Duality in ABE: Converting Attribute Based Encryption for Dual Predicate and Dual Policy via Computational Encodings


 Anis Banks
 2 years ago
 Views:
Transcription
1 Duality in ABE: Converting Attribute Based Encryption for Dual Predicate and Dual Policy via Computational Encodings Nuttapong Attrapadung, Shota Yamada AIST, 2015
2 Our Main Results in One Slide Instantiations: The first fully secure Generic dual conversion for ABE CPABE with short key CPABE allunbounded (for boolean formulae, span programs)
3 1 Introduction
4 Attribute Based Encryption (ABE) ABE for predicate R: X Y {0,1} Key for x X Decrypt Ciphertext for y Y (encrypt m) m? if R(x,y)=1 if R(x,y)=0
5 A Predicate Its Dual Predicate R: X Y {0,1} R: Y X {0,1} R(y,x) := R(x,y)
6 KeyPolicy ABE CiphertextPolicy ABE R: P A {0,1} R: A P {0,1} Key for Ciphertext for Key for Ciphertext for policy p P attribute a A attribute a A policy p P R(p,a) iff p satisfies a R(a,p) iff p satisfies a
7 Motivation KPABE, CPABE Definitions: directly related. Constructions: NO known relation. Can we generically convert an ABE to its dual? So that we would only construct KP, and get also CP. Might be difficult? Historically, CP [BSW07, Waters11] was harder to achieve than KP [GPSW06].
8 Related Work for Dual Conversion Converting KPABE for boolean formulae predicate Small classes of predicates Its dual CP: only for boundedsize formulae [GJPS08]. Converting KPABE for all boolean circuits Implies general predicates, but must start with ABE for circuits. Its dual CP: only for boundedsize circuits [GGHSW13]. Due to the use of universal circuits. Summary: less expressivity, and much less efficient.
9 Our Focus Goal: Generic dual conversion for any predicate. Preserving full security, expressivity, and efficiency. Tool: Use a generic ABE framework of [A14]. An abstraction of dualsystem encryption [Waters09] for achieving fullysecure ABE. [A14] N. Attrapadung, Dual System Encryption via Doubly Selective Security: Framework, Fullysecure Functional Encryption for Regular Languages, and More, Eurocrypt 2014.
10 2 Our Result Overview
11 Our Main Result: Dual Conversion Fully secure ABE for arbitrary R Generic Conversion Fully secure ABE for its dual, R Restricted to ABE In the pair encoding framework [A14].
12 Recall The Pair Encoding Framework Main Theorem in [A14] Pair Encoding for predicate R Generic Conversion Fully secure ABE for R If pair encoding is Perfectly secure or Doubly selectively secure.
13 Our Main Result: More Precisely Doubly selective pair encoding for arbitrary R Generic Conversion Doubly selective pair encoding for its dual, R
14 The Only Previous Dual Conversion A Side Result in [A14] Perfectly secure pair encoding for arbitrary R Generic Conversion Perfectly secure pair encoding for its dual, R
15 Implications: Solving Open Problems Perfectly secure encodings known KP, CP boolean formula with some bounds [LOSTW10, W14, A14] spatial, innerproduct, No fullysecure ABE known before Doubly selective encodings known KP unbounded boolean formula KP shortciphertext for boolean formula KP over doublyspatial KP regular languages CP regular languages [all in A14] [NEW! all implied by this work] CP unbounded boolean formula CP shortkey for boolean formula CP over doublyspatial
16 3 Recall Pair Encoding
17 Recall Pair Encoding and ABE [A14] Pair Encoding for R ABE for R Param h PK=(g 1 h, e(g 1,g 1 ) α ), MSK=α Enc1(x) k x (α,r,h) SK=g 1 kx(α,r,h) Enc2(y) c y (s,h) CT=(g 1 cy(s,h), e(g 1,g 1 ) αs 0 M) Pair(k x,c y ) αs 0 Dec e(g 1,g 1 ) αs 0 if R(x,y)=1 if R(x,y)=1 s 0 = first entry in s. Require some linearity properties. Use compositeorder bilinear groups. (Neglect details here).
18 Security Definitions of Pair Encoding Perfect security Identical (infotheoretic) { k x (0, r, h) k x (α, r, h) c y ( s,h) for R(x,y)=0 Doubly selective security Cannot distinguish { g 2 k x(0, r,h) g 2 kx(α, r,h) g 2 cy( s,h) for R(x,y)=0 Selective notion: queries c before k. Coselective notion: queries k before c. ( then ) ( then )
19 Intuition Behind Pair Encoding Security Switch Keys from Normal to Semifunctional [A14] normal K semi1 K1 semi2 K2 g 1 k(α,r,h) ᐧg 2 k(0,0,0) g k(α,r,h) ᐧg ^ k(0, r,h) ^ 1 2 g k(α,r,h) ᐧg ^ ^ k(α, r,h) ^ 1 2 Subgroup Decision Security of encoding 1 2 semi3 K3 ^ g 1 k(α,r,h) ᐧg 2 k(α,0,0) Subgroup Decision Only for selfcontainment, will not use here.
20 4 Our Conversion
21 Basic Idea for Dual Conversion Encoding for R Encoding for R Enc1 maps x X Enc1 maps y Y defined using Enc2 Enc2 maps y Y Enc2 maps x X defined using Enc1
22 Our Dual Conversion Encoding for R Encoding for R Param h Param h = (h,b) Enc1 k x (α,r,h) Enc1 k y (α,s,h) = ( c y (s,h), α+bs 0 ) Enc2 c y (s,h) Enc2 c x (r,h) = ( k x (bs 0,r,h), s 0 ) where s = s r = (s 0, r)
23 Our Dual Conversion Encoding for R Encoding for R Param h Param h = (h,b) Enc1 k x (α,r,h) Enc1 k y (α,s,h) = ( c y (s,h), α+bs 0 ) Enc2 c y (s,h) Enc2 c x (r,h) = ( k x (bs 0,r,h), s 0 ) Pair(k x,c y ) = αs 0 Pair: Pair(k x,c y ) = bs 0 s 0 (α+bs 0 ) (s 0 )  bs 0 s 0 = αs 0 where s = s r = (s 0, r)
24 Our Dual Conversion The same conversion as in [A14]. [A14] only proved for the perfectly secure encodings. We make it work also for doubly secure encodings.
