronics Engineers. P1363: Standardization project for publickey cryptography..3: Specifications for identitybased publickey cryptography using pairings. Chair of working group (as of Oct. 08): William Whyte (NTRU Cryptosystems Inc).
11 About The Paper IEEE: Institute of Electrical and Electronics Engineers. P1363: Standardization project for publickey cryptography..3: Specifications for identitybased publickey cryptography using pairings. Chair of working group (as of Oct. 08): William Whyte (NTRU Cryptosystems Inc).
12 Pairing: a mathematical formalism Definition Let (G 1, +), (G 2, +), (G 3, ) be groups of prime order p N. A pairing is a Z p bilinear map e : G 1 G 2 G 3 between Z p modules for which the following holds: 1. e is nondegenerated (i. e. P 0 G1 G 1, Q 0 G2 G 2 : e(p, Q) 1 G3 ). 2. e is computable in an efficient manner.
13 Now: IDbased cryptography using the example of IDbased encryption.
14 Identity Based Encryption (IBE) The Participants Participants are: Sender A (want s to send message m). Receiver B (has an identification ID, e. g. A Trusted Third Party the Private Key Generator (PKG).
15 Identity Based Encryption (IBE) The Participants Participants are: Sender A (want s to send message m). Receiver B (has an identification ID, e. g. A Trusted Third Party the Private Key Generator (PKG).
16 Identity Based Encryption (IBE) The Participants Participants are: Sender A (want s to send message m). Receiver B (has an identification ID, e. g. A Trusted Third Party the Private Key Generator (PKG).
17 Identity Based Encryption (IBE) The Algorithms Of An IBEProtocol Algorithms of an IBEProtocol are: Setup: run by the PKG. Returns: P a set of public parameters. s the master key (or secret server key). Extract(P, s, ID): run by the PKG (when B requests his private key). Returns: KID the private key corresponding to ID. Encrypt(P, ID, m): run by A. Returns: c the encrypted plaintext m. Decrypt(P, ID, c): run by B. Returns: m the decrypted ciphertext c.
18 Identity Based Encryption (IBE) The Algorithms Of An IBEProtocol Algorithms of an IBEProtocol are: Setup: run by the PKG. Returns: P a set of public parameters. s the master key (or secret server key). Extract(P, s, ID): run by the PKG (when B requests his private key). Returns: KID the private key corresponding to ID. Encrypt(P, ID, m): run by A. Returns: c the encrypted plaintext m. Decrypt(P, ID, c): run by B. Returns: m the decrypted ciphertext c.
19 Identity Based Encryption (IBE) The Algorithms Of An IBEProtocol Algorithms of an IBEProtocol are: Setup: run by the PKG. Returns: P a set of public parameters. s the master key (or secret server key). Extract(P, s, ID): run by the PKG (when B requests his private key). Returns: KID the private key corresponding to ID. Encrypt(P, ID, m): run by A. Returns: c the encrypted plaintext m. Decrypt(P, ID, c): run by B. Returns: m the decrypted ciphertext c.
20 Identity Based Encryption (IBE) The Algorithms Of An IBEProtocol Algorithms of an IBEProtocol are: Setup: run by the PKG. Returns: P a set of public parameters. s the master key (or secret server key). Extract(P, s, ID): run by the PKG (when B requests his private key). Returns: KID the private key corresponding to ID. Encrypt(P, ID, m): run by A. Returns: c the encrypted plaintext m. Decrypt(P, ID, c): run by B. Returns: m the decrypted ciphertext c.
21 Identity Based Encryption (IBE) The Algorithms Of An IBEProtocol (cont.) Summarization: PKG runs Setup() (P, s). PKG runs Extract(P, s, ID) K ID. A runs Encrypt(P, ID, m) c. B runs Decrypt(P, ID, c) m.
22 Identity Based Encryption (IBE) Primitives Primitives: contain basic mathematical operations (building blocks for an IBEprotocol). Generation: used to extract a private key at a PKG. Verification: verification of K ID by receiver B. Encrypt and Decrypt: used inside corresponding algorithms.
23 Identity Based Encryption (IBE) Primitives Primitives: contain basic mathematical operations (building blocks for an IBEprotocol). Generation: used to extract a private key at a PKG. Verification: verification of K ID by receiver B. Encrypt and Decrypt: used inside corresponding algorithms.
24 Identity Based Encryption (IBE) Primitives Primitives: contain basic mathematical operations (building blocks for an IBEprotocol). Generation: used to extract a private key at a PKG. Verification: verification of K ID by receiver B. Encrypt and Decrypt: used inside corresponding algorithms.
25 Identity Based Encryption (IBE) Primitives Primitives: contain basic mathematical operations (building blocks for an IBEprotocol). Generation: used to extract a private key at a PKG. Verification: verification of K ID by receiver B. Encrypt and Decrypt: used inside corresponding algorithms.
