Fuzzy IdentityBased Encryption


 Victor Dorsey
 2 years ago
 Views:
Transcription
1 Fuzzy IdentityBased Encryption Janek Jochheim June 20th 2013
2 Overview Overview Motivation (Fuzzy) IdentityBased Encryption Formal definition Security Idea Ingredients Construction Security Extensions
3 Motivation Classic publickey cryptography Publickey cryptography Some User A wants to communicate with B Requests public key for B to encrypt message Encrypted message User A Public key for B User B Request public key
4 Motivation IdentityBased Encryption IdentityBased Encryption (IBE) Messages encrypted for an Identity User only needs to know identity of recipient e.g. Encrypted message with identity of B User A User B
5 Motivation Fuzzy IBE Fuzzy IdentityBased Encryption View identity as a set of attributes Assign attributes to every user Encrypt message with attribute set One user can decrypt message attribute overlap between identity and message d Allows error tolerance
6 Motivation Application example Application example: Biometric eye scan Interpret features of the iris as attributes Identity of a user = iris of his eye User can authorize in system with his iris Advantages: Easy authorization process User always has public key available Error tolerance allows noise during eye scan
7 Fuzzy IBE Fuzzy IdentityBased Encryption
8 Fuzzy IBE Definition Definition Let U be a universe of attributes Identity ω U. Identity overlap d Decryption for identity ω possible iff ω ω d
9 Fuzzy IBE Definition The algorithms A fuzzy identitybased encryption scheme Π consists of four ppts: Π = (Setup, KeyGen, Enc, Dec). Setup(U, d): Initializes a cryptographic system with attribute universe U and a threshold d publish public parameters KeyGen(ω): Generate a private key k ω for identity ω U. Obviously, it should hold that ω d. Enc(m, ω ): Encrypt a message m with the identity ω using the public parameters.
10 Fuzzy IBE Definition The algorithms Dec(c, k ω ): Decrypt the ciphertext c with the private key k ω that has been generated for the identity ω. Correctness ω denotes the identity that has been used to encrypt c If ω ω d then Dec(Enc(m, ω ), k ω ) = m for all m
11 Fuzzy IBE Security Security (informal) Fuzzy IBE must be secure against Collusion Attacks Group of users with identities ω1,..., ω n Every user has private key k ωi Ciphertext c that has been encrypted with identity ω No user is able to decrypt c, i.e. ω i ω < d for all i = 1,... n Not possible to encrypt c by combining the keys k ω1,..., k ωn
12 Fuzzy IBE Security Fuzzy SelectiveID game SelID col A,Π(λ) A a ppt, Π a fuzzy IBE encryption scheme. 1. A chooses an identity α. 2. Challenger initializes cryptographic system; gives public parameters to A. 3. A can query private keys for identities ω i with ω i α < d. 4. A outputs m 0, m 1. Challenger encrypts m b, b {0, 1} and gives ciphertext c to A. 5. The same as step A outputs guess b. A wins the game iff b = b.