25 Our New Theorems Encoding for R is selective then Encoding for R is coselective Encoding for R is coselective then Encoding for R is selective Intuition: Swap key/cipher encodings Query order is reversed. Hence selective becomes coselective (and vice versa).
26 Difficulty in Proving Theorems Encoding for R Encoding for R Enc1: k x (α,r,h) Enc1: k y (α,s,h) = ( c y (s,h), α+bs 0 ) Enc2: c y (s,h) Enc2: c x (r,h) = ( k x (bs 0,r,h), s 0 ) (all terms over the exponent)
27 Difficulty in Proving Theorems Encoding for R Encoding for R { k x (0,r,h) Enc1: k x (α,r,h) Enc1: k y (α,s,h) = ( c y (s,h), α+bs 0 ) Given IND here Enc2: c y (s,h) Enc2: c x (r,h) = ( k x (bs 0,r,h), s 0 ) (all terms over the exponent)
28 Difficulty in Proving Theorems Encoding for R Encoding for R { k x (0,r,h) { k y (0,s,h) Enc1: k x (α,r,h) Enc1: k y (α,s,h) = ( c y (s,h), α+bs 0 ) Given IND here Goal: to prove IND here. But it totally differs from k x. Enc2: c y (s,h) Enc2: c x (r,h) = ( k x (bs 0,r,h), s 0 ) (all terms over the exponent)
29 Proof Idea Encoding for R Encoding for R Enc1: k x (α,r,h) Enc1: k y (α,s,h) = ( c y (s,h), α+bs 0 ) Enc2: c y (s,h) Enc2: c x (r,h) = ( k x (bs 0,r,h), s 0 ) (all terms over the exponent)
30 Proof Idea Encoding for R Encoding for R Enc1: k x (α,r,h) Enc1: k y (α,s,h) = ( c y (s,h), α+bs 0 ) Enc2: c y (s,h) Enc2: c x (r,h) = ( k x (bs 0,r,h), s 0 ) Sim Adv SI M attacks Enc attacks Enc (all terms over the exponent)
31 Proof Idea Encoding for R Encoding for R SI M define α on unknown α Enc1: k x (α,r,h) Enc1: k y (α,s,h) = ( c y (s,h), α+bs 0 ) Enc2: c y (s,h) Enc2: c x (r,h) = ( k x (bs 0,r,h), s 0 ) Sim Adv SI M attacks Enc attacks Enc (all terms over the exponent)
32 Proof Idea Encoding for R Encoding for R SI M define α on unknown α Enc1: k x (α,r,h) Enc1: k y (α,s,h) = ( c y (s,h), α+bs 0 ) But this becomes unknown, too. Enc2: c y (s,h) Enc2: c x (r,h) = ( k x (bs 0,r,h), s 0 ) Sim Adv SI M attacks Enc attacks Enc (all terms over the exponent)
33 Proof Idea: Cancellation Trick Encoding for R Encoding for R SI M define α on unknown α Enc1: k x (α,r,h) Enc1: k y (α,s,h) = ( c y (s,h), α+bs 0 ) Enc2: c y (s,h) Enc2: c x (r,h) = ( k x (bs 0,r,h), s 0 ) Sim Adv SI M attacks Enc attacks Enc (all terms over the exponent)
34 Proof Idea: Cancellation Trick Encoding for R Encoding for R SI M define α on unknown α Enc1: k x (α,r,h) Enc1: k y (α,s,h) = ( c y (s,h), α+bs 0 ) SI M define b on unknown α Enc2: c y (s,h) Enc2: c x (r,h) = ( k x (bs 0,r,h), s 0 ) Sim Adv SI M attacks Enc attacks Enc (all terms over the exponent)
35 Proof Idea: Cancellation Trick Encoding for R Encoding for R SI M define α on unknown α cancellation of two unknowns! Enc1: k x (α,r,h) Enc1: k y (α,s,h) = ( c y (s,h), α+bs 0 ) SI M define b on unknown α Enc2: c y (s,h) Enc2: c x (r,h) = ( k x (bs 0,r,h), s 0 ) Sim Adv SI M attacks Enc attacks Enc (all terms over the exponent)
36 New Instantiations KPABE [A14] allunbounded for span programs Apply Conversion CPABE allunbounded for span programs KPABE [A14] shortciphertext for span programs Apply Conversion CPABE shortkey for span programs Doubly selective secure under some Extended DH Exponent assumptions [A14].
37 5 Concluding Remarks
38 More Results DualPolicy ABE Conjunctively combine ABE and its dual [AI09]. We also provide a conversion from ABE to DPABE. More refinement: New specific CPABE with tighter reduction. Full version at
39 Thank you
40 Intuition Behind Pair Encoding Security Switch Keys from Normal to Semifunctional [A14] normal K semi1 K1 semi2 K2 g 1 k(α,r,h) ᐧg 2 k(0,0,0) g k(α,r,h) ᐧg ^ k(0, r,h) ^ 1 2 g k(α,r,h) ᐧg ^ ^ k(α, r,h) ^ 1 2 Subgroup Decision Security of encoding 1 2 semi3 K3 ^ g 1 k(α,r,h) ᐧg 2 k(α,0,0) Subgroup Decision Only for selfcontainment, will not use here.