26 The Protocol Gliederung Introduction Identity Based Encryption The Protocol Security Of The Protocol Discussion
27 The Protocol By Dan Boneh and Xavier Boyen. Security bases on BilinearDiffieHellman (BDH) Problem. As formulated in the previous section, the protocol consists of four algorithms: Setup, Extract, Encrypt and Decrypt. To this end, let G 1, G 2, G 3 be groups of prime order p N and e : G 1 G 2 G 3 a pairing. Let ID {0, 1} and plaintext m {0, 1} n.
28 The Protocol By Dan Boneh and Xavier Boyen. Security bases on BilinearDiffieHellman (BDH) Problem. As formulated in the previous section, the protocol consists of four algorithms: Setup, Extract, Encrypt and Decrypt. To this end, let G 1, G 2, G 3 be groups of prime order p N and e : G 1 G 2 G 3 a pairing. Let ID {0, 1} and plaintext m {0, 1} n.
29 The Protocol By Dan Boneh and Xavier Boyen. Security bases on BilinearDiffieHellman (BDH) Problem. As formulated in the previous section, the protocol consists of four algorithms: Setup, Extract, Encrypt and Decrypt. To this end, let G 1, G 2, G 3 be groups of prime order p N and e : G 1 G 2 G 3 a pairing. Let ID {0, 1} and plaintext m {0, 1} n.
30 The Protocol By Dan Boneh and Xavier Boyen. Security bases on BilinearDiffieHellman (BDH) Problem. As formulated in the previous section, the protocol consists of four algorithms: Setup, Extract, Encrypt and Decrypt. To this end, let G 1, G 2, G 3 be groups of prime order p N and e : G 1 G 2 G 3 a pairing. Let ID {0, 1} and plaintext m {0, 1} n.
31 The Protocol By Dan Boneh and Xavier Boyen. Security bases on BilinearDiffieHellman (BDH) Problem. As formulated in the previous section, the protocol consists of four algorithms: Setup, Extract, Encrypt and Decrypt. To this end, let G 1, G 2, G 3 be groups of prime order p N and e : G 1 G 2 G 3 a pairing. Let ID {0, 1} and plaintext m {0, 1} n.
32 The Protocol Setup PKG chooses a master key s := (s 1, s 2, s 3 ) R Z p Z p Z p. PKG generates public parameter P := (Q 1, Q 2, R, T, V, G 1, G 2, e), where Qi is a generator of G i, i = 1, 2, i. e. Q i = G i, R := s1 Q 1, T := s 3 Q 1, V := e(r, s 2 Q 2 ).
33 The Protocol Setup PKG chooses a master key s := (s 1, s 2, s 3 ) R Z p Z p Z p. PKG generates public parameter P := (Q 1, Q 2, R, T, V, G 1, G 2, e), where Qi is a generator of G i, i = 1, 2, i. e. Q i = G i, R := s1 Q 1, T := s 3 Q 1, V := e(r, s 2 Q 2 ).
34 The Protocol The primitives (knowing P and s) Generation: PBB1G(M) r 0 R Z p. i := s 1 s 2 + r 0 (s 1 M + s 3 ). return (iq 2, r 0 Q 2 ). Encryption: PBB1E(r) E 0 := rq 1. E 1 := (rm)r + rt. B := V r. return (E 0, E 1, B). Decryption: PBB1D(E 0, E 1, (K 0,M, K 1,M )) return e(e 0, K 0,M ) e(e 1, K 1,M ) 1.
35 The Protocol The primitives (knowing P and s) Generation: PBB1G(M) r 0 R Z p. i := s 1 s 2 + r 0 (s 1 M + s 3 ). return (iq 2, r 0 Q 2 ). Encryption: PBB1E(r) E 0 := rq 1. E 1 := (rm)r + rt. B := V r. return (E 0, E 1, B). Decryption: PBB1D(E 0, E 1, (K 0,M, K 1,M )) return e(e 0, K 0,M ) e(e 1, K 1,M ) 1.
36 The Protocol The primitives (knowing P and s) Generation: PBB1G(M) r 0 R Z p. i := s 1 s 2 + r 0 (s 1 M + s 3 ). return (iq 2, r 0 Q 2 ). Encryption: PBB1E(r) E 0 := rq 1. E 1 := (rm)r + rt. B := V r. return (E 0, E 1, B). Decryption: PBB1D(E 0, E 1, (K 0,M, K 1,M )) return e(e 0, K 0,M ) e(e 1, K 1,M ) 1.