13 Fuzzy IBE Security Security (formal) A Fuzzy IBE scheme Π is secure against collusion attacks if for every ppt adversary A there exists a negligible function µ such that Pr[SelID col A,Π (λ) = 1] µ(λ). Adversary gets public parameters Security against collusion attacks implies cpa security
14
15 Idea Idea Encrypt plaintext with a secret and attributes In decryption, reconstruct the secret using a delement subset of the attributes Use Shamir s secret sharing scheme
16 Idea Polynomials A polynomial q(x) of degree d 1 can be constructed with d points. y q(x) x Example shows polynomial of degree 3 and 6 points Every subset of 4 points is sufficient to reconstruct q
17 Ingredients Ingredients I Bilinear maps G 1, G 2 groups of prime order p, g generator of G 1 Bilinear map e : G 1 G 1 G 2 e(g a, g b ) = e(g, g) ab e(g, g) 1
18 Ingredients Ingredients II Lagrange Coefficient S Z finite set of numbers Lagrange coefficient i,s defined as: for i Z i,s (x) = j S,j i x j i j
19 Ingredients Ingredients II Lagrange Coefficient and polynomials Let q be a polynomial of degree d 1 and let S Z, S = d. q can also be written as: q(x) = q(i) i,s (x) i S In other words: We can directly calculate every point from q by using d other points
20 Construction Construction of the scheme Restriction: Let n be fixed size of an identity, For every identity ω it holds that ω n Universe of attributes: U = Z p, p prime number G 1 group of prime order p g generator of G 1 e : G 1 G 1 G 2 bilinear map
21 Construction The algorithms Setup(n, d): Run bilinear DiffieHellman parameter generator G to obtain p, G 1, G 2. Choose y G 1. Set g 1 = g y, g 2 G 1, N := {1,..., n + 1} Define function T : t 1,..., t n+1 G 1 T (x) = g x n 2 Publish g1, g 2, t 1,..., t n+1 y is master key n+1 i=1 t i,n (x) i
22 Construction The algorithms KeyGen(ω): Choose polynomial q with degree d 1 uniformly at random with q(0) = y For i ω set: D i = g q(i) 2 T (i) r i, r i Z p di = g r i Private key k ω = {{D i } i ω, {d i } i ω }
23 Output C = (ω, c, g s, {T (i) s } i ω ) Fuzzy IdentityBased Encryption Construction The algorithms Enc(ω, m): Choose s Z p Ciphertext c = m e(g 1, g 2 ) s Dec(C, k ω ): Choose S ω ω, S = d m = c i S ( e(di, T (i) s ) ) i,s(0) e(d i, g s )
24 Construction Correctness Plug in definitions Use linearity of e ) i,s (0) m = c ( e(di, T (i) s ) i S e(d i, g s ) = m e(g y, g 2 ) s ( e(g r i, T (i) s ) i S e(g q(i) 2 T (i) r i, g s ) = m e(g, g 2 ) sy ( e(g, T (i)) r i s e(g 2, g) q(i)s e(t (i), g) r i s i S ) i,s (0) ) i,s (0)
25 Construction e(g, T (i)) r i s cancels out Use lagrange coefficient to reconstruct y m e(g, g 2 ) sy ( e(g, T (i)) r i s i S e(g 2, g) q(i)s e(t (i), g) r i s = m e(g, g 2 ) sy ( ) 1 i,s (0) i S e(g 2, g) q(i)s ( ) q(i) = m e(g, g 2 ) sy 1 i,s (0)s i S e(g 2, g) ( ) = m e(g, g 2 ) sy 1 ys = m e(g 2, g) ) i,s (0)
26 Security assumption Security Decisional bilinear DiffieHellman (BDH) assumption: Let a, b, c, z Z p. The decisional DiffieHellman assumption is that every ppt A can not distinguish the tuple (g a, g b, g c, e(g, g) z ) from the tuple (g a, g b, g c, e(g, g) abc ) with success probability µ(x) where µ is a negligible function.
27 Security assumption Security proof If there exists an adversary that can break the security scheme then there is an adversary that can decide the bilinear DiffieHellman problem. Formally: If a ppt A can win the Fuzzy SelectiveID game with probability ε(λ) then there is an adversary that can decide for the tuple (g a, g b, g c, e(g, g) z ) whether z = abc with probability ε(λ) 2.
28 Security assumption Security proof (Outline) Adversary A SelId with Pr[SelID col A SelId,Π (λ) = 1] = ε(λ) ε(λ) not negligible Construct adversary A BDH for BDH assumption Receives tuple (g a, g b, g c, e(g, g) z ) A BDH will simulate encryption scheme for A SelId Use elements of tuple for construction
29 Security assumption Security proof (Outline) Simulating an encryption scheme Set g 1 = g a, g 2 = g b Most difficult: Answer private key request correctly Core idea: On receive of messages m 1, m 2 : Encrypt m i, i {0, 1} with c = m i g z If z = abc: ciphertext distribution as in real scheme Else: c is random element of G2 If A SelId wins the game: Guess that z = abc. Otherwise, guess that z is a random element.