41 Revocable Hierarchical IdentityBased Encryption: HistoryFree Update, Security Against Insiders, and Short Ciphertexts 1 2 Jae Hong Seo and Keita Emura 1. Myongji University, Korea 2. NICT, Japan #RSAC
42 Contents #RSAC Identitybased encryption with revocation (RIBE) Trivial Way (by Boneh and Franklin 2001) Scalable construction (by Boldyreva, Goyal, and Kumar, 2008) Revocable Hierarchical IBE (RHIBE): CTRSA 2013, Seo and Emura Historypreserving updates approach Security against outsider Longsize ciphertext (ciphertext size depends on the level of hierarchy) Our RHIBE Constructions Historyfree updates approach Security against insider Constantsize ciphertext (in terms of the hierarchy level) 2
43 #RSAC IdentityBased Encryption and Revocation 3
44 IdentityBased Encryption (IBE) #RSAC Publish mpk 1 time download KGC Issue sk Enc(mpk,, M) Sender Receiver 4
45 IdentityBased Encryption (IBE) #RSAC Publish mpk 1 time download KGC Enc(mpk,, M) Issue sk How to revoke Bob s secret key? Sender Receiver 5
46 Revocation Capability in IBE: BonehFranklin #RSAC Publish mpk T 1 is time also regarded as a download part of user s identity KGC Sender 6 Receiver
47 Revocation Capability in IBE: BonehFranklin #RSAC Publish mpk T 1 is time also regarded as a download part of user s identity KGC Enc(mpk, T, M) Sender Receiver 7
48 Revocation Capability in IBE: BonehFranklin #RSAC Publish mpk T 1 is time also regarded as a download part of user s identity KGC Issue sk T if is not revoked on time T. Enc(mpk, T, M) Sender Receiver 8
49 Revocation Capability in IBE: BonehFranklin #RSAC Publish mpk T 1 is time also regarded as a download part of user s identity Sender KGC Issue sk if is not revoked on time T. Problem: The overhead on KGC is Enc(mpk, T, M) linearly increased in the number of users (O(NR)) 9 T Receiver
50 Revocation Capability in IBE: Boldyreva et al. #RSAC Publish mpk 1 time download KGC Issue sk Enc(mpk,, T, M) Sender Receiver 10
51 Revocation Capability in IBE: Boldyreva et al. #RSAC Publish mpk 1 time download Broadcast key update ku T KGC ku T Issue sk Enc(mpk,, T, M) Sender Receiver 11
52 Revocation Capability in IBE: Boldyreva et al. #RSAC Publish mpk 1 time download Broadcast key update ku T KGC ku T Issue sk Enc(mpk,, T, M) Only nonrevoked users can generate a decryption key dk, T from ku T and sk Sender 12 Receiver
53 Revocation Capability in IBE: Boldyreva et al. Only logsize Overhead!! (NNL: NaorNaorLotspiech, O(Rlog(N/R))) Publish mpk 1 time download Broadcast key update ku T KGC ku T Issue sk #RSAC Enc(mpk,, T, M) Only nonrevoked users can generate a decryption key dk, T from ku T and sk Sender 13 Receiver
54 Broadcast Encryption (BE) Technique Complete Subtree (CS) #RSAC Each user is assigned to a node u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 We consider a binary tree kept by KGC 14
55 Broadcast Encryption (BE) Technique Complete Subtree (CS) Each user is issued secret keys on the path to the root node by KGC (sk ) #RSAC u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 U 3 has secret keys on the path to the root node 15
56 Broadcast Encryption (BE) Technique Complete Subtree (CS) ku T is computed for nodes which do not have intersection against paths (to the root node) of revoked users #RSAC u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 Revoked 16
57 Broadcast Encryption (BE) Technique Complete Subtree (CS) ku T is computed for nodes which do not have intersection against paths (to the root node) of revoked users #RSAC u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 Revoked 17
58 Broadcast Encryption (BE) Technique Complete Subtree (CS) ku T is computed for nodes which do not have intersection against paths (to the root node) of revoked users #RSAC u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 Revoked 18
59 Broadcast Encryption (BE) Technique Complete Subtree (CS) ku T is computed for nodes which do not have intersection against paths (to the root node) of revoked users Contain node information which is determined by who will be revoked #RSAC u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 Revoked 19
60 Broadcast Encryption (BE) Technique Complete Subtree (CS) #RSAC From log N size public information ku T, only nonrevoked users can extract useful information. dk T sk and ku T u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 U 3 has secret keys on the path to the root node 20
61 Scalable Revocable IBE First construction A. Boldyreva, V. Goyal, and V. Kumar. Identitybased encryption with efficient revocation. In ACM CCS 2008 First adaptive secure scheme B. Libert and D. Vergnaud. AdaptiveID secure revocable identitybased encryption. In CTRSA Considering decryption key exposure resistance J. H. Seo and K. Emura. Revocable identitybased encryption revisited: Security model and construction. In PKC An adversary is allowed to obtain #RSAC SDbased construction K. Lee, D. H. Lee, and J. H. Park. Efficient revocable identitybased encryption via subset difference methods, eprint.iacr.org/2014/132,
62 #RSAC Revocable Hierarchical IBE (RHIBE) 22
63 Revocable Hierarchical IBE (RHIBE) A lowlevel user can stay in the system only if her parent also stays in the current time period. subkey 1 Firstlevel users have O(log N)size KGC secret key (as in RIBE) skid 1 = subkey logn Secondlevel users have log N subkeys for each parent's subkey (in total (log N) 2 size subkeys) skid 2 = subkey 1 *subkey 1 #RSAC subkey 1 *subkey logn One of subkeys will be used for computing kut. subkey logn *subley logn Trivial combination of RIBE and HIBE will result in an impractical scheme with an exponential number of secret keys 23