37 The Protocol There are three algorithms left. Using the three primitives PBB1G, PBB1E, PBB1D we can now formulate them. Therefore: consider three Hashfunctions H 1 : {0, 1} Z p H 2 : G 3 {0, 1} n H 3 : G 3 {0, 1} n G 1 G 1 Z p
38 The Protocol There are three algorithms left. Using the three primitives PBB1G, PBB1E, PBB1D we can now formulate them. Therefore: consider three Hashfunctions H 1 : {0, 1} Z p H 2 : G 3 {0, 1} n H 3 : G 3 {0, 1} n G 1 G 1 Z p
39 The Protocol There are three algorithms left. Using the three primitives PBB1G, PBB1E, PBB1D we can now formulate them. Therefore: consider three Hashfunctions H 1 : {0, 1} Z p H 2 : G 3 {0, 1} n H 3 : G 3 {0, 1} n G 1 G 1 Z p
40 The Protocol Extract M := H 1 (ID). K ID := (K 0,M, K 1,M ) PBB1G(M). K ID is the private key for the receiver.
41 The Protocol Extract M := H 1 (ID). K ID := (K 0,M, K 1,M ) PBB1G(M). K ID is the private key for the receiver.
42 The Protocol Encrypt r R Z p. (B, E 0, E 1 ) PBB1E(r). Y := H 2 (B) m. t := r + H 3 (B, Y, E 0, E 1 ). c := (Y, E 0, E 1, t). c is the ciphertext. B is called blinding factor.
43 The Protocol Encrypt r R Z p. (B, E 0, E 1 ) PBB1E(r). Y := H 2 (B) m. t := r + H 3 (B, Y, E 0, E 1 ). c := (Y, E 0, E 1, t). c is the ciphertext. B is called blinding factor.
44 The Protocol Encrypt r R Z p. (B, E 0, E 1 ) PBB1E(r). Y := H 2 (B) m. t := r + H 3 (B, Y, E 0, E 1 ). c := (Y, E 0, E 1, t). c is the ciphertext. B is called blinding factor.
45 The Protocol Encrypt r R Z p. (B, E 0, E 1 ) PBB1E(r). Y := H 2 (B) m. t := r + H 3 (B, Y, E 0, E 1 ). c := (Y, E 0, E 1, t). c is the ciphertext. B is called blinding factor.
46 The Protocol Encrypt r R Z p. (B, E 0, E 1 ) PBB1E(r). Y := H 2 (B) m. t := r + H 3 (B, Y, E 0, E 1 ). c := (Y, E 0, E 1, t). c is the ciphertext. B is called blinding factor.
47 The Protocol Decrypt B PBB1D(E 0, E 1, K ID ). r := t H 3 (B, Y, E 0, E 1 ). if (B == V r and E 0 == rq 1 ) then exit with error. m := Y H 2 (B). m is the plaintext.
48 The Protocol Decrypt B PBB1D(E 0, E 1, K ID ). r := t H 3 (B, Y, E 0, E 1 ). if (B == V r and E 0 == rq 1 ) then exit with error. m := Y H 2 (B). m is the plaintext.
49 The Protocol Decrypt B PBB1D(E 0, E 1, K ID ). r := t H 3 (B, Y, E 0, E 1 ). if (B == V r and E 0 == rq 1 ) then exit with error. m := Y H 2 (B). m is the plaintext.
50 The Protocol Decrypt B PBB1D(E 0, E 1, K ID ). r := t H 3 (B, Y, E 0, E 1 ). if (B == V r and E 0 == rq 1 ) then exit with error. m := Y H 2 (B). m is the plaintext.
51 Security Of The Protocol Gliederung Introduction Identity Based Encryption The Protocol Security Of The Protocol Discussion
52 Security Of The Protocol Security Definition Let e : G 1 G 2 G 3 be a pairing and P G 1, Q G 2. The BilinearDiffieHellman (BDH) Assumption says, that if P, Q, ap, bp, aq, cq for a, b, c Z p are given, then it is hard to compute e(p, Q) abc.
53 Security Of The Protocol Security (cont.) The security depends on Hashfunctions H 1, H 2, H 3. The secure channel between the receiver and the PKG. The BDH Assumption (at which point?).
54 Security Of The Protocol Security (cont.) The security depends on Hashfunctions H 1, H 2, H 3. The secure channel between the receiver and the PKG. The BDH Assumption (at which point?).
55 Security Of The Protocol Security (cont.) The security depends on Hashfunctions H 1, H 2, H 3. The secure channel between the receiver and the PKG. The BDH Assumption (at which point?).
56 Security Of The Protocol Security (cont.) Definition Let q Z p. Then the q BilinearDiffieHellmanInverse (qbdhi) Assumption says, that if (P, ap, a 2 P,..., a q P, Q, aq,..., a q Q) are given, it is hard to compute (e(p, Q) a ) 1. Definition We say, that the (t, q, ε) BDHI Assumption holds, if no t time algorithm A has advantage ε (i. e. P (A(P,..., a q P, Q,..., a q Q)) ε) in solving the qbdhi problem.
57 Security Of The Protocol Security (cont.) Definition Let q Z p. Then the q BilinearDiffieHellmanInverse (qbdhi) Assumption says, that if (P, ap, a 2 P,..., a q P, Q, aq,..., a q Q) are given, it is hard to compute (e(p, Q) a ) 1. Definition We say, that the (t, q, ε) BDHI Assumption holds, if no t time algorithm A has advantage ε (i. e. P (A(P,..., a q P, Q,..., a q Q)) ε) in solving the qbdhi problem.