30 Security assumption Security proof (Outline) Pr[A BDH wins z abc] = Pr[A SelId does not win] = 1 2 because c is a uniformly distributed element. Pr[A BDH wins] = Pr[A BDH wins z = abc] Pr[z = abc] +Pr[A BDH wins z abc] Pr[z abc] ( ) 1 = 2 + ε(λ) = ε(λ) 2
31 Extensions Extensions I Arbitrary attributes Use a hash function H to has arbitrary attributes (e.g. strings) into Z p. Replace T with hash function Use a hash function instead of T. Advantages: Faster computation (one hash instead of n + 1 exponentitions) Use arbitrary number of attributes for encryption Security proof uses random oracle
32 Extensions Extensions II Decyption optimization Encrypt a ciphertext c = m e(g 1, g 2 ) s with c ( ) e d i,s (0) i, T (i) s i S m = ( ) e D i,s (0) i, g s i S Bilinear map operations reduce from 2k to k + 1 Exponentiations increase from k to 2k
33 Thank you for your attention Extensions Thank you for your attention
Acknowledgements. Notations and abbreviations
Abstract This work explains the fundamental definitions required to define and create Fuzzy Identity Based Encryption schemes as an errortolerant version of IdentityBased Encryption schemes, along with
More informationKey Privacy for Identity Based Encryption
Key Privacy for Identity Based Encryption Internet Security Research Lab Technical Report 20062 Jason E. Holt Internet Security Research Lab Brigham Young University c 2006 Brigham Young University March
More informationFuzzy Identity Based Encryption Preliminary Version
Fuzzy Identity Based Encryption Preliminary Version Amit Sahai Brent R. Waters Abstract We introduce a new type of Identity Based Encryption (IBE) scheme that we call Fuzzy Identity Based Encryption. A
More informationCryptography. Identitybased Encryption. JeanSébastien Coron and David Galindo. May 15, 2014. Université du Luxembourg
Identitybased Encryption Université du Luxembourg May 15, 2014 Summary IdentityBased Encryption (IBE) What is IdentityBased Encryption? Difference with conventional PK cryptography. Applications of
More informationBreaking An IdentityBased Encryption Scheme based on DHIES
Breaking An IdentityBased Encryption Scheme based on DHIES Martin R. Albrecht 1 Kenneth G. Paterson 2 1 SALSA Project  INRIA, UPMC, Univ Paris 06 2 Information Security Group, Royal Holloway, University
More informationIEEE Draft P1363.3. Identity Based Public Key Cryptography Based On Pairings. Daniel Schliebner. 14. Dezember 2009
Identity Based Public Key Cryptography Based On Pairings 14. Dezember 2009 Gliederung Introduction Identity Based Encryption The Protocol Security Of The Protocol Discussion About The Headline Identity
More informationMESSAGE AUTHENTICATION IN AN IDENTITYBASED ENCRYPTION SCHEME: 1KEYENCRYPTTHENMAC
MESSAGE AUTHENTICATION IN AN IDENTITYBASED ENCRYPTION SCHEME: 1KEYENCRYPTTHENMAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial
More informationIdentityBased Encryption from the Weil Pairing
Appears in SIAM J. of Computing, Vol. 32, No. 3, pp. 586615, 2003. An extended abstract of this paper appears in the Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages
More informationLecture 25: PairingBased Cryptography
6.897 Special Topics in Cryptography Instructors: Ran Canetti and Ron Rivest May 5, 2004 Lecture 25: PairingBased Cryptography Scribe: Ben Adida 1 Introduction The field of PairingBased Cryptography
More informationAttributeBased Cryptography. Lecture 21 And PairingBased Cryptography
AttributeBased Cryptography Lecture 21 And PairingBased Cryptography 1 IdentityBased Encryption 2 IdentityBased Encryption In PKE, KeyGen produces a random (PK,SK) pair 2 IdentityBased Encryption
More informationThreshold Identity Based Encryption Scheme without Random Oracles
WCAN 2006 Threshold Identity Based Encryption Scheme without Random Oracles Jin Li School of Mathematics and Computational Science Sun Yatsen University Guangzhou, P.R. China Yanming Wang Lingnan College
More informationCOM S 687 Introduction to Cryptography October 19, 2006
COM S 687 Introduction to Cryptography October 19, 2006 Lecture 16: NonMalleability and Public Key Encryption Lecturer: Rafael Pass Scribe: Michael George 1 NonMalleability Until this point we have discussed
More informationLecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture  PRGs for one time pads
CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs
More informationIdentity based cryptography