64 Revocable Hierarchical IBE (RHIBE) The first RHIBE scheme with polynomial size secret keys (SeoEmura, CTRSA 2013) skid 2 = Asymmetric trade between secret key size and generating time for secret key A parent gives halfcomputed subkeys, and children generate suitable subkeys subkey 1 *subkey 1 subkey 1 *subkey logn subkey logn *subley logn (log N) 2 size subkeys skid 2 = subkey 1 subkey logn subkey 1 Product of partial keys (log N) 2 size subkeys subkey logn 2(log N)size halfcomputed subkeys #RSAC 24
65 Revocable Hierarchical IBE (RHIBE) The first RHIBE scheme with polynomial size secret keys (SeoEmura, CTRSA 2013) Asymmetric trade between secret key size and generating time for Historypreserving secret key key updates For the A parent calculation, gives a halfcomputed child needs to know subkeys, and children generate suitable which subkeys partial key of the ancestor was used in each time period. Product of subkey 1 *subkey subkey 1 1 partial keys skid Such 2 = information subkey 1 *subkey is also announced in the subkey logn logn skid 2 = (log N) subkey 2 size key updates 1 subkeys subkey logn *subley logn subkey logn (log N) 2 size subkeys 2(log N)size halfcomputed subkeys #RSAC 25
66 Our Contribution HistoryFree Update Lowlevel users do not need to know what ancestors did during key updates. Security Against Insiders An adversary is allowed to obtain state information Short Ciphertexts Constantsize ciphertext in terms of the level of hierarchy Two constructions: Shorter secret keys and ciphertexts Complete Subtree (CS) Subset Difference (SD) KGC #RSAC 26
67 Main Idea for HistoryFree Update R(H)IBE: KGC (or a parent user) issues a longterm secret key sk ID using msk (or sk parentid ). KGC (or a parent user) broadcasts key update information ku T which is computed by msk (or sk parentid ). A (child) user can generate the decryption key dk ID,T from sk ID and ku T if he/she is not revoked at time T. Two situations are equivalent: A user ID is not revoked at time T The user can generate the decryption key dk ID,T Redefine the key update algorithm #RSAC 27
68 Main Idea for HistoryFree Update Previous syntax #RSAC Our modification No parent secret key is required (for historyfree approach) State information takes a role of the delegation key dk is used instead of sk and ku 28
69 Main Idea for HistoryFree Update Previous syntax #RSAC Our modification The secret key is used only for generating the decryption key dk. No parent secret key is required (for historyfree approach) State information takes a role of the delegation key Lowlevel users do not need to know what ancestors did during key updates. dk is used instead of sk and ku 29
70 Proposed RHIBE Scheme (CS) Based on the BBG HIBE scheme BBG HIBE (ID) + BonehBoyen IBE (Time) Give a reduction to the BBG HIBE scheme. [BBG05] Boneh, D., Boyen, X., Goh, E.J.: Hierarchical identity based encryption with constant size ciphertext. EUROCRYPT (BonehBoyen hash) If ID k is not revoked, then there exists the same θ (CS method) #RSAC BBG HIBE (ID) 30 BB IBE (Time) With rerandomization for decryption key exposure resistance
71 Proposed RHIBE Scheme (SD) Linear functions are assigned to each level #RSAC 31 revoked
72 Proposed RHIBE Scheme (SD) Linear functions are assigned to each level #RSAC Key Update info contains information about a point f v 3 (w ) 32 revoked
73 Proposed RHIBE Scheme (SD) Linear functions are assigned to each level #RSAC The secret key sk u3 contains information about a point f v 3 (w) Key Update info contains information about a point f v 3 (w ) 33 revoked
74 Proposed RHIBE Scheme (SD) Linear functions are assigned to each level #RSAC The secret key sk u3 contains information about a point f v 3 (w) Key Update info contains information about a point f v 3 (w ) Using Lagrange interpolation, u3 can recover f v 3 (x) but u5 and u6 do not. 34 revoked
75 Proposed RHIBE Scheme (SD) #RSAC The main part is the same as that of the LLP RIBE scheme. K. Lee, D. H. Lee, and J. H. Park. Efficient revocable identitybased encryption via subset difference methods, eprint.iacr.org/2014/132, One difference is: we introduce the false master key for historyfree construction so that sk does not contain the master key α See the paper for details 35
76 Comparison #RSAC 36
77 Comparison #RSAC DBDH qweak Bilinear DiffieHellman Inversion 37
78 Conclusion and Future work #RSAC RHIBE: Historyfree update, insider security, short ciphertext, and DKER The reduction to the underlying HIBE requires the challenge identity for the security proof. AdaptiveID secure RHIBE under a static assumption with these desirable properties 38
encryption Presented by NTU Singapore
A survey on identity based encryption Presented by Qi Saiyu NTU Singapore Outline Introduction of public key encryption Identitybased encryption (IBE) Hierarchical identity based encryption (HIBE) Before
More informationIdentitybased Encryption with Efficient Revocation. Ziyang Liu May 12,2015
Identitybased Encryption with Efficient Revocation Ziyang Liu May 12,2015 Overview Identitybased encryption How IBE works Simple Solution of Revocation Revocable IBE Fuzzy IBE Binary tree data structure
More informationCategorical Heuristic for Attribute Based Encryption in the Cloud Server
Categorical Heuristic for Attribute Based Encryption in the Cloud Server R. Brindha 1, R. Rajagopal 2 1( M.E, Dept of CSE, Vivekanandha Institutes of Engineering and Technology for Women, Tiruchengode,
More informationKey Privacy for Identity Based Encryption
Key Privacy for Identity Based Encryption Internet Security Research Lab Technical Report 20062 Jason E. Holt Internet Security Research Lab Brigham Young University c 2006 Brigham Young University March
More informationIdentityBased Encryption: A 30Minute Tour. Palash Sarkar
IdentityBased Encryption: A 30Minute Tour Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in Palash Sarkar (ISI, Kolkata) IBE: Some Issues ISI, Kolkata,