58 Security Of The Protocol Security (cont.) Definition We say, that an IBE system is (t, q ID, ε)selective identity, chosen plaintext secure (short: (t, q ID, ε) INDsIDCPA secure) iff for every INDsIDCPA adversary A, that makes at most q ID chosen private key queries, there is ADV A < ε, where ADV A is the advantage of A, attacking the IBE system.
59 Security Of The Protocol Security (cont.) Theorem Suppose the (t, q, ε)bdhi Assumption holds for G 1 and G 2. Then is (t, q S, ε) INDsIDCPA secure for any q S < q and any t < t Θ(τq 2 ), where τ is the maximum time for an exponentiation in G 1, G 2. Proof: see [BB04].
60 Advantages
61 Advantages IBE eliminates the need for a public key distribution infrastructure. No key agreement. Interesting features (e. g. encode additional information into the ID: for instance expirations dates).
62 Disadvantages
63 Disadvantages PKG may decrypt and/or sign any message without authorisation. A secure channel is required between the PKG and the receiver.
64 That s it. Thank you for your attention.
65 Anhang Literaturverzeichnis Literaturverzeichnis [P ] IEEE P1636.3/D1 Draft Standard for Identitybased Publickey Cryptography Using Pairings. Working Group of the Microprocessor Standards Committee [ASha84] IdentityBased Cryptosystems and Signature Schemes. Advances in Cryptology: Proceedings of CRYPTO 84. Adi Shamir Lecture Notes in Computer Science 7, 1984
66 Anhang Literaturverzeichnis [BB04] Efficient SelectiveID Secure Identity Based Encryption Without Random Oracles. D. Boneh, X. Boyen Advances in Cryptology Eurocrypt, 2004, SpringerVerlag (2004), pp [Wiki09] Wikipedia (DE, EN) As of: 14. Dezember 2009.
Cryptography. Identitybased Encryption. JeanSébastien Coron and David Galindo. May 15, 2014. Université du Luxembourg
Identitybased Encryption Université du Luxembourg May 15, 2014 Summary IdentityBased Encryption (IBE) What is IdentityBased Encryption? Difference with conventional PK cryptography. Applications of
More informationLecture 25: PairingBased Cryptography
6.897 Special Topics in Cryptography Instructors: Ran Canetti and Ron Rivest May 5, 2004 Lecture 25: PairingBased Cryptography Scribe: Ben Adida 1 Introduction The field of PairingBased Cryptography
More informationNew Efficient Searchable Encryption Schemes from Bilinear Pairings
International Journal of Network Security, Vol.10, No.1, PP.25 31, Jan. 2010 25 New Efficient Searchable Encryption Schemes from Bilinear Pairings Chunxiang Gu and Yuefei Zhu (Corresponding author: Chunxiang
More informationIDbased Cryptography and SmartCards
IDbased Cryptography and SmartCards Survol des techniques cryptographiques basées sur l identité et implémentation sur carte à puce The Need for Cryptography Encryption! Transform a message so that only
More informationEfficient Hierarchical Identity Based Encryption Scheme in the Standard Model
Informatica 3 (008) 07 11 07 Efficient Hierarchical Identity Based Encryption Scheme in the Standard Model Yanli Ren and Dawu Gu Dept. of Computer Science and Engineering Shanghai Jiao Tong University
More informationFuzzy IdentityBased Encryption
Fuzzy IdentityBased Encryption Janek Jochheim June 20th 2013 Overview Overview Motivation (Fuzzy) IdentityBased Encryption Formal definition Security Idea Ingredients Construction Security Extensions
More informationencryption Presented by NTU Singapore
A survey on identity based encryption Presented by Qi Saiyu NTU Singapore Outline Introduction of public key encryption Identitybased encryption (IBE) Hierarchical identity based encryption (HIBE) Before
More informationThreshold Identity Based Encryption Scheme without Random Oracles
WCAN 2006 Threshold Identity Based Encryption Scheme without Random Oracles Jin Li School of Mathematics and Computational Science Sun Yatsen University Guangzhou, P.R. China Yanming Wang Lingnan College
More informationMESSAGE AUTHENTICATION IN AN IDENTITYBASED ENCRYPTION SCHEME: 1KEYENCRYPTTHENMAC
MESSAGE AUTHENTICATION IN AN IDENTITYBASED ENCRYPTION SCHEME: 1KEYENCRYPTTHENMAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial
More informationIdentityBased Cryptography and Comparison with traditional Public key Encryption: A Survey
IdentityBased Cryptography and Comparison with traditional Public key Encryption: A Survey Girish Department of PGSCEA The National Institute of Engineering, Manadavady Road,Mysore570008, INDIA Phaneendra
More informationKey Privacy for Identity Based Encryption
Key Privacy for Identity Based Encryption Internet Security Research Lab Technical Report 20062 Jason E. Holt Internet Security Research Lab Brigham Young University c 2006 Brigham Young University March
More informationA Performance Analysis of IdentityBased Encryption Schemes
A Performance Analysis of IdentityBased Encryption Schemes Pengqi Cheng, Yan Gu, Zihong Lv, Jianfei Wang, Wenlei Zhu, Zhen Chen, Jiwei Huang Tsinghua University, Beijing, 084, China Abstract We implemented
More informationAn Introduction to Identitybased Cryptography CSEP 590TU March 2005 Carl Youngblood
An Introduction to Identitybased Cryptography CSEP 590TU March 2005 Carl Youngblood One significant impediment to the widespread adoption of publickey cryptography is its dependence on a publickey infrastructure
More informationCOMPARATIVE ANALYSIS OF IDENTITYBASED ENCRYPTION WITH TRADITIONAL PUBLIC KEY ENCRYPTION IN WIRELESS NETWORK