Identity based cryptography The case of encryption schemes David Galindo d.galindo@cs.ru.nl Security of Systems Department of Computer Science Radboud Universiteit Nijmegen Identity based cryptography
More informationMessage Authentication Code
Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBCMAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44
More informationChosenCiphertext Security from IdentityBased Encryption
ChosenCiphertext Security from IdentityBased Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz June 13, 2006 Abstract We propose simple and efficient CCAsecure publickey encryption schemes
More informationEfficient Hierarchical Identity Based Encryption Scheme in the Standard Model
Informatica 3 (008) 07 11 07 Efficient Hierarchical Identity Based Encryption Scheme in the Standard Model Yanli Ren and Dawu Gu Dept. of Computer Science and Engineering Shanghai Jiao Tong University
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationUniversal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure PublicKey Encryption
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure PublicKey Encryption Ronald Cramer Victor Shoup December 12, 2001 Abstract We present several new and fairly practical publickey
More informationCIS 5371 Cryptography. 8. Encryption 
CIS 5371 Cryptography p y 8. Encryption  Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: Allornothing secrecy.
More informationMultiauthority attributebased encryption with honestbutcurious central authority
International Journal of Computer Mathematics Vol. 89, No. 3, February 2012, 268 283 Multiauthority attributebased encryption with honestbutcurious central authority Vladimir Božović a, Daniel Socek
More information1 Construction of CCAsecure encryption
CSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong 10 October 2012 1 Construction of secure encryption We now show how the MAC can be applied to obtain a secure encryption scheme.
More informationIdentitybased Encryption with PostChallenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks
Identitybased Encryption with PostChallenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks Tsz Hon Yuen  Huawei, Singapore Ye Zhang  Pennsylvania State University, USA Siu Ming
More informationDepartment Informatik. PrivacyPreserving Email Forensics. Technical Reports / ISSN 21915008. Frederik Armknecht, Andreas Dewald
Department Informatik Technical Reports / ISSN 21915008 Frederik Armknecht, Andreas Dewald PrivacyPreserving Email Forensics Technical Report CS201503 April 2015 Please cite as: Frederik Armknecht,
More informationLecture 17: Reencryption
600.641 Special Topics in Theoretical Cryptography April 2, 2007 Instructor: Susan Hohenberger Lecture 17: Reencryption Scribe: Zachary Scott Today s lecture was given by Matt Green. 1 Motivation Proxy
More informationNew Efficient Searchable Encryption Schemes from Bilinear Pairings
International Journal of Network Security, Vol.10, No.1, PP.25 31, Jan. 2010 25 New Efficient Searchable Encryption Schemes from Bilinear Pairings Chunxiang Gu and Yuefei Zhu (Corresponding author: Chunxiang
More informationLecture 3: OneWay Encryption, RSA Example
ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: OneWay Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require
More informationON MULTIAUTHORITY CIPHERTEXTPOLICY ATTRIBUTEBASED ENCRYPTION
Bull. Korean Math. Soc. 46 (2009), No. 4, pp. 803 819 DOI 10.4134/BKMS.2009.46.4.803 ON MULTIAUTHORITY CIPHERTEXTPOLICY ATTRIBUTEBASED ENCRYPTION Sascha Müller, Stefan Katzenbeisser, and Claudia Eckert
More informationIntroduction to Security Proof of Cryptosystems
Introduction to Security Proof of Cryptosystems D. J. Guan November 16, 2007 Abstract Provide proof of security is the most important work in the design of cryptosystems. Problem reduction is a tool to
More informationAuthentication and Encryption: How to order them? Motivation
Authentication and Encryption: How to order them? Debdeep Muhopadhyay IIT Kharagpur Motivation Wide spread use of internet requires establishment of a secure channel. Typical implementations operate in
More informationAttributeBased Encryption for FineGrained Access Control of Encrypted Data
AttributeBased Encryption for FineGrained Access Control of Encrypted Data Vipul Goyal Omkant Pandey Amit Sahai Brent Waters Abstract As more sensitive data is shared and stored by thirdparty sites
More informationKeywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control.