More informationSecure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment
Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,
More informationIdentityBased Encryption. Gregory Neven (IBM Zurich Research Laboratory) Eike Kiltz (CWI Amsterdam)
IdentityBased Encryption Gregory Neven (IBM Zurich Research Laboratory) Eike Kiltz (CWI Amsterdam) Publickey encryption PKI pk KeyGen sk M Enc C Dec M Sender (pk) Receiver (sk) 2 Identitybased encryption
More informationFunctional Encryption. Lecture 27
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data,
More informationAttributeBased Cryptography. Lecture 21 And PairingBased Cryptography
AttributeBased Cryptography Lecture 21 And PairingBased Cryptography 1 IdentityBased Encryption 2 IdentityBased Encryption In PKE, KeyGen produces a random (PK,SK) pair 2 IdentityBased Encryption
More informationIdentitybased Encryption with Efficient Revocation
A preliminary version of this paper appears in Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2008, ACM Press, 2008. This is the full version. Identitybased Encryption
More informationRHIBE: Constructing Revocable Hierarchical IDBased Encryption from HIBE
INFOMATICA, 2014, Vol. 25, No. 2, 299 326 299 2014 Vilnius University DOI: http://dx.doi.org/10.15388/informatica.2014.16 HIBE: Constructing evocable Hierarchical IDBased Encryption from HIBE TungTso
More informationOutsourcing the Decryption of ABE Ciphertexts
Outsourcing the Decryption of ABE Ciphertexts Matthew Green and Susan Hohenberger Johns Hopkins University Brent Waters UT Austin Background A problem Securing records in a datasharing environment E.g.,
More informationLecture 17: Reencryption
600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Reencryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy
More informationBreaking An IdentityBased Encryption Scheme based on DHIES
Breaking An IdentityBased Encryption Scheme based on DHIES Martin R. Albrecht 1 Kenneth G. Paterson 2 1 SALSA Project  INRIA, UPMC, Univ Paris 06 2 Information Security Group, Royal Holloway, University
More informationFuzzy IdentityBased Encryption
Fuzzy IdentityBased Encryption Janek Jochheim June 20th 2013 Overview Overview Motivation (Fuzzy) IdentityBased Encryption Formal definition Security Idea Ingredients Construction Security Extensions
More informationMESSAGE AUTHENTICATION IN AN IDENTITYBASED ENCRYPTION SCHEME: 1KEYENCRYPTTHENMAC
MESSAGE AUTHENTICATION IN AN IDENTITYBASED ENCRYPTION SCHEME: 1KEYENCRYPTTHENMAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial
More informationVerifiable Outsourced Computations Outsourcing Computations to Untrusted Servers
Outsourcing Computations to Untrusted Servers Security of Symmetric Ciphers in Network Protocols ICMS, May 26, 2015, Edinburgh Problem Motivation Problem Motivation Problem Motivation Problem Motivation
More informationThreshold Identity Based Encryption Scheme without Random Oracles
WCAN 2006 Threshold Identity Based Encryption Scheme without Random Oracles Jin Li School of Mathematics and Computational Science Sun Yatsen University Guangzhou, P.R. China Yanming Wang Lingnan College
More informationCryptography. Identitybased Encryption. JeanSébastien Coron and David Galindo. May 15, 2014. Université du Luxembourg
Identitybased Encryption Université du Luxembourg May 15, 2014 Summary IdentityBased Encryption (IBE) What is IdentityBased Encryption? Difference with conventional PK cryptography. Applications of
More informationFunctional Encryption for PublicAttribute Inner Products: Achieving ConstantSize Ciphertexts with Adaptive Security or Support for Negation
Functional Encryption for PublicAttribute Inner Products: Achieving ConstantSize Ciphertexts with Adaptive Security or Support for Negation Nuttapong Attrapadung 1 and Benoît Libert 2 1 Research Center
More informationA Performance Analysis of IdentityBased Encryption Schemes
A Performance Analysis of IdentityBased Encryption Schemes Pengqi Cheng, Yan Gu, Zihong Lv, Jianfei Wang, Wenlei Zhu, Zhen Chen, Jiwei Huang Tsinghua University, Beijing, 084, China Abstract We implemented
More informationEFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTIAUTHORITY CLOUD STORAGE
EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTIAUTHORITY CLOUD STORAGE Reshma Mary Abraham and P. Sriramya Computer Science Engineering, Saveetha University, Chennai, India EMail: reshmamaryabraham@gmail.com
More informationNew Efficient Searchable Encryption Schemes from Bilinear Pairings
International Journal of Network Security, Vol.10, No.1, PP.25 31, Jan. 2010 25 New Efficient Searchable Encryption Schemes from Bilinear Pairings Chunxiang Gu and Yuefei Zhu (Corresponding author: Chunxiang
More informationExpressive, Efficient, and Revocable Data Access Control for MultiAuthority Cloud Storage
Expressive, Efficient, and Revocable Data Access Control for MultiAuthority Cloud Storage Abstract: Cloud computing is one of the emerge technologies. To protect the data and privacy of users the access
More informationAdaptiveID Secure Revocable IdentityBased Encryption
AdaptiveID Secure Revocable IdentityBased Encryption Benoît Libert 1 and Damien Vergnaud 2 1 Université Catholique de Louvain, Microelectronics Laboratory, Crypto Group Place du Levant, 3 1348 LouvainlaNeuve
More informationCPABE Based Encryption for Secured Cloud Storage Access
International Journal of Scientific & Engineering Research, Volume 3, Issue 9, September2012 1 CPABE Based Encryption for Secured Cloud Storage Access B. Raja Sekhar,B. Sunil Kumar, L. Swathi Reddy,
More informationCLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE REENCRYPTION
CLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE REENCRYPTION Chandrala DN 1, Kulkarni Varsha 2 1 Chandrala DN, M.tech IV sem,department of CS&E, SVCE, Bangalore 2 Kulkarni Varsha, Asst. Prof.