COMPARATIVE ANALYSIS OF IDENTITYBASED ENCRYPTION WITH TRADITIONAL PUBLIC KEY ENCRYPTION IN WIRELESS NETWORK Ms. Priyanka Bubna 1, Prof. Parul Bhanarkar Jha 2 1 Wireless Communication & Computing, TGPCET/RTM
More informationA Survey of IdentityBased Cryptography
A Survey of IdentityBased Cryptography Joonsang Baek 1 Jan Newmarch 2, Reihaneh SafaviNaini 1, and Willy Susilo 1 1 School of Information Technology and Computer Science, University of Wollongong {baek,
More informationIdentityBased Encryption from the Weil Pairing
Appears in SIAM J. of Computing, Vol. 32, No. 3, pp. 586615, 2003. An extended abstract of this paper appears in the Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages
More informationLecture 17: Reencryption
600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Reencryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy
More informationIdentitybased Encryption with Efficient Revocation. Ziyang Liu May 12,2015
Identitybased Encryption with Efficient Revocation Ziyang Liu May 12,2015 Overview Identitybased encryption How IBE works Simple Solution of Revocation Revocable IBE Fuzzy IBE Binary tree data structure
More informationSecure Key Issuing in IDbased Cryptography
Secure Key Issuing in IDbased Cryptography Byoungcheon Lee 1,2 Colin Boyd 1 Ed Dawson 1 Kwangjo Kim 3 Jeongmo Yang 2 Seungjae Yoo 2 1 Information Security Research Centre, Queensland University of Technology,
More informationPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTION http://www.tutorialspoint.com/cryptography/public_key_encryption.htm Copyright tutorialspoint.com Public Key Cryptography Unlike symmetric key cryptography, we do not find historical
More informationEfficient MultiReceiver IdentityBased Encryption and Its Application to Broadcast Encryption
Efficient MultiReceiver IdentityBased Encryption and Its Application to Broadcast Encryption Joonsang Baek Reihaneh SafaviNaini Willy Susilo Centre for Information Security Research School of Information
More informationFuzzy Identity Based Encryption Preliminary Version
Fuzzy Identity Based Encryption Preliminary Version Amit Sahai Brent R. Waters Abstract We introduce a new type of Identity Based Encryption (IBE) scheme that we call Fuzzy Identity Based Encryption. A
More informationEfficient Unlinkable Secret Handshakes for Anonymous Communications
보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 Efficient Unlinkable Secret Handshakes for Anonymous Communications EunKyung Ryu 1), KeeYoung Yoo 2), KeumSook Ha 3) Abstract The technique
More informationChosenCiphertext Security from IdentityBased Encryption
ChosenCiphertext Security from IdentityBased Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz June 13, 2006 Abstract We propose simple and efficient CCAsecure publickey encryption schemes
More informationMultiauthority attributebased encryption with honestbutcurious central authority
International Journal of Computer Mathematics Vol. 89, No. 3, February 2012, 268 283 Multiauthority attributebased encryption with honestbutcurious central authority Vladimir Božović a, Daniel Socek
More informationUniversally Composable IdentityBased Encryption
All rights are reserved and copyright of this manuscript belongs to the authors. This manuscript has been published without reviewing and editing as received from the authors: posting the manuscript to
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA DiffieHellman Key Exchange Public key and
More informationChosenCiphertext Security from IdentityBased Encryption
ChosenCiphertext Security from IdentityBased Encryption Ran Canetti 1, Shai Halevi 1, and Jonathan Katz 2 1 IBM T. J. Watson Research Center, Hawthorne, NY. {canetti,shaih}@watson.ibm.com 2 Dept. of
More informationIdentityBased Encryption: A 30Minute Tour. Palash Sarkar
IdentityBased Encryption: A 30Minute Tour Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in Palash Sarkar (ISI, Kolkata) IBE: Some Issues ISI, Kolkata,
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationSome Identity Based Strong BiDesignated Verifier Signature Schemes
Some Identity Based Strong BiDesignated Verifier Signature Schemes Sunder Lal and Vandani Verma Department of Mathematics, Dr. B.R.A. (Agra), University, Agra282002 (UP), India. Email sunder_lal2@rediffmail.com,
More informationHierarchical IDBased Cryptography
Hierarchical IDBased Cryptography Craig Gentry 1 and Alice Silverberg 2 1 DoCoMo USA Labs San Jose, CA, USA cgentry@docomolabsusa.com 2 Department of Mathematics Ohio State University Columbus, OH, USA
More informationSecure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment
Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,
More informationIdentity based cryptography
Identity based cryptography The case of encryption schemes David Galindo d.galindo@cs.ru.nl Security of Systems Department of Computer Science Radboud Universiteit Nijmegen Identity based cryptography
More informationCCLAS: A Practical and Compact Certificateless Aggregate Signature with Share Extraction
International Journal of Network Security, Vol.16, No.3, PP.174181, May 2014 174 CCLAS: A Practical and Compact Certificateless Aggregate Signature with Share Extraction Min Zhou 1, Mingwu Zhang 2, Chunzhi
More informationThe Journal of Systems and Software
The Journal of Systems and Software 82 (2009) 789 793 Contents lists available at ScienceDirect The Journal of Systems and Software journal homepage: www.elsevier.com/locate/jss Design of DLbased certificateless