Volume 5, Issue 3, March 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Identity Based
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationEfficient File Sharing in Electronic Health Records
Efficient File Sharing in Electronic Health Records Clémentine Gritti, Willy Susilo and Thomas Plantard University of Wollongong, Australia 27/02/2015 1/20 Outline for Section 1 1 Introduction 2 Solution
More information36 Toward Realizing PrivacyPreserving IPTraceback
36 Toward Realizing PrivacyPreserving IPTraceback The IPtraceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationChosenCiphertext Security from IdentityBased Encryption
ChosenCiphertext Security from IdentityBased Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz Abstract We propose simple and efficient CCAsecure publickey encryption schemes (i.e., schemes
More informationA Performance Analysis of IdentityBased Encryption Schemes
A Performance Analysis of IdentityBased Encryption Schemes Pengqi Cheng, Yan Gu, Zihong Lv, Jianfei Wang, Wenlei Zhu, Zhen Chen, Jiwei Huang Tsinghua University, Beijing, 084, China Abstract We implemented
More informationPostQuantum Cryptography #4
PostQuantum Cryptography #4 Prof. Claude Crépeau McGill University http://crypto.cs.mcgill.ca/~crepeau/waterloo 185 ( 186 Attack scenarios Ciphertextonly attack: This is the most basic type of attack
More informationIdentity Based Encryption: An Overview
Identity Based Encryption: An Overview Palash Sarkar Indian Statistical Institute IBE Overview p. Structure of Presentation Conceptual overview and motivation. Some technical details. Brief algebraic background.
More informationCiphertextAuditable Identitybased Encryption
International Journal of Network Security, Vol.17, No.1, PP.23 28, Jan. 2015 23 CiphertextAuditable Identitybased Encryption Changlu Lin 1, Yong Li 2, Kewei Lv 3, and ChinChen Chang 4,5 (Corresponding
More informationSimplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings
Simplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings Ernie Brickell Intel Corporation ernie.brickell@intel.com Liqun Chen HP Laboratories liqun.chen@hp.com March
More informationIdentityBased Encryption. Gregory Neven (IBM Zurich Research Laboratory) Eike Kiltz (CWI Amsterdam)
IdentityBased Encryption Gregory Neven (IBM Zurich Research Laboratory) Eike Kiltz (CWI Amsterdam) Publickey encryption PKI pk KeyGen sk M Enc C Dec M Sender (pk) Receiver (sk) 2 Identitybased encryption
More informationUniversally Composable IdentityBased Encryption
All rights are reserved and copyright of this manuscript belongs to the authors. This manuscript has been published without reviewing and editing as received from the authors: posting the manuscript to
More informationIdentityBased Encryption: A 30Minute Tour. Palash Sarkar
IdentityBased Encryption: A 30Minute Tour Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in Palash Sarkar (ISI, Kolkata) IBE: Some Issues ISI, Kolkata,
More informationMACs Message authentication and integrity. Table of contents
MACs Message authentication and integrity Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction MACs Constructing Secure MACs Secure communication and
More informationFunctional Encryption. Lecture 27
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data,
More informationIDbased Cryptography and SmartCards
IDbased Cryptography and SmartCards Survol des techniques cryptographiques basées sur l identité et implémentation sur carte à puce The Need for Cryptography Encryption! Transform a message so that only
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationLecture 5  CPA security, Pseudorandom functions
Lecture 5  CPA security, Pseudorandom functions Boaz Barak October 2, 2007 Reading Pages 82 93 and 221 225 of KL (sections 3.5, 3.6.1, 3.6.2 and 6.5). See also Goldreich (Vol I) for proof of PRF construction.
