Your search keyword '"public-key encryption"' showing total 398 results

201. Post-challenge leakage in public-key encryption.

Author

Zhang, Zongyang, Chow, Sherman S.M., and Cao, Zhenfu

Subjects

*DATA encryption, *PUBLIC key infrastructure (Computer security), *COMPUTER security, *COMPUTER research, *CHECK digit schemes

Abstract

When an adversary can measure the physical memory storing the decryption key, decryption functionality often comes in handy. Halevi and Lin (TCC'11) studied after-the-fact (or post-challenge) leakage in public-key encryption (PKE), in which an adversary can make leakage queries from a split state after seeing the challenge ciphertext, but left security against chosen-ciphertext attacks (CCA) as a future work. In this paper, we follow their work and formulate the definition of entropic leakage-resilient CCA-secure PKE, which we show can be realized by the Naor–Yung “double encryption” paradigm (STOC'90). We then leverage it to get a CCA-secure key-encapsulation mechanism in the presence of post-challenge leakage, in the same model of bounded memory leakage from a split state. Finally, we prove that the hybrid encryption framework is still applicable by presenting a construction of CCA-secure PKE in the presence of post-challenge leakage. As additional results, we extend these concepts to the identity-based setting, where many identity-based secret-keys can be leaked after the adversary got the challenge, and give a construction of identity-based encryption in the presence of post-challenge leakage in the split-state model, which can be instantiated by the identity-based hash proof systems of Alwen et al. (Eurocrypt'10) and Chow et al. (CCS'10). [ABSTRACT FROM AUTHOR]

Published

2015

202. Privacy preserving revocable predicate encryption revisited.

Author

Lee, Kwangsu, Kim, Intae, and Hwang, Seong Oun

Subjects

PUBLIC key cryptography, PRIVACY, ENCRYPTION protocols, CLOUD storage, SELF-adaptive software

Abstract

Predicate encryption (PE) that provides both the access control of ciphertexts and the privacy of ciphertexts is a new paradigm of public-key encryption. An important application of PE is a searchable encryption system in cloud storage, where it enables a client to securely outsource the search of a keyword on encrypted data without revealing the keyword to the cloud server. One practical issue of PE is to devise an efficient revocation method to revoke a user when the secret key of the user is compromised. Privacy preserving revocable PE (RPE) can provide not only revocation but also the privacy of revoked users. In this paper, we first define two new security models of privacy preserving RPE: the strongly full-hiding (FH) security and the weakly FH security. Next, we propose a general RPE construction from any PE scheme and prove its security in the weakly FH security model. Our generic RPE scheme is efficient because the number of ciphertext elements is not proportional to the number of users in a receiver set. Additionally, our RPE scheme can support polynomial-size circuits if a recently proposed functional encryption scheme for polynomial-size circuits is used as an underlying PE scheme. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

203. Analysing the HPKE Standard

Author

Bruno Blanchet, Eduard Hauck, Doreen Riepel, Benjamin Lipp, Eike Kiltz, Joël Alwen, Wickr, Programming securely with cryptography (PROSECCO ), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Ruhr-Universität Bochum [Bochum], ANR TECAP (decision number ANR-17-CE39-0004-03), DFG SPP 1736 Big Data, BMBF iBlockchain, EU H2020 PROMETHEUS project 780701, DFG Cluster of Excellence 2092 CASA, ERC CIRCUS (grant agreement no 683032)., IACR Cryptology ePrint Archive, ANR-17-CE39-0004,TECAP,Analyse de protocoles - unir les outils existants(2017), European Project: 683032,H2020 ERC,ERC-2015-CoG,CIRCUS(2016), European Project: 780701,PROMETHEUS(2018), and Programming securely with cryptography (PROSECCO)

Subjects

Scheme (programming language), Authentication, Public-key encryption, Signcryption, business.industry, Computer science, Group (mathematics), 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Key encapsulation mechanisms, Encryption, 01 natural sciences, Public-key cryptography, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Mode (computer interface), 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, business, computer, Computer network, computer.programming_language

Abstract

The Hybrid Public Key Encryption (HPKE) scheme is an emerging standard currently under consideration by the Crypto Forum Research Group (CFRG) of the IETF as a candidate for formal approval. Of the four modes of HPKE, we analyse the authenticated mode HPKE Auth in its single-shot encryption form as it contains what is, arguably, the most novel part of HPKE and has applications to other upcoming standards such as MLS. HPKE Auth 's intended application domain is captured by a new primitive which we call Authenticated Public Key Encryption (APKE). We provide syntax and security definitions for APKE schemes, as well as for the related Authenticated Key Encapsulation Mechanisms (AKEMs). We prove security of the AKEM scheme DH-AKEM underlying HPKE Auth based on the Gap Diffie-Hellman assumption and provide general AKEM/DEM composition theorems with which to argue about HPKE Auth 's security. To this end, we also formally analyse HPKE Auth 's key schedule and key derivation functions. To increase confidence in our results we use the automatic theorem proving tool CryptoVerif. All our bounds are quantitative and we discuss their practical implications for HPKE Auth. As an independent contribution we propose the new framework of nominal groups that allows us to capture abstract syntactical and security properties of practical elliptic curves, including the Curve25519 and Curve448 based groups (which do not constitute cyclic groups).