More informationAn Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method
An Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method E.Sathiyamoorthy 1, S.S.Manivannan 2 1&2 School of Information Technology and Engineering
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationThe Feasibility of SETIBS and SETIBOOS Protocols in ClusterBased Wireless Sensor Network
The Feasibility of SETIBS and SETIBOOS Protocols in ClusterBased Wireless Sensor Network R.Anbarasi 1, S.Gunasekaran 2 P.G. Student, Department of Computer Engineering, V.S.B Engineering College, Karur,
More informationΕΠΛ 674: Εργαστήριο 3
ΕΠΛ 674: Εργαστήριο 3 Ο αλγόριθμος ασύμμετρης κρυπτογράφησης RSA Παύλος Αντωνίου Department of Computer Science PrivateKey Cryptography traditional private/secret/single key cryptography uses one key
More informationChapter 10 AsymmetricKey Cryptography
Chapter 10 AsymmetricKey Cryptography Copyright The McGrawHill Companies, Inc. Permission required for reproduction or display. 10.1 Chapter 10 Objectives To distinguish between two cryptosystems: symmetrickey
More informationVoteID 2011 Internet Voting System with Cast as Intended Verification
VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationChosenCiphertext Security from IdentityBased Encryption
ChosenCiphertext Security from IdentityBased Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz Abstract We propose simple and efficient CCAsecure publickey encryption schemes (i.e., schemes
More informationA Certificateless Signature Scheme for Mobile Wireless CyberPhysical Systems
The 28th International Conference on Distributed Computing Systems Workshops A Certificateless Signature Scheme for Mobile Wireless CyberPhysical Systems Zhong Xu Xue Liu School of Computer Science McGill
More informationEfficient CertificateBased Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 0, 55568 (04) Efficient CertificateBased Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model * College of Computer and Information
More informationIntroduction to Security Proof of Cryptosystems
Introduction to Security Proof of Cryptosystems D. J. Guan November 16, 2007 Abstract Provide proof of security is the most important work in the design of cryptosystems. Problem reduction is a tool to
More informationCiphertextAuditable Identitybased Encryption
International Journal of Network Security, Vol.17, No.1, PP.23 28, Jan. 2015 23 CiphertextAuditable Identitybased Encryption Changlu Lin 1, Yong Li 2, Kewei Lv 3, and ChinChen Chang 4,5 (Corresponding
More informationA Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0
A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0 James Manger Telstra Research Laboratories, Level 7, 242 Exhibition Street, Melbourne 3000,
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. PrivateKey Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More informationCS Computer and Network Security: Applied Cryptography
CS 5410  Computer and Network Security: Applied Cryptography Professor Patrick Traynor Spring 2016 Reminders Project Ideas are due on Tuesday. Where are we with these? Assignment #2 is posted. Let s get
More informationA Study on Asymmetric Key Cryptography Algorithms
A Study on Asymmetric Key Cryptography Algorithms ASAITHAMBI.N School of Computer Science and Engineering, Bharathidasan University, Trichy, asaicarrier@gmail.com Abstract Asymmetric key algorithms use
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationAnnouncements. CS243: Discrete Structures. More on Cryptography and Mathematical Induction. Agenda for Today. Cryptography
Announcements CS43: Discrete Structures More on Cryptography and Mathematical Induction Işıl Dillig Class canceled next Thursday I am out of town Homework 4 due Oct instead of next Thursday (Oct 18) Işıl
More informationIn this paper a new signature scheme and a public key cryptotsystem are proposed. They can be seen as a compromise between the RSA and ElGamaltype sc
Digital Signature and Public Key Cryptosystem in a Prime Order Subgroup of Z n Colin Boyd Information Security Research Centre, School of Data Communications Queensland University of Technology, Brisbane
More informationStrengthen Cloud Computing Security with Federal Identity Management Using Hierarchical IdentityBased Cryptography
Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical IdentityBased Cryptography Liang Yan, Chunming Rong, and Gansen Zhao University of Stavanger, Norway {liang.yan,chunming.rong}@uis.no
More informationOverview of PublicKey Cryptography
CS 361S Overview of PublicKey Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.16 slide 2 PublicKey Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationCertificate Based Signature Schemes without Pairings or Random Oracles
Certificate Based Signature Schemes without Pairings or Random Oracles p. 1/2 Certificate Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu, Joonsang Baek, Willy Susilo and Jianying
More informationPublicKey Cryptography. Oregon State University
PublicKey Cryptography Çetin Kaya Koç Oregon State University 1 Sender M Receiver Adversary Objective: Secure communication over an insecure channel 2 Solution: Secretkey cryptography Exchange the key
More informationIdentitybased Encryption with PostChallenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks
Identitybased Encryption with PostChallenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks Tsz Hon Yuen  Huawei, Singapore Ye Zhang  Pennsylvania State University, USA Siu Ming
More informationMultiChannel Broadcast Encryption
MultiChannel Broadcast Encryption Duong Hieu Phan 1,2, David Pointcheval 2, and Viet Cuong Trinh 1 1 LAGA, University of Paris 8 2 ENS / CNRS / INRIA Abstract. Broadcast encryption aims at sending a content
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; DH key exchange; Hash functions; Application of hash
More informationLecture 6  Cryptography
Lecture 6  Cryptography CSE497b  Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497bs07 Question 2 Setup: Assume you and I don t know anything about
More informationStrengthen RFID Tags Security Using New Data Structure
International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University
More informationCIS 5371 Cryptography. 8. Encryption 
CIS 5371 Cryptography p y 8. Encryption  Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: Allornothing secrecy.
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511517 HIKARI Ltd, www.mhikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More informationA New and Efficient Signature on Commitment Values
International Journal of Network Security, Vol.7, No., PP.0 06, July 2008 0 A New and Efficient Signature on Commitment Values Fangguo Zhang,3, Xiaofeng Chen 2,3, Yi Mu 4, and Willy Susilo 4 (Corresponding
More information9 Modular Exponentiation and Cryptography
9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.
More informationSECURITY IMPROVMENTS TO THE DIFFIEHELLMAN SCHEMES
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIEHELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 PublicKey Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown PublicKey Cryptography
More informationPublic Key Encryption with Keyword Search Revisited
Public Key Encryption with Keyword Search Revisited Joonsang Baek, Reihaneh SafiaviNaini,Willy Susilo University of Wollongong Northfields Avenue Wollongong NSW 2522, Australia Abstract The public key
More informationLecture 9  Message Authentication Codes
Lecture 9  Message Authentication Codes Boaz Barak March 1, 2010 Reading: BonehShoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationIdentityBased Key Agreement and Encryption For Wireless Sensor Networks
182 IJCSNS International Journal of Computer Science and Network Security, VOL.6 No.5B, May 2006 IdentityBased Key Agreement and Encryption For Wireless Sensor Networks Geng Yang 1, Chunming Rong 2, Christian
More informationIdentityBased Encryption from the Weil Pairing
IdentityBased Encryption from the Weil Pairing Dan Boneh 1, and Matt Franklin 2 1 Computer Science Department, Stanford University, Stanford CA 943059045 dabo@cs.stanford.edu 2 Computer Science Department,
More informationEVisas Verification Schemes Based on PublicKey Infrastructure and Identity Based Encryption
Journal of Computer Science 6 (7): 723727, 2010 ISSN 15493636 2010 Science Publications EVisas Verification Schemes Based on PublicKey Infrastructure and Identity Based Encryption Najlaa A. Abuadhmah,
More informationA SYMMETRIC KEY FULLY HOMOMORPHIC ENCRYPTION SCHEME USING GENERAL CHINESE REMAINDER THEOREM
Konuralp Journal of Mathematics Volume 4 No. 1 pp. 122 129 (2016) c KJM A SYMMETRIC KEY FULLY HOMOMORPHIC ENCRYPTION SCHEME USING GENERAL CHINESE REMAINDER THEOREM EMİN AYGÜN AND ERKAM LÜY Abstract. The
More informationIdentitybased encryption and Generic group model (work in progress) Peeter Laud Arvutiteaduse teooriaseminar Tallinn, 05.01.2012
Identitybased encryption and Generic group model (work in progress) Peeter Laud Arvutiteaduse teooriaseminar Tallinn, 05.01.2012 Identitybased encryption Publickey encryption, where public key = name
More informationChapter 10 AsymmetricKey Cryptography
Chapter 10 AsymmetricKey Cryptography Copyright The McGrawHill Companies, Inc. Permission required for reproduction or display. 10.1 Chapter 10 Objectives Present asymmetrickey cryptography. Distinguish
More informationAcknowledgements. Notations and abbreviations
Abstract This work explains the fundamental definitions required to define and create Fuzzy Identity Based Encryption schemes as an errortolerant version of IdentityBased Encryption schemes, along with
More informationChapter 9 Public Key Cryptography and RSA
Chapter 9 Public Key Cryptography and RSA Cryptography and Network Security: Principles and Practices (3rd Ed.) 2004/1/15 1 9.1 Principles of Public Key PrivateKey Cryptography traditional private/secret/single
More informationIntroduction to Cryptography
Introduction to Cryptography Part 2: publickey cryptography JeanSébastien Coron January 2007 Publickey cryptography Invented by Diffie and Hellman in 1976. Revolutionized the field. Each user now has
More informationMetered Signatures  How to restrict the Signing Capability 
JOURNAL OF COMMUNICATIONS AND NETWORKS, VOL.?, NO.?, 1 Metered Signatures  How to restrict the Signing Capability  WooHwan Kim, HyoJin Yoon, and Jung Hee Cheon Abstract: We propose a new notion of metered
More informationThe mathematics of cryptology
The mathematics of cryptology Paul E. Gunnells Department of Mathematics and Statistics University of Massachusetts, Amherst Amherst, MA 01003 www.math.umass.edu/ gunnells April 27, 2004 What is Cryptology?