More informationCryptoVerif Tutorial
CryptoVerif Tutorial Bruno Blanchet INRIA ParisRocquencourt bruno.blanchet@inria.fr November 2014 Bruno Blanchet (INRIA) CryptoVerif Tutorial November 2014 1 / 14 Exercise 1: preliminary definition SUFCMA
More informationSecure Conjunctive Keyword Search Over Encrypted Data
Secure Conjunctive Keyword Search Over Encrypted Data Philippe Golle 1 and Jessica Staddon 1 and Brent Waters 2 1 Palo Alto Research Center 3333 Coyote Hill Road Palo Alto, CA 94304, USA Email: {pgolle,staddon}@parc.com
More informationNetwork security and all ilabs
Network security and all ilabs Modern cryptography for communications security part 1 Benjamin Hof hof@in.tum.de Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität
More informationPublic Key Encryption with Keyword Search Revisited
Public Key Encryption with Keyword Search Revisited Joonsang Baek, Reihaneh SafiaviNaini,Willy Susilo University of Wollongong Northfields Avenue Wollongong NSW 2522, Australia Abstract The public key
More informationIdentitybased encryption and Generic group model (work in progress) Peeter Laud Arvutiteaduse teooriaseminar Tallinn, 05.01.2012
Identitybased encryption and Generic group model (work in progress) Peeter Laud Arvutiteaduse teooriaseminar Tallinn, 05.01.2012 Identitybased encryption Publickey encryption, where public key = name
More informationIdentitybased Encryption with Efficient Revocation
A preliminary version of this paper appears in Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2008, ACM Press, 2008. This is the full version. Identitybased Encryption
More informationTalk announcement please consider attending!
Talk announcement please consider attending! Where: Maurer School of Law, Room 335 When: Thursday, Feb 5, 12PM 1:30PM Speaker: Rafael Pass, Associate Professor, Cornell University, Topic: Reasoning Cryptographically
More informationDefinitions for Predicate Encryption
Definitions for Predicate Encryption Giuseppe Persiano Dipartimento di Informatica, Università di Salerno, Italy giuper@dia.unisa.it Thursday 12 th April, 2012 Cryptographic Proofs 1 Content Results on
More informationPrivacyPreserving Aggregation of TimeSeries Data
PrivacyPreserving Aggregation of TimeSeries Data Elaine Shi PARC/UC Berkeley elaines@eecs.berkeley.edu Richard Chow PARC rchow@parc.com TH. Hubert Chan The University of Hong Kong hubert@cs.hku.hk Dawn
More informationA NOVEL APPROACH FOR VERIFIABLE SECRET SHARING BY USING A ONE WAY HASH FUNCTION
A NOVEL APPROACH FOR VERIFIABLE SECRET SHARING BY Abstract USING A ONE WAY HASH FUNCTION Keyur Parmar & Devesh Jinwala Sardar Vallabhbhai National Institute of Technology, Surat Email : keyur.beit@gmail.com
More informationLecture 9  Message Authentication Codes
Lecture 9  Message Authentication Codes Boaz Barak March 1, 2010 Reading: BonehShoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationIntroduction to Cryptography, Part II
Introduction to Cryptography, Part II Mariana Raykova 1 Alice and Bob Alice wants to communicate securely with Bob (Cryptographers frequently speak of Alice and Bob instead of A and B... What key should
More informationSecure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve
Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve N.S. Jeya karthikka PG Scholar Sri Ramakrishna Engg Collg S.Bhaggiaraj Assistant Professor Sri Ramakrishna Engg Collg V.Sumathy
More informationOutsourcing the Decryption of ABE Ciphertexts
Outsourcing the Decryption of ABE Ciphertexts Matthew Green and Susan Hohenberger Johns Hopkins University Brent Waters UT Austin Background A problem Securing records in a datasharing environment E.g.,
More informationComputational Soundness of Symbolic Security and Implicit Complexity
Computational Soundness of Symbolic Security and Implicit Complexity Bruce Kapron Computer Science Department University of Victoria Victoria, British Columbia NII Shonan Meeting, November 37, 2013 Overview
More informationLecture 13: Message Authentication Codes