Published

2021

204. DCCA-Secure Public-Key Encryptions from Hybrid Paradigms.

Author

Chen, Yuan, Chen, Xiaofeng, and Li, Hui

Abstract

Detectable Chosen Cipher text Security (DCCA security) is a security notion for Public-Key Encryptions proposed recently in [1]. A DCCA-secure encryption is not necessarily CCA-secure, but dangerous decryption queries can be detected and are not allowed to be requested to the decryption oracle. DCCA-secure schemes may helps in constructing of CCA-secure ones. In this paper, we show there are already DCCA-secure public-key encryptions from popular KEM+DEM style hybrid paradigms, and passive security for DEM is sufficient for achieving DCCA-secure hybrid PKEs both for KEM+DEM and Tag-KEM/DEM paradigms. Furthermore, two DCCA-secure Public-Key schemes constructed from CCA secure KEMs by using hybrid paradigms are presented, which fall outside any of the three cases pointed out in [1]. [ABSTRACT FROM PUBLISHER]

Published

2012

205. A public-key exchange cryptographic technique using matrix.

Author

Kester, Quist-Aphetsi

Abstract

Cryptography provides the platform and concepts for which cryptosystems are being developed. Pubkc Key Cryptosystems assure privacy as well as integrity of the transactions between two parties. This paper proposes a new system of Public-Key Exchange by using matrix and a scahr to achieve the shared secrete key. The algorithm used was proven using a mathematical example. [ABSTRACT FROM PUBLISHER]

Published

2012

206. An Efficient Forward-Secure Public-Key Encryption Scheme without Random Oracles.

Author

Yang Lu and Jiguo Li

Subjects

CRYPTOGRAPHY, COMMUNICATION, DATA encryption, COMPUTER science, COMPUTER security

Abstract

In the real world, cryptographic computations are often performed on a relatively insecure device which can not be trusted to maintain secrecy of the secret key. Exposure of secret keys is perhaps the most debilitating attack on a cryptosystem since it implies that all security guarantees are lost. The notion of forward security guarantees that the compromise of current secret keys does not compromise past secret keys and past communications. Therefore, it can minimize the resulting damage caused by the exposure of secret keys, and provides a promising approach to deal with the secret key exposure. In this paper, we present an efficient forward-secure public-key encryption scheme and prove it to be secure in the standard model. Most of the performance parameters of our proposed scheme are independent on the total number of time periods. When compared with the previous scheme, our scheme is much more efficient. [ABSTRACT FROM AUTHOR]

Published

2010

207. Reductionist Security Arguments for Public-Key Cryptographic Schemes Based on Group Action.

Author

Stolbunov, Anton

Subjects

PUBLIC key cryptography, COMPUTER network protocols, HASHING, DATA protection, COMPUTER security, GROUP actions (Mathematics)

Abstract

We provide reductionist security arguments for a key agreement protocol KA, which is the Diffie-Hellman key agreement protocol generalized to the context of a group action on a set, and for a public-key encryption scheme PE, which is the "hashed" ElGamal scheme generalized for a group action on a set. For the KA protocol we use the notion of session key security in the authenticated links model, proposed by Canetti and Krawczyk. For the PE scheme we use a version of the semantic security notion proposed by Goldwasser and Micali. We prove that the security of the KA protocol and the PE scheme is based on the decisional Diffie-Hellman group action problem, defined later in this paper. The PE scheme security also depends on the entropy smoothing property of the hash function family used in the scheme. [ABSTRACT FROM AUTHOR]

Published

2009

208. Voter Verifiable and Single Transferable Electronic Voting for Elections with Electoral Barriers.

Author

Yücel, Okan and Baykal, Nazife

Abstract

"Voter verifiability" is a notion offered by some electronic voting schemes, which develops into an important issue of democracy in the electronic world. The idea is to endow each voter with the facility of verifying that his vote is counted correctly. The check mechanism for the correct count of the vote can be provided by means of a voting receipt. On the other hand, whenever one has a receipt that serves to check the correct casting and tallying of the vote, it can also be used as the proof for the content of the vote. This may lead to voter coercion and ballot-selling, which in turn injures democracy. Hence, previous versions of the electronic voting schemes have avoided giving receipts to the voters, and introduced the concept of receipt-freeness as an integral part of the voting system. Nonetheless, e-voting can only be made to work if voters trust in the system, and receipts are useful in building this trust. "Prêt a Voter" is an e-voting scheme proposed by Chaum, Ryan et al, which provides voter verifiability without any threat of voter coercion and ballot-selling; because, the receipt does not tell anything about the content of the vote to anybody except for the voter himself. The last version, "Prêt a Voter: All-In-One" scheme proposed in 2007 also solves the problem of handling the Single Transferable Voting (STV) elections efficiently. We focus on STV elections and propose a protocol modification for the elections; in which political parties, whose votes remain below a certain barrier, are eliminated. Our proposal prevents the loss of votes used for the eliminated parties and distributes them securely to the second or higher choices of their voters. This protocol is then applied to the Prêt a Voter: All-In-One scheme, which we suitably modify to enhance the security of its ballot-construction phase. We finally adapt the STV protocol to Turkish parliamentary elections, by taking into consideration the present details of the tallying strategy within each election region. [ABSTRACT FROM AUTHOR]

Published

2009

209. Timed encryption with application to deniable key exchange.

Author

Jiang, Shaoquan

Subjects

*DATA encryption, *APPLICATION software, *CRYPTOGRAPHY, *COMPUTER network protocols, *DATA security, *COMMUNICATION models