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications JeanSébastien Coron January 2007 Publickey encryption BOB ALICE Insecure M E C C D channel M Alice s publickey Alice s privatekey Authentication
More informationA chosen text attack on the RSA cryptosystem and some discrete logarithm schemes
A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes Y. Desmedt Aangesteld Navorser NFWO Katholieke Universiteit Leuven Laboratorium ESAT B3030 Heverlee, Belgium A. M. Odlyzko
More informationProvably Secure Cryptography: State of the Art and Industrial Applications
Provably Secure Cryptography: State of the Art and Industrial Applications Pascal Paillier Gemplus/R&D/ARSC/STD/Advanced Cryptographic Services FrenchJapanese Joint Symposium on Computer Security Outline
More informationOn the Difficulty of Software Key Escrow
On the Difficulty of Software Key Escrow Lars R. Knudsen and Torben P. Pedersen Katholieke Universiteit Leuven, Belgium, email: knudsen@esat.kuleuven.ac.be Cryptomathic, Denmark, email: tpp@cryptomathic.aau.dk
More informationHierarchical IDBased Cryptography
Hierarchical IDBased Cryptography Craig Gentry 1 and Alice Silverberg 2, 1 DoCoMo USA Labs, San Jose, CA, USA, cgentry@docomolabsusa.com 2 Department of Mathematics, Ohio State University, Columbus,
More informationSecure Network Communication Part II II Public Key Cryptography. Public Key Cryptography
Kommunikationssysteme (KSy)  Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 20002001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem
More informationPaillier Threshold Encryption Toolbox
Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created
More informationIdentitybased Cryptography. Liqun Chen HewlettPackard Laboratories
Identitybased Cryptography Liqun Chen HewlettPackard Laboratories liqun.chen@hp.com 1 What will be covered in this lecture Basic concept of identitybased cryptography (IBC) Examples of IBC mechanisms
More informationCSC474/574  Information Systems Security: Homework1 Solutions Sketch
CSC474/574  Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a oneround Feistel cipher
More informationIndex Calculation Attacks on RSA Signature and Encryption
Index Calculation Attacks on RSA Signature and Encryption JeanSébastien Coron 1, Yvo Desmedt 2, David Naccache 1, Andrew Odlyzko 3, and Julien P. Stern 4 1 Gemplus Card International {jeansebastien.coron,david.naccache}@gemplus.com
More informationRHIBE: Constructing Revocable Hierarchical IDBased Encryption from HIBE
INFOMATICA, 2014, Vol. 25, No. 2, 299 326 299 2014 Vilnius University DOI: http://dx.doi.org/10.15388/informatica.2014.16 HIBE: Constructing evocable Hierarchical IDBased Encryption from HIBE TungTso
More informationLightweight Encryption for Email
Lightweight Encryption for Email Ben Adida MIT ben@mit.edu Susan Hohenberger MIT srhohen@mit.edu Ronald L. Rivest MIT rivest@mit.edu Abstract Email encryption techniques have been available for more than
More informationAttributeBased Cryptography. Lecture 21 And PairingBased Cryptography
AttributeBased Cryptography Lecture 21 And PairingBased Cryptography 1 IdentityBased Encryption 2 IdentityBased Encryption In PKE, KeyGen produces a random (PK,SK) pair 2 IdentityBased Encryption
More informationAn Efficient and Provablysecure Digital signature Scheme based on Elliptic Curve Bilinear Pairings
Theoretical and Applied Informatics ISSN 896 5334 Vol.24 (202), no. 2 pp. 09 8 DOI: 0.2478/v0790200090 An Efficient and Provablysecure Digital signature Scheme based on Elliptic Curve Bilinear Pairings
More informationUnified Public Key Infrastructure Supporting Both Certificatebased and IDbased Cryptography
2010 International Conference on Availability, Reliability and Security Unified Public Key Infrastructure Supporting Both Certificatebased and IDbased Cryptography Byoungcheon Lee Dept. of Information
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More information