Lecture 13: Message Authentication Codes Last modified 2015/02/02 In CCA security, the distinguisher can ask the library to decrypt arbitrary ciphertexts of its choosing. Now in addition to the ciphertexts
More informationMultiChannel Broadcast Encryption
MultiChannel Broadcast Encryption Duong Hieu Phan 1,2, David Pointcheval 2, and Viet Cuong Trinh 1 1 LAGA, University of Paris 8 2 ENS / CNRS / INRIA Abstract. Broadcast encryption aims at sending a content
More informationCS 4803 Computer and Network Security
pk CA User ID U, pk U CS 4803 Computer and Network Security Verifies the ID, picks a random challenge R (e.g. a message to sign) R I want pk U Alexandra (Sasha) Boldyreva PKI, secret key sharing, implementation
More informationA Secure Data Deduplication Scheme for Cloud Storage. Jan Stanek, Alessandro Sorniotti*, Elli Androulaki*, Lukas Kencl
RZ 3852 (# ZUR1308022) 09/05/2013 Computer Science 26 pages Research Report A Secure Data Deduplication Scheme for Cloud Storage Jan Stanek, Alessandro Sorniotti*, Elli Androulaki*, Lukas Kencl Czech
More informationSecurity Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012
Security Aspects of Database Outsourcing Dec, 2012 Vahid Khodabakhshi Hadi Halvachi Security Aspects of Database Outsourcing Security Aspects of Database Outsourcing 2 Outline Introduction to Database
More informationContents. Foundations of cryptography
Contents Foundations of cryptography Security goals and cryptographic techniques Models for evaluating security A sketch of probability theory and Shannon's theorem Birthday problems Entropy considerations
More informationMidterm Exam Solutions CS161 Computer Security, Spring 2008
Midterm Exam Solutions CS161 Computer Security, Spring 2008 1. To encrypt a series of plaintext blocks p 1, p 2,... p n using a block cipher E operating in electronic code book (ECB) mode, each ciphertext
More informationCertificate Based Signature Schemes without Pairings or Random Oracles
Certificate Based Signature Schemes without Pairings or Random Oracles p. 1/2 Certificate Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu, Joonsang Baek, Willy Susilo and Jianying
More informationEfficient MultiReceiver IdentityBased Encryption and Its Application to Broadcast Encryption
Efficient MultiReceiver IdentityBased Encryption and Its Application to Broadcast Encryption Joonsang Baek Reihaneh SafaviNaini Willy Susilo Centre for Information Security Research School of Information
More informationKeyword Search over Shared Cloud Data without Secure Channel or Authority
Keyword Search over Shared Cloud Data without Secure Channel or Authority Yilun Wu, Jinshu Su, and Baochun Li College of Computer, National University of Defense Technology, Changsha, Hunan, China Department
More informationData Sharing on Untrusted Storage with AttributeBased Encryption
Data Sharing on Untrusted Storage with AttributeBased Encryption by Shucheng Yu A Dissertation Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE In partial fulfillment of the requirements
More informationDemocratic Group Signatures on Example of Joint Ventures
Democratic Group Signatures on Example of Joint Ventures Mark Manulis HorstGörtz Institute RuhrUniversity of Bochum D44801, Germany EMail: mark.manulis@rub.de Abstract. In the presence of economic globalization
More informationDigital Signatures. Prof. Zeph Grunschlag
Digital Signatures Prof. Zeph Grunschlag (Public Key) Digital Signatures PROBLEM: Alice would like to prove to Bob, Carla, David,... that has really sent them a claimed message. E GOAL: Alice signs each
More informationNonInteractive CCASecure Threshold Cryptosystems with Adaptive Security: New Framework and Constructions
NonInteractive CCASecure Threshold Cryptosystems with Adaptive Security: New Framework and Constructions Benoît Libert 1 and Moti Yung 2 1 Université catholique de Louvain, ICTEAM Institute (Belgium)
More informationPrivacy in Encrypted Content Distribution Using Private Broadcast Encryption