More informationEfficient Hierarchical Identity Based Encryption Scheme in the Standard Model
Informatica 3 (008) 07 11 07 Efficient Hierarchical Identity Based Encryption Scheme in the Standard Model Yanli Ren and Dawu Gu Dept. of Computer Science and Engineering Shanghai Jiao Tong University
More informationLecture 2 August 29, 13:40 15:40
Lecture 2 August 29, 13:40 15:40 Publickey encryption with keyword search Anonymous identitybased encryption Identitybased encryption with wildcards Publickey encryption with keyword search & anonymous
More informationSecure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud
1 Secure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud Kan Yang Associate Member IEEE Xiaohua Jia Fellow IEEE Kui Ren Senior Member IEEE Abstract Due to the high volume
More informationIdentity based cryptography
Identity based cryptography The case of encryption schemes David Galindo d.galindo@cs.ru.nl Security of Systems Department of Computer Science Radboud Universiteit Nijmegen Identity based cryptography
More informationON MULTIAUTHORITY CIPHERTEXTPOLICY ATTRIBUTEBASED ENCRYPTION
Bull. Korean Math. Soc. 46 (2009), No. 4, pp. 803 819 DOI 10.4134/BKMS.2009.46.4.803 ON MULTIAUTHORITY CIPHERTEXTPOLICY ATTRIBUTEBASED ENCRYPTION Sascha Müller, Stefan Katzenbeisser, and Claudia Eckert
More informationIdentityBased Encryption from the Weil Pairing
Appears in SIAM J. of Computing, Vol. 32, No. 3, pp. 586615, 2003. An extended abstract of this paper appears in the Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages
More informationTimeBased Proxy Reencryption Scheme for Secure Data Sharing in a Cloud Environment
TimeBased Proxy Reencryption Scheme for Secure Data Sharing in a Cloud Environment Qin Liu a,b, Guojun Wang a,, Jie Wu b a School of Information Science and Engineering Central South Uversity Changsha,
More informationChosenCiphertext Security from IdentityBased Encryption
ChosenCiphertext Security from IdentityBased Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz Abstract We propose simple and efficient CCAsecure publickey encryption schemes (i.e., schemes
More informationIEEE Draft P1363.3. Identity Based Public Key Cryptography Based On Pairings. Daniel Schliebner. 14. Dezember 2009
Identity Based Public Key Cryptography Based On Pairings 14. Dezember 2009 Gliederung Introduction Identity Based Encryption The Protocol Security Of The Protocol Discussion About The Headline Identity
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationAttributeBased Encryption for FineGrained Access Control of Encrypted Data
AttributeBased Encryption for FineGrained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters Abstract As more sensitive data is shared and stored by thirdparty sites
More informationAnonymity and Time in PublicKey Encryption
Anonymity and Time in PublicKey Encryption Elizabeth Anne Quaglia Thesis submitted to the University of London for the degree of Doctor of Philosophy Information Security Group Department of Mathematics
More informationAttributeBased Broadcast Encryption Scheme Made Efficient
AttributeBased Broadcast Encryption Scheme Made Efficient David Lubicz Thomas Sirvent D. Lubicz, T. Sirvent (Celar  Irmar) Efficient AttributeBased Encryption AfricaCrypt 2008, June 13 th 1 / 23 Outline
More informationCOMPARATIVE ANALYSIS OF IDENTITYBASED ENCRYPTION WITH TRADITIONAL PUBLIC KEY ENCRYPTION IN WIRELESS NETWORK
COMPARATIVE ANALYSIS OF IDENTITYBASED ENCRYPTION WITH TRADITIONAL PUBLIC KEY ENCRYPTION IN WIRELESS NETWORK Ms. Priyanka Bubna 1, Prof. Parul Bhanarkar Jha 2 1 Wireless Communication & Computing, TGPCET/RTM
More informationRole Based Encryption with Efficient Access Control in Cloud Storage
Role Based Encryption with Efficient Access Control in Cloud Storage G. V. Bandewar 1, R. H. Borhade 2 1 Department of Information Technology, Sinhgad Technical Education Society s SKNCOE, Pune, India
More informationIDBased Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption
IDBased Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption Danfeng Yao Nelly Fazio Yevgeniy Dodis Anna Lysyanskaya Abstract A forwardsecure encryption scheme
More informationCIS 5371 Cryptography. 8. Encryption 
CIS 5371 Cryptography p y 8. Encryption  Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: Allornothing secrecy.
More informationData management using Virtualization in Cloud Computing
Data management using Virtualization in Cloud Computing A.S.R. Krishna Kanth M.Tech (CST), Department of Computer Science & Systems Engineering, Andhra University, India. M.Sitha Ram Research Scholar Department
More informationAchieving Finegrained Access Control for Secure Data Sharing on Cloud Servers
CONCURRENCY AND COMPUTATION: PRACTICE AND EXPERIENCE Concurrency Computat.: Pract. Exper. 2000; 00:1 7 [Version: 2002/09/19 v2.02] Achieving Finegrained Access Control for Secure Data Sharing on Cloud
More informationEnforcing RoleBased Access Control for Secure Data Storage in the Cloud
The Author 211. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions please email: journals.permissions@oup.com Advance Access publication
More informationWildcarded IdentityBased Encryption
Wildcarded IdentityBased Encryption Michel Abdalla 1, James Birkett 2, Dario Catalano 3, Alexander W. Dent 4, John MaloneLee 5, Gregory Neven 6,7, Jacob C. N. Schuldt 8, and Nigel P. Smart 9 1 Ecole
More informationChosenCiphertext Security from IdentityBased Encryption
ChosenCiphertext Security from IdentityBased Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz June 13, 2006 Abstract We propose simple and efficient CCAsecure publickey encryption schemes
More informationIdentity Based Encryption: An Overview
Identity Based Encryption: An Overview Palash Sarkar Indian Statistical Institute IBE Overview p. Structure of Presentation Conceptual overview and motivation. Some technical details. Brief algebraic background.