Abstract

In this paper, we propose a new notion of timed encryption, in which the encryption is secure within time t while it is completely insecure after some time T > t . We consider the setting where t and T are both polynomial (in the security parameter). This primitive seems useful in applications where some intermediate data needs to be private temporarily while later it is desired to be public. We propose two schemes for this. One is reasonably efficient in the random oracle model; the other is generic without a random oracle. To demonstrate its usefulness, we use it as a building block to construct a new deniable key exchange (KE) protocol. A deniable KE protocol is a protocol that allows two parties to securely agree on a secret while neither of them can prove to a third party the fact of communication. So an honest party can deny his participation in the communication. Our protocol is adaptively deniable and secret in the concurrent and non-eraser model that admits session state reveal attacks and eavesdropping attacks. Here a session state reveal attack in a non-eraser model means that a user does not erase his intermediate data (e.g., due to a system backup) and, when compromised, will hand it out faithfully to an adversary. An eavesdropping attack allows an adversary to eavesdrop transcripts between honest users, in which he is unaware of the randomness. As emphasized by Di Raimondo et al. [14] and Yao and Zhao [30] , an eavesdropping attack is very serious toward breaking the deniability. Our protocol is the first to simultaneously achieve all of the above properties without random oracles. The only price we pay is a timing restriction on the protocol execution. However, this restriction is rather weak and is essentially to require a user to answer an incoming message as soon as possible, which can be satisfied by almost all protocols that are executed online. [ABSTRACT FROM AUTHOR]

Published

2014

210. Lattice-based certificateless public-key encryption in the standard model.

Author

Sepahi, Reza, Steinfeld, Ron, and Pieprzyk, Josef

Subjects

*PUBLIC key cryptography, *INFORMATION technology security, *LATTICE theory, *DATA transformations (Statistics), *MATHEMATICAL models, *DATA security

Abstract

The notion of certificateless public-key encryption (CL-PKE) was introduced by Al-Riyami and Paterson in 2003 that avoids the drawbacks of both traditional PKI-based public-key encryption (i.e., establishing public-key infrastructure) and identity-based encryption (i.e., key escrow). So CL-PKE like identity-based encryption is certificate-free, and unlike identity-based encryption is key escrow-free. In this paper, we introduce simple and efficient CCA-secure CL-PKE based on (hierarchical) identity-based encryption. Our construction has both theoretical and practical interests. First, our generic transformation gives a new way of constructing CCA-secure CL-PKE. Second, instantiating our transformation using lattice-based primitives results in a more efficient CCA-secure CL-PKE than its counterpart introduced by Dent in 2008. [ABSTRACT FROM AUTHOR]

Published

2014

211. RCCA security for KEM+DEM style hybrid encryptions and a general hybrid paradigm from RCCA-secure KEMs to CCA-secure encryptions.

Author

Yuan, Chen and Qingkuan, Dong

Subjects

PUBLIC key cryptography, DATA encryption, COMPUTER network security, CIPHERS, COMPUTER security research

Abstract

ABSTRACT Replayable chosen-ciphertext attack (RCCA) security is a weaker notion than chosen-ciphertext attack (CCA) security and has been proven to be sufficient for several cryptographic tasks. However, it is open to construct RCCA-secure schemes more efficient than CCA-secure ones. This paper adapts RCCA security to the most popular hybrid paradigms, KEM+DEM and Tag-KEM/DEM. For KEM+DEM paradigm, we show RCCA security is consistent with the CCA case, just as desired. But for Tag-KEM/DEM paradigm, we find some different status. Natural RCCA-secure Tag-KEM schemes can be easily constructed, which are more efficient than all existing CCA-secure ones. But unfortunately, passive security of DEM is not sufficient to obtain RCCA hybrid encryptions. In spite of this and for completeness, we show RCCA-secure DEMs are still sufficient. On the other hand, for passive secure DEMs, we prove that a stronger notion of RCCA security for Tag-KEM, named as tRCCA security, suffices for RCCA-secure hybrid encryptions. This somewhat suggests that a benign RCCA security for tag-based schemes should be tRCCA security. Finally, to show RCCA-secure KEM is sufficient for achieving CCA-secure hybrid encryptions, we introduce a new hybrid paradigm, named as KEM/Tag-DEM, where the ciphertext of KEM is used as a tag for Tag-DEM scheme rather than reversely in Tag-KEM/DEM, so that the security of KEM can be weakened to RCCA one. KEM/Tag-DEM shows the diversity of hybrid encryptions and has additional practical values. We also show Tag-DEMs can be constructed as efficiently as DEMs. Copyright © 2013 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2014

212. Public-key encryption scheme with selective opening chosen-ciphertext security based on the Decisional Diffie-Hellman assumption.

Author

Liu, Shengli, Zhang, Fangguo, and Chen, Kefei

Subjects

PUBLIC key cryptography, SCHEME programming language, CIPHERS, COMPUTER security, CYBERTERRORISM, MATHEMATICAL proofs

Abstract

SUMMARY Chosen-ciphertext security has been well-accepted as a standard security notion for public-key encryption. But in a multi-user surrounding, it may not be sufficient, because the adversary may corrupt some users to obtain the random coins as well as the plaintexts used to generate ciphertexts. The attack is named 'selective opening attack'. We study how to achieve full-fledged chosen-ciphertext security in selective opening setting directly from the Decisional Diffie-Hellman assumption. Our construction is actually a tag-based public-key encryption scheme free of chameleon hashing and has a tight security reduction to the Decisional Diffie-Hellman assumption and the collision-resistant assumption of hash functions. The tag for each ciphertext is generated in a flexible way to serve the chosen-ciphertext security proof in selective opening settings. Copyright © 2013 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2014

213. Lattice-based completely non-malleable public-key encryption in the standard model.

Author

Sepahi, Reza, Steinfeld, Ron, and Pieprzyk, Josef

Subjects

DATA encryption, LATTICE field theory, MATHEMATICAL models, FEASIBILITY studies, SCHEME programming language