Privacy in Encrypted Content Distribution Using Private Broadcast Encryption Adam Barth 1, Dan Boneh 1, and Brent Waters 2 1 Stanford University, Stanford, CA 94305 {abarth, dabo}@cs.stanford.edu 2 SRI
More informationMessage Authentication Codes 133
Message Authentication Codes 133 CLAIM 4.8 Pr[Macforge A,Π (n) = 1 NewBlock] is negligible. We construct a probabilistic polynomialtime adversary A who attacks the fixedlength MAC Π and succeeds in
More informationThe Mathematics of the RSA PublicKey Cryptosystem
The Mathematics of the RSA PublicKey Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationMAC. SKE in Practice. Lecture 5
MAC. SKE in Practice. Lecture 5 Active Adversary Active Adversary An active adversary can inject messages into the channel Active Adversary An active adversary can inject messages into the channel Eve
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More information1 Signatures vs. MACs
CS 120/ E177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. KatzLindell 10 1 Signatures vs. MACs Digital signatures
More informationSample or Random Security A Security Model for SegmentBased Visual Cryptography
Sample or Random Security A Security Model for SegmentBased Visual Cryptography Sebastian Pape Dortmund Technical University March 5th, 2014 Financial Cryptography and Data Security 2014 Sebastian Pape
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationEfficient Unlinkable Secret Handshakes for Anonymous Communications
보안공학연구논문지 (Journal of Security Engineering), 제 7권 제 6호 2010년 12월 Efficient Unlinkable Secret Handshakes for Anonymous Communications EunKyung Ryu 1), KeeYoung Yoo 2), KeumSook Ha 3) Abstract The technique
More informationDigital Signatures. What are Signature Schemes?
Digital Signatures Debdeep Mukhopadhyay IIT Kharagpur What are Signature Schemes? Provides message integrity in the public key setting Counterparts of the message authentication schemes in the public
More informationIDBased Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption
IDBased Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption Danfeng Yao Nelly Fazio Yevgeniy Dodis Anna Lysyanskaya Abstract A forwardsecure encryption scheme
More informationBoosting LinearlyHomomorphic Encryption to Evaluate Degree2 Functions on Encrypted Data
Boosting LinearlyHomomorphic Encryption to Evaluate Degree2 Functions on Encrypted Data Dario Catalano 1 and Dario Fiore 2 1 Dipartimento di Matematica e Informatica, Università di Catania, Italy. catalano@dmi.unict.it
More informationEnforcing RoleBased Access Control for Secure Data Storage in the Cloud
The Author 211. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions please email: journals.permissions@oup.com Advance Access publication
More informationCSC474/574  Information Systems Security: Homework1 Solutions Sketch
CSC474/574  Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a oneround Feistel cipher
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationEfficient CertificateBased Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 0, 55568 (04) Efficient CertificateBased Encryption Scheme Secure Against Key Replacement Attacks in the Standard Model * College of Computer and Information
More informationPARTICIPATORY sensing and data surveillance are gradually
1 A Comprehensive Comparison of Multiparty Secure Additions with Differential Privacy Slawomir Goryczka and Li Xiong Abstract This paper considers the problem of secure data aggregation (mainly summation)
More informationShared and Searchable Encrypted Data for Untrusted Servers
Shared and Searchable Encrypted Data for Untrusted Servers Changyu Dong 1, Giovanni Russello 2, Naranker Dulay 1 1 Department of Computing, 2 Security Area, Imperial College London, CreateNet, 180 Queen
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. PrivateKey Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More informationSYMMETRIC ENCRYPTION. Mihir Bellare UCSD 1
SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = (K,E,D) consists of three algorithms: K and E may be randomized, but D must be deterministic. Mihir Bellare UCSD 2 Correct
More information