More information1 Pseudorandom Permutations
Theoretical Foundations of Cryptography Lecture 9 Georgia Tech, Spring 2010 PRPs, Symmetric Encryption 1 Pseudorandom Permutations Instructor: Chris Peikert Scribe: Pushkar Tripathi In the first part of
More informationIntroduction to Security Proof of Cryptosystems
Introduction to Security Proof of Cryptosystems D. J. Guan November 16, 2007 Abstract Provide proof of security is the most important work in the design of cryptosystems. Problem reduction is a tool to
More informationCryptography CS 555. Topic 3: Onetime Pad and Perfect Secrecy. CS555 Spring 2012/Topic 3 1
Cryptography CS 555 Topic 3: Onetime Pad and Perfect Secrecy CS555 Spring 2012/Topic 3 1 Outline and Readings Outline Onetime pad Perfect secrecy Limitation of perfect secrecy Usages of onetime pad
More informationAnalysis of PrivacyPreserving Element Reduction of Multiset
Analysis of PrivacyPreserving Element Reduction of Multiset Jae Hong Seo 1, HyoJin Yoon 2, Seongan Lim 3, Jung Hee Cheon 4 and Dowon Hong 5 1,4 Department of Mathematical Sciences and ISaCRIM, Seoul
More informationSheltered MultiOwner Data distribution For vibrant Groups in the Cloud
Sheltered MultiOwner Data distribution For vibrant Groups in the Cloud I.sriram murthy 1 N.Jagajeevan 2 II MTech student Assistant.Professor Department of computer science & Engineering Department of
More informationSome Identity Based Strong BiDesignated Verifier Signature Schemes
Some Identity Based Strong BiDesignated Verifier Signature Schemes Sunder Lal and Vandani Verma Department of Mathematics, Dr. B.R.A. (Agra), University, Agra282002 (UP), India. Email sunder_lal2@rediffmail.com,
More informationIDbased Cryptography and SmartCards
IDbased Cryptography and SmartCards Survol des techniques cryptographiques basées sur l identité et implémentation sur carte à puce The Need for Cryptography Encryption! Transform a message so that only
More informationSecure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve
Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve N.S. Jeya karthikka PG Scholar Sri Ramakrishna Engg Collg S.Bhaggiaraj Assistant Professor Sri Ramakrishna Engg Collg V.Sumathy
More informationEfficient File Sharing in Electronic Health Records
Efficient File Sharing in Electronic Health Records Clémentine Gritti, Willy Susilo and Thomas Plantard University of Wollongong, Australia 27/02/2015 1/20 Outline for Section 1 1 Introduction 2 Solution
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More informationAn Enhanced Security Enabled Sharing of Protected Cloud Storage Services by Trapdoor Commitment Based on RSA Signature Assumption
Bonfring International Journal of Research in Communication Engineering, Vol. 2, No. 3, September 2012 1 An Enhanced Security Enabled Sharing of Protected Cloud Storage Services by Trapdoor Commitment
More informationKEYPOLICY ATTRIBUTE BASED ENCRYPTION TO SECURE DATA STORED IN CLOUD
KEYPOLICY ATTRIBUTE BASED ENCRYPTION TO SECURE DATA STORED IN CLOUD C.Vinoth 1, G.R.Anantha Raman 2 1 Computer Science and Engineering,ACE Hosur(India) 2 Assistant Professor, Computer Science and Engineering,
More informationData Sharing on Untrusted Storage with AttributeBased Encryption
Data Sharing on Untrusted Storage with AttributeBased Encryption by Shucheng Yu A Dissertation Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE In partial fulfillment of the requirements
More informationLightweight Encryption for Email
Lightweight Encryption for Email Ben Adida ben@mit.edu 7 July 2005 joint work with Susan Hohenberger and Ronald L. Rivest MIT Cryptography and Information Security Group Motivation To Improve/Restore the
More informationSecure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data
Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data V.Abinaya PG Scholar Kalasalingam Institute of Technology Krishnankoil. V.Ramesh Assistant professor Kalasalingam
More informationMultiChannel Broadcast Encryption
MultiChannel Broadcast Encryption Duong Hieu Phan 1,2, David Pointcheval 2, and Viet Cuong Trinh 1 1 LAGA, University of Paris 8 2 ENS / CNRS / INRIA Abstract. Broadcast encryption aims at sending a content
More informationLecture 1: Course overview, circuits, and formulas
Lecture 1: Course overview, circuits, and formulas Topics in Complexity Theory and Pseudorandomness (Spring 2013) Rutgers University Swastik Kopparty Scribes: John Kim, Ben Lund 1 Course Information Swastik
More informationEfficient MultiReceiver IdentityBased Encryption and Its Application to Broadcast Encryption
Efficient MultiReceiver IdentityBased Encryption and Its Application to Broadcast Encryption Joonsang Baek Reihaneh SafaviNaini Willy Susilo Centre for Information Security Research School of Information
More informationA Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0
A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0 James Manger Telstra Research Laboratories, Level 7, 242 Exhibition Street, Melbourne 3000,
More informationIdentityBased Encryption
IdentityBased ryption Gregory Neven IBM Zurich Research Laboratory gone WILD Publickey encryption PKI pk KeyGen sk M Dec M Sender (pk) Receiver (sk) 2 1 Identitybased encryption (IBE) [S84] Goal: Allow
More informationAn Efficiently Subcontracted the IdentityBased Encryption for Revocation in Cloud Computing
An Efficiently Subcontracted the IdentityBased Encryption for Revocation in Cloud Computing Soujanya M A 1, Lalitha L A 2 1 School of Computing and Information Technology, M. Tech, Reva University, Bangalore,
More informationConcrete AttributeBased Encryption Scheme with Verifiable Outsourced Decryption
Concrete AttributeBased Encryption Scheme with Verifiable Outsourced Decryption Abstract: Charan 1, K Dinesh Kumar 2, D Arun Kumar Reddy 3 1 P.G Scholar, 2 Assistant Professor, 3 Associate Professor 1,2,3
More informationChosenCiphertext Security from IdentityBased Encryption
ChosenCiphertext Security from IdentityBased Encryption Ran Canetti 1, Shai Halevi 1, and Jonathan Katz 2 1 IBM T. J. Watson Research Center, Hawthorne, NY. {canetti,shaih}@watson.ibm.com 2 Dept. of
More informationOutsourcing the Decryption of ABE Ciphertexts
Outsourcing the Decryption of ABE Ciphertexts Matthew Green Johns Hopkins University Susan Hohenberger Johns Hopkins University Brent Waters University of Texas at Austin Abstract Attributebased encryption