Abstract

An encryption scheme is non-malleable if giving an encryption of a message to an adversary does not increase its chances of producing an encryption of a related message (under a given public key). Fischlin introduced a stronger notion, known as complete non-malleability, which requires attackers to have negligible advantage, even if they are allowed to transform the public key under which the related message is encrypted. Ventre and Visconti later proposed a comparison-based definition of this security notion, which is more in line with the well-studied definitions proposed by Bellare et al. The authors also provide additional feasibility results by proposing two constructions of completely non-malleable schemes, one in the common reference string model using non-interactive zero-knowledge proofs, and another using interactive encryption schemes. Therefore, the only previously known completely non-malleable (and non-interactive) scheme in the standard model, is quite inefficient as it relies on generic NIZK approach. They left the existence of efficient schemes in the common reference string model as an open problem. Recently, two efficient public-key encryption schemes have been proposed by Libert and Yung, and Barbosa and Farshim, both of them are based on pairing identity-based encryption. At ACISP 2011, Sepahi et al. proposed a method to achieve completely non-malleable encryption in the public-key setting using lattices but there is no security proof for the proposed scheme. In this paper we review the mentioned scheme and provide its security proof in the standard model. Our study shows that Sepahi's scheme will remain secure even for post-quantum world since there are currently no known quantum algorithms for solving lattice problems that perform significantly better than the best known classical (i.e., non-quantum) algorithms. [ABSTRACT FROM AUTHOR]

Published

2014

214. Better Security for Deterministic Public-Key Encryption: The Auxiliary-Input Setting.

Author

Brakerski, Zvika and Segev, Gil

Subjects

DATA encryption, PUBLIC key cryptography, COMPUTER network security, ENTROPY (Information theory), DETERMINISTIC algorithms, SEMANTICS

Abstract

Deterministic public-key encryption, introduced by Bellare, Boldyreva, and O'Neill (CRYPTO '07), provides an alternative to randomized public-key encryption in various scenarios where the latter exhibits inherent drawbacks. A deterministic encryption algorithm, however, cannot satisfy any meaningful notion of security when the plaintext is distributed over a small set. Bellare et al. addressed this difficulty by requiring semantic security to hold only when the plaintext has high min-entropy from the adversary's point of view. In many applications, however, an adversary may obtain auxiliary information that is related to the plaintext. Specifically, when deterministic encryption is used as a building block of a larger system, it is rather likely that plaintexts do not have high min-entropy from the adversary's point of view. In such cases, the framework of Bellare et al. might fall short from providing robust security guarantees. We formalize a framework for studying the security of deterministic public-key encryption schemes with respect to auxiliary inputs. Given the trivial requirement that the plaintext should not be efficiently recoverable from the auxiliary input, we focus on hard-to-invert auxiliary inputs. Within this framework, we propose two schemes: the first is based on the d-linear assumption for any d≥1 (including, in particular, the decisional Diffie-Hellman assumption), and the second is based on a rather general class of subgroup indistinguishability assumptions (including, in particular, the quadratic residuosity assumption and Paillier's composite residuosity assumption). Our schemes are secure with respect to any auxiliary input that is subexponentially hard to invert (assuming the standard hardness of the underlying computational assumptions). In addition, our first scheme is secure even in the multi-user setting where related plaintexts may be encrypted under multiple public keys. Constructing a scheme that is secure in the multi-user setting (even without considering auxiliary inputs) was identified by Bellare et al. as an important open problem. [ABSTRACT FROM AUTHOR]

Published

2014

215. EFFICIENT FULLY HOMOMORPHIC ENCRYPTION FROM (STANDARD) LWE.

Author

BRAKERSKI, ZVIKA and VAIKUNTANATHAN, VINOD

Subjects

*DATA encryption, *HOMOMORPHISMS, *MACHINE learning, *LATTICE theory, *CIPHERS, *INFORMATION retrieval

Abstract

A fully homomorphic encryption (FHE) scheme allows anyone to transform an encryption of a message, m, into an encryption of any (efficient) function of that message, f(m), without knowing the secret key. We present a leveled FHE scheme that is based solely on the (standard) learning with errors (LWE) assumption. (Leveled FHE schemes are initialized with a bound on the maximal evaluation depth. However, this restriction can be removed by assuming "weak circular security.") Applying known results on LWE, the security of our scheme is based on the worst-case hardness of "short vector problems" on arbitrary lattices. Our construction improves on previous works in two aspects: 1. We show that "somewhat homomorphic" encryption can be based on LWE, using a new relinearization technique. In contrast, all previous schemes relied on complexity assumptions related to ideals in various rings. 2. We deviate from the "squashing paradigm" used in all previous works. We introduce a new dimension-modulus reduction technique, which shortens the ciphertexts and reduces the decryption complexity of our scheme, without introducing additional assumptions. Our scheme has very short ciphertexts, and we therefore use it to construct an asymptotically efficient LWE-based single-server private information retrieval (PIR) protocol. The communication complexity of our protocol (in the public-key model) is k·polylog(k)+log |DB| bits per single-bit query, in order to achieve security against 2k-time adversaries (based on the best known attacks against our underlying assumptions). [ABSTRACT FROM AUTHOR]

Published

2014

216. Efficient Linear Homomorphic Encryption from LWE Over Rings.

Author

Wang, Ting, Yu, Jianping, Zhang, Peng, and Xie, Xuan

Subjects

PUBLIC key cryptography, COMPUTER security, DATA protection, SIMULATION methods & models, HOMOMORPHISMS

Abstract

As the basis for secure public-key encryption under various cases, the learning with errors (LWE) problem has proved to be versatile for encryption schemes. Unfortunately, it tends not to be efficient enough for practical applications. For improving the efficiency issues and quickening the practical applications of the lattice-based public-key cryptosystems, an efficient homomorphic encryption scheme is presented in this paper, which is based on the learning with errors over rings (R-LWE) assumption, and its security is reducible to the hardness of the shortest vector problem in the worst case on ideal lattices. Furthermore, the scheme possesses homomorphism feature that encryption operations are consistent with message operations. The security analysis shows that the proposed encryption scheme is secure against chosen-plaintext attacks in the standard model. At the same time, the efficiency analysis and simulation results indicate that the scheme is much more efficient than previous lattice-based cryptosystems. [ABSTRACT FROM AUTHOR]

Published

2014

217. Lattice-based public-key encryption with resistance of ciphertext-only attack.

Author

LI Jun

Subjects

*DATA encryption, *PUBLIC key cryptography, *PROBABILITY theory, *COMPUTER simulation, *APPROXIMATION theory

Abstract

This paper proposed a new lattice-based public-key encryption which could resist the chosen ciphertext attack against Cai-Cusick encryption scheme. A small modification on parameters of the original scheme yielded this new scheme. This paper made a program to simulate this new scheme and found that with growth of the number of experiences, the probability of resisting chosen ciphertext was approximate to one. Hence, this new scheme could resist the attack efficiently. On the other hand, this improved encryption scheme also inherited the benefits from the original scheme, of less ciphertext expansion. It draw a conclusion that this scheme has less ciphertext expansion and can prevent the ciphertext-only attack. [ABSTRACT FROM AUTHOR]

Published

2014

218. Security Models and Proof Strategies for Plaintext-Aware Encryption.

Author

Birkett, James and Dent, Alexander

Subjects

DATA security, MATHEMATICAL models, DATA encryption, MATHEMATICAL proofs, CRYPTOGRAPHY, COMPUTER simulation

Abstract

Plaintext-aware encryption is a simple concept: a public-key encryption scheme is plaintext aware if no polynomial-time algorithm can create a ciphertext without 'knowing' the underlying message. However, the formal definitions of plaintext awareness are complex. This paper analyses these formal security definitions and presents the only known viable strategy for proving a scheme is PA2 plaintext aware. At the heart of this strategy is a new notion called PA1+ plaintext awareness. This security notion conceptually sits between PA1 and PA2 plaintext awareness (although it is formally distinct from either of these notions). We show exactly how this new security notion relates to the existing notions and how it can be used to prove PA2 plaintext awareness. [ABSTRACT FROM AUTHOR]

Published

2014

219. Adaptively Secure Non-interactive CCA-Secure Threshold Cryptosystems: Generic Framework and Constructions

Author

Benoît Libert, Moti Yung, Centre National de la Recherche Scientifique (CNRS), Arithmetic and Computing (ARIC), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire de l'Informatique du Parallélisme (LIP), École normale supérieure - Lyon (ENS Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Lyon (ENS Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Centre National de la Recherche Scientifique (CNRS), Laboratoire de l'Informatique du Parallélisme (LIP), Université de Lyon-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Google Inc., Columbia University [New York], École normale supérieure de Lyon (ENS de Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure de Lyon (ENS de Lyon)-Université Claude Bernard Lyon 1 (UCBL), Centre National de la Recherche Scientifique (CNRS)-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-École normale supérieure - Lyon (ENS Lyon)-Centre National de la Recherche Scientifique (CNRS)-Université de Lyon-Université Claude Bernard Lyon 1 (UCBL), and Université de Lyon-École normale supérieure - Lyon (ENS Lyon)

Subjects

Theoretical computer science, Computer science, Hash function, Cryptography, 0102 computer and information sciences, Encryption, 01 natural sciences, Public-key cryptography, 03 medical and health sciences, chosen-ciphertextsecurity, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 0302 clinical medicine, Server, adaptive corruptions, Cryptosystem, non-interactivity, Threshold cryptography, public-key encryption, robustness, business.industry, Applied Mathematics, 16. Peace & justice, Computer Science Applications, Distributed key generation, 010201 computation theory & mathematics, 030220 oncology & carcinogenesis, Verifiable secret sharing, business, Software

Abstract

International audience; In threshold cryptography, private keys are divided into n shares, each one of which is given to a different server in order to avoid single points of failure. In the case of threshold public-key encryption, at least t out of n servers need to contribute to the decryption process. A threshold primitive issaid robust if no coalition of t malicious servers can prevent remaining honest servers from successfully completing private key operations. Non-interactive schemes, considered the most practical ones, allow servers to contribute to decryption without interactions. So far, most non-interactive threshold cryptosystems were only proved secure against static corruptions. In the adaptive corruption scenario (where the adversary can corrupt servers at any time, based on its complete view), all existing robust threshold encryption schemes that also resist chosen-ciphertext attacks (CCA) till recently require interaction in the decryption phase. A very specific method (in composite order groups) for getting rid of interactionwas recently suggested, leaving the question of more generic frameworks and constructions with better security and, in particular, better exibility (i.e., compatibility with distributed key generation). This paper advances the state of the art and describes a general construction of adaptively secure robust non-interactive threshold cryptosystems with chosen-ciphertext security. We define the novel notion of all-but-one perfectly sound threshold hash proof systems that can be seen as (threshold) hash proof systems with publicly verifiable and simulation-sound proofs. We show that this notion generically implies threshold cryptosystems combining the aforementioned properties. Then, we provide efficient instantiations under well-studied assumptions in bilinear groups (e.g., in such groups of prime order). These instantiations have a tighter security proof in the single-challenge setting and are indeed compatible with distributed key generation protocols.