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA PrivateKey Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationVictor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract
Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart
More informationOverview of PublicKey Cryptography
CS 361S Overview of PublicKey Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.16 slide 2 PublicKey Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. #01 Lecture No. #10 Symmetric Key Ciphers (Refer
More informationAn Efficient Security Based Multi Owner Data Sharing for UnTrusted Groups Using Broadcast Encryption Techniques in Cloud
An Efficient Security Based Multi Owner Data Sharing for UnTrusted Groups Using Broadcast Encryption Techniques in Cloud T.Vijayalakshmi 1, Balika J Chelliah 2,S.Alagumani 3 and Dr.J.Jagadeesan 4 1 PG
More informationCOM S 687 Introduction to Cryptography October 19, 2006
COM S 687 Introduction to Cryptography October 19, 2006 Lecture 16: NonMalleability and Public Key Encryption Lecturer: Rafael Pass Scribe: Michael George 1 NonMalleability Until this point we have discussed
More informationKey Refreshing in Identitybased Cryptography and its Application in MANETS
Key Refreshing in Identitybased Cryptography and its Application in MANETS Shane Balfe, Kent D. Boklan, Zev Klagsbrun and Kenneth G. Paterson Royal Holloway, University of London, Egham, Surrey, TW20
More informationPrivacy, Discovery, and Authentication for the Internet of Things
Privacy, Discovery, and Authentication for the Internet of Things David Wu Joint work with Ankur Taly, Asim Shankar, and Dan Boneh The Internet of Things (IoT) Lots of smart devices, but only useful if
More informationCertificate Based Signature Schemes without Pairings or Random Oracles
Certificate Based Signature Schemes without Pairings or Random Oracles p. 1/2 Certificate Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu, Joonsang Baek, Willy Susilo and Jianying
More informationAttributedbased Access Control for MultiAuthority Systems in Cloud Storage
2012 32nd IEEE International Conference on Distributed Computing Systems Attributedbased Access Control for MultiAuthority Systems in Cloud Storage Kan Yang Department of Computer Science City University
More informationProfessor Radha Poovendran EE Department, University of Washington, Seattle, WA & Professor Dawn Song EECS Department, University of California,
Professor Radha Poovendran EE Department, University of Washington, Seattle, WA & Professor Dawn Song EECS Department, University of California, Berkeley, CA 1 Summer School Objectives Exposure to current
More informationDecentralized Access Control Schemes for Data Storage on Cloud
Computer Science and Engineering 2016, 6(1): 16 DOI: 10.5923/j.computer.20160601.01 Decentralized Access Control Schemes for Data Storage on Cloud Shraddha V. Mokle *, Nuzhat F. Shaikh Department of Computer
More informationLecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture  PRGs for one time pads
CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs
More informationRSA Cryptosystem. Yufei Tao. Department of Computer Science and Engineering Chinese University of Hong Kong. RSA Cryptosystem
Yufei Tao Department of Computer Science and Engineering Chinese University of Hong Kong In this lecture, we will discuss the RSA cryptosystem, which is widely adopted as a way to encrypt a message, or
More informationDigital Signatures. Prof. Zeph Grunschlag
Digital Signatures Prof. Zeph Grunschlag (Public Key) Digital Signatures PROBLEM: Alice would like to prove to Bob, Carla, David,... that has really sent them a claimed message. E GOAL: Alice signs each
More informationPropertyBased Broadcast Encryption for Multilevel Security Policies
PropertyBased Broadcast Encryption for Multilevel Security Policies André Adelsbach, Ulrich Huber, and AhmadReza Sadeghi Horst Görtz Institute for IT Security, Ruhr Universität Bochum, Germany Eighth
More informationCCPABE: Cooperative Ciphertext Policy AttributeBased Encryption for the Internet of Things
CCPABE: Cooperative Ciphertext Policy AttributeBased Encryption for the Internet of Things Lyes Touati, Yacine Challal, Abdelmadjid Bouabdallah To cite this version: Lyes Touati, Yacine Challal, Abdelmadjid
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationASYMMETRIC (PUBLICKEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLICKEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A nontechnical account of the history of publickey cryptography and the colorful characters
More informationOblivious Transfer. Sven Laur University of Tartu
Oblivious Transfer Sven Laur swen@math.ut.ee University of Tartu Ideal implementation b x 0, x 1 b x 0, x 1 x b Ideal ( 2 1) OT The protocol is always carried out between a client P 1 and a sender P 2.
More informationIdentitybased encryption and Generic group model (work in progress) Peeter Laud Arvutiteaduse teooriaseminar Tallinn, 05.01.2012
Identitybased encryption and Generic group model (work in progress) Peeter Laud Arvutiteaduse teooriaseminar Tallinn, 05.01.2012 Identitybased encryption Publickey encryption, where public key = name
More informationAn Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method
An Efficient and Light weight Secure Framework for Applications of Cloud Environment using Identity Encryption Method E.Sathiyamoorthy 1, S.S.Manivannan 2 1&2 School of Information Technology and Engineering
More informationEfficient Unlinkable Secret Handshakes for Anonymous Communications
보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 Efficient Unlinkable Secret Handshakes for Anonymous Communications EunKyung Ryu 1), KeeYoung Yoo 2), KeumSook Ha 3) Abstract The technique
More informationProofs in Cryptography
Proofs in Cryptography Ananth Raghunathan Abstract We give a brief overview of proofs in cryptography at a beginners level. We briefly cover a general way to look at proofs in cryptography and briefly
More informationMidterm Exam Solutions CS161 Computer Security, Spring 2008
Midterm Exam Solutions CS161 Computer Security, Spring 2008 1. To encrypt a series of plaintext blocks p 1, p 2,... p n using a block cipher E operating in electronic code book (ECB) mode, each ciphertext
More information