Published

2020

220. Protocoles cryptographiques pour la protection de la vie privée

Author

Towa, Patrick, STAR, ABES, Département d'informatique - ENS Paris (DI-ENS), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Université Paris sciences et lettres, and Damien Vergnaud

Subjects

Zone encryption, Public-key encryption, Threshold cryptography, Diophantine equations, Randomness certification, Vie privée, Signatures de groupe, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Équations diophantiennes, Privacy, Group signatures, V2X, Cryptographie à seuil, Chiffrement par zone, Certification d’Aléa, Zero-knowledge proofs, Password-based cryptography, Chiffrement à clef publique, Preuves à divulgation nulle, Cryptographie à base de mots de passe, [INFO.INFO-CR] Computer Science [cs]/Cryptography and Security [cs.CR]

Abstract

This manuscript proposes new cryptographic protocols that are respectful of users’ privacy and which have real-world applications. In a first part, the focus is on group signatures, a primitive which allows members of a user group to anonymously sign on behalf of the group, and on message confidentiality. To remove the trust on single authorities, group signatures are here defined in a setting with multiple authorities and support both threshold issuance and threshold opening. These group signatures are then used as authentication mechanism for vehicle-to-vehicle communication, and combined with zone encryption, a new primitive whereby vehicles can efficiently encrypt their communication, they provide strong, well-defined privacy guarantees for cooperative intelligent transport systems. Thereafter, public-key encryption is studied in a more general context in which users do not have access to secure storage to protect their secret keys, but can leverage passwords and interaction with servers to obtain comparable security guarantees without renouncing their privacy. In a second part, the topic of study are general-purpose cryptographic primitives which have privacy-preserving applications. First come zero-knowledge arguments, a type of cryptographic schemes which enable a computationally bounded prover to convince a verifier of a statement without disclosing any information beyond that. More specifically, we study arguments to prove the satisfiability of Diophantine equations which have logarithmic communication and round complexity, as well as their applications to privacy-preserving cryptography. Then, we tackle the problem of proving that a user algorithm selected and correctly used a truly random seed in the generation of her cryptographic key, a problem of fundamental importance to the security of any public-key cryptographic scheme., Ce manuscrit propose des nouveaux protocoles cryptographiques qui sont respectueux de la vie privée des utilisateurs et qui ont des applications dans la vie réelle. Dans une première partie, l’accent est mis sur les signatures de groupe, une primitive cryptographique qui permet aux membres d’un groupe d’utilisateurs de signer anonymement au nom du groupe, et sur la confidentialité des messages. Pour éviter de faire confiance à des autorités uniques, les signatures de groupe sont ici définies avec plusieurs autorités et permettent l’émission à seuil de titres de créance ainsi que l’ouverture à seuil. Ces signatures de groupe sont alors utilisées comme mécanisme d’authentification pour la communication entre véhicules, et, combinées au chiffrement par zone, une nouvelle primitive permettant aux véhicules de chiffrer éfficacement leur communication, elles assurent de fortes garanties de sécurité bien définies pour les systèmes de transport coopératifs et intelligents. Par la suite, le chiffrement à clef publique est étudié dans un contexte plus général dans lequel les utilisateurs n’ont pas accès à un support de stockage sécurisé pour leurs clefs secrètes, mais peuvent tirer parti de mots de passe et de l’interaction avec des serveurs pour obtenir des garanties de sécurité comparables tout en préservant leurs vies privées. Dans une deuxième partie, nous étudions des primitives cryptographiques à portée générale qui ont des applications à la protection de la vie privée. Dans un premier temps, nous étudions les arguments à divulgation nulle, un type de schémas cryptographiques qui permettent à un prouveur avec une puissance de calcul limitée de convaincre un vérifieur d’une assertion sans révéler aucune information supplémentaire. Plus précisement, nous étudions des arguments de satisfiabilité d’équations diophantiennes qui ont une complexité de communication et une complexité de tour logarithmiques, ainsi que leurs applications à la cryptographie qui vise à protéger la vie privée. Ensuite, nous considérons la question de prouver que l’algorithme d’un utilisateur a correctement choisi et utilisé une graine réellement aléatoire pour générer les clefs de l’utilisateur, un problème d’une importance capitale pour la sécurité de tout système cryptographique à clef publique.

Published

2020

221. Public-Key Encryption

Author

van Tilborg, Henk C. A., editor and Jajodia, Sushil, editor

Published

2011

222. Black-box construction of a more than non-malleable CCA1 encryption scheme from plaintext awareness.

Author

Myers, Steven, Sergi, Mona, and shelat, abhi

Subjects

*DATA encryption, *PUBLIC key cryptography, *COMPUTER security research, *CRYPTOGRAPHY research, *DATA protection research

Abstract

We construct a Non-Malleable Chosen Ciphertext Attack (NM-CCA1) encryption scheme from any encryption scheme that is also plaintext aware and weakly simulatable. We believe this is the first construction of a NM-CCA1 scheme that follows strictly from encryption schemes with seemingly weaker or incomparable security definitions to NM-CCA1.Previously, the statistical Plaintext Awareness #1 (PA1) notion was only known to imply CCA1. Our result is therefore novel because unlike the case of Chosen Plaintext Attack (CPA) and Chosen Chiphertext Attack (CCA2), it is unknown whether a CCA1 scheme can be transformed into an NM-CCA1 scheme. Additionally, we show both the Damgård Elgamal Scheme (DEG) [in: CRYPTO, J. Feigenbaum, ed., Lecture Notes in Computer Science, Vol. 576, Springer, 1991, pp. 445-456] and the Cramer-Shoup Lite Scheme (CS-Lite) [SIAM J. Comput. 33(1) (2003), 167-226] are weakly simulatable under the DDH assumption. Since both are known to be statistical Plaintext Aware 1 (PA1) under the Diffie-Hellman Knowledge (DHK) assumption, they instantiate our scheme securely.Furthermore, in response to a question posed by Matsuda and Matsuura [in: Public Key Cryptography, D. Catalano, N. Fazio, R. Gennaro and A. Nicolosi, eds, Lecture Notes in Computer Science, Vol. 6571, Springer, 2011, pp. 246-264], we define cNM-CCA1-security in which an NM-CCA1-adversary is permitted to ask a c≥⃒1 number of parallel queries after receiving the challenge ciphertext. We extend our construction to yield a cNM-CCA1 scheme for any constant c. All of our constructions are black-box. [ABSTRACT FROM AUTHOR]

Published

2013

223. New public key cryptosystems based on non-Abelian factorization problems.

Author

Gu, Lize, Wang, Licheng, Ota, Kaoru, Dong, Mianxiong, Cao, Zhenfu, and Yang, Yixian

Subjects

PUBLIC key cryptography, DATA encryption, ALGORITHMS, SYMMETRIC-key algorithms, ORACLE software

Abstract

ABSTRACT Two novel public key encryption schemes based on the non-Abelian factorization problems were proposed. Both of them are proved to be indistinguishable against adaptively chosen ciphertext attack (IND-CCA2) in the random oracle models. These constructions have the potential to resist Shor's quantum algorithm attack proposed in 1994 and give affirmative answers for the open question announced by Myasnikov, Shpilrain and Ushakov in 2011. Copyright © 2013 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2013

224. An efficient CCA-secure cryptosystem over ideal lattices from identity-based encryption.

Author

Yang, Xiao-yuan, Wu, Li-qiang, Zhang, Min-qing, and Chen, Xiao-Feng

Subjects

*CRYPTOSYSTEMS, *LATTICE theory, *DATA encryption, *DATA security, *PROOF theory, *COMPUTER performance

Abstract

Abstract: We first construct an efficient IND-sID-CPA secure IBE cryptosystem from ideal lattices, and proceed with its security proof under the standard model in detail. Then with an asymptotically efficient strongly unforgeable one-time signature, we propose a new CCA secure public key encryption (PKE) scheme over ideal lattices by universal paradigm of IBE transformation. Performance of the resulting PKE system is very close to the underlying IBE scheme and its security can be tightly reduced to decisional R-LWE hardness assumption. Compared with known CCA secure PKE schemes from standard lattices, our new scheme is simpler and more efficient. [Copyright &y& Elsevier]

Published

2013

225. Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products.

Author

Katz, Jonathan, Sahai, Amit, and Waters, Brent

Subjects

DATA encryption, DISJUNCTION (Logic), POLYNOMIALS, GENERALIZATION, SCHEME programming language, APPLICATION software, PUBLIC key cryptography

Abstract

Predicate encryption is a new paradigm for public-key encryption that generalizes identity-based encryption and more. In predicate encryption, secret keys correspond to predicates and ciphertexts are associated with attributes; the secret key SK corresponding to a predicate f can be used to decrypt a ciphertext associated with attribute I if and only if f( I)=1. Constructions of such schemes are currently known only for certain classes of predicates. We construct a scheme for predicates corresponding to the evaluation of inner products over ℤ (for some large integer N). This, in turn, enables constructions in which predicates correspond to the evaluation of disjunctions, polynomials, CNF/DNF formulas, thresholds, and more. Besides serving as a significant step forward in the theory of predicate encryption, our results lead to a number of applications that are interesting in their own right. [ABSTRACT FROM AUTHOR]

Published

2013

226. Efficient chosen ciphertext secure public-key encryption under factoring assumption.

Author

Qin, Baodong and Liu, Shengli

Subjects

PUBLIC key cryptography, DATA encryption, COMPUTER network security, CONGRUENCES & residues, COMPUTATIONAL number theory

Abstract

ABSTRACT In EUROCRYPT 2009, Hofheinz and Kiltz introduced a new practical chosen ciphertext secure public-key encryption scheme under the assumption that factoring is intractable. They also proposed a variant that features a slightly more efficient decryption but unfortunately leads to large public key, of size about O( k), where k is a security parameter. In this paper, we propose a novel method to balance the efficiency and the key size of those previous two schemes. Although the public key in our scheme only consists of one RSA modulus and three group elements, it is still more efficient at decrypting than Hofheinz and Kiltz's scheme. By remarking that under certain assumptions factoring the modulus is still hard over much smaller subgroups of signed quadratic residues (i.e., semismooth subgroup), we were able to construct a new scheme that performs extremely efficient decryption. In fact, to date, this is the most efficient scheme for decryption among all public-key encryption schemes (mainly including Hofheinz and Kiltz's schemes and their follow-up works) whose security against chosen ciphertext attacks is based on the intractability of factoring in the standard model. Copyright © 2012 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2013

227. Practical Chosen Ciphertext Secure Encryption from Factoring.

Author

Hofheinz, Dennis, Kiltz, Eike, and Shoup, Victor

Subjects

DATA encryption, COMPUTER security, PUBLIC key cryptography, CYBERTERRORISM, MATHEMATICAL models, DATA protection

Abstract

We propose a practical public-key encryption scheme whose security against chosen-ciphertext attacks can be reduced in the standard model to the assumption that factoring is intractable. [ABSTRACT FROM AUTHOR]

Published

2013

228. More Constructions of Lossy and Correlation-Secure Trapdoor Functions.

Author

Freeman, David, Goldreich, Oded, Kiltz, Eike, Rosen, Alon, and Segev, Gil

Subjects

COMPUTER security, PUBLIC key cryptography, NUMBER theory, MATHEMATICAL functions, STATISTICAL correlation, DATA encryption

Abstract

We propose new and improved instantiations of lossy trapdoor functions (Peikert and Waters in STOC'08, pp. 187-196, ), and correlation-secure trapdoor functions (Rosen and Segev in TCC'09, LNCS, vol. 5444, pp. 419-436, ). Our constructions widen the set of number-theoretic assumptions upon which these primitives can be based, and are summarized as follows: [ABSTRACT FROM AUTHOR]

Published

2013

229. Public-Key Encryption

Author

LIU, LING, editor and ÖZSU, M. TAMER, editor

Published

2009

230. Cryptanalysis on an Improved Version of ElGamal-Like Public-Key Encryption Scheme for Encrypting Large Messages.

Author

Chang, Ting-Yi, Hwang, Min-Shiang, and Yang, Wei-Pang

Subjects

*CRYPTOGRAPHY, *DATA encryption, *DECISION making, *COMPUTER security, *COMPUTATIONAL complexity, *DATA transformations (Statistics)

Abstract

Hwang et al. proposed an ElGamal-like scheme for encrypting large messages, which is more efficient than its predecessor in terms of computational complexity and the amount of data transformation. They declared that the resulting scheme is semantically secure against chosen-plaintext attacks under the assumptions that the decision Diffie-Hellman problem is intractable. Later, Wang et al. pointed out that the security level of Hwang et al.'s ElGamal-like scheme is not equivalent to the original ElGamal scheme and brings about the disadvantage of possible unsuccessful decryption. At the same time, they proposed an improvement on Hwang et al.'s ElGamal-like scheme to repair the weakness and reduce the probability of unsuccessful decryption. However, in this paper, we show that their improved scheme is still insecure against chosen-plaintext attacks whether the system is operated in the quadratic residue modulus or not. Furthermore, we propose a new ElGamal-like scheme to withstand the adaptive chosen-ciphertext attacks. The security of the proposed scheme is based solely on the decision Diffie-Hellman problem in the random oracle model. [ABSTRACT FROM AUTHOR]

Published

2012

231. A CCA2 Secure Variant of the McEliece Cryptosystem.

Author

Dottling, Nico, Dowsley, Rafael, Muller-Quade, Jörn, and Nascimento, Anderson C. A.

Subjects

*PUBLIC key cryptography, *COMPUTER security, *QUANTUM computers, *CODING theory, *NUMBER theory, *CIPHERS

Abstract

The McEliece public-key encryption scheme has become an interesting alternative to cryptosystems based on number-theoretical problems. Different from RSA and ElGamal, McEliece PKC is not known to be broken by a quantum computer. Moreover, even though McEliece PKC has a relatively big key size, encryption and decryption operations are rather efficient. In spite of all the recent results in coding-theory-based cryptosystems, to the date, there are no constructions secure against chosen ciphertext attacks in the standard model—the de facto security notion for public-key cryptosystems. In this paper, we show the first construction of a McEliece-based public-key cryptosystem secure against chosen ciphertext attacks in the standard model. Our construction is inspired by a recently proposed technique by Rosen and Segev. [ABSTRACT FROM PUBLISHER]

Published

2012

232. An Asymmetric Encryption Algorithm for Wireless Sensor Networks Based on Elliptic Curve Cryptosystem.

Author

Chuiwei Lu, Hao Xiong, and Zhiyuan Liu

Subjects

ELLIPTIC curve cryptography, DATA encryption, WIRELESS sensor networks, COMPUTER security, FEATURE extraction, ALGORITHMS, COMPARATIVE studies

Abstract

The elliptic curve cryptosystem (ECC) have many excellent characteristics, such as short key, low cost, rapid encryption speed, high security level and etc. Now, there is a tendency for ECC to replace other asymmetric cryptosystems such as RSA, DSS. Based on the basic principles of the elliptic curve cryptosystem and the features of WSNs, the paper propose a novel asymmetric encryption algorithm, named WSNs-ECC, which is used for vital-data encryption and keys management in resource-restrained WSNs. The experiments in wireless sensors demonstrate: on the same security level, the average encryption speed of WSNs-ECC algorithm is five times faster than the RSA algorithm, but its average occupancy rates of CPU and RAM are respectively equal to 17% and 11% of RSA algorithm. Comparing to RSA, WSNs-ECC can save more power, prolong the survival time, and enhance the quality of real-time service for resource-restrained WSNs. [ABSTRACT FROM AUTHOR]

Published

2012

233. PUBLIC-KEY CRYPTOSYSTEMS RESILIENT TO KEY LEAKAGE.

Author

Naor, Moni and Segev, Gil

Subjects

*CRYPTOGRAPHY, *DATA encryption, *PUBLIC key cryptography, *LATTICE theory, *GROUP theory

Abstract

Most of the work in the analysis of cryptographic schemes is concentrated in abstract adversarial models that do not capture side-channel attacks. Such attacks exploit various forms of unintended information leakage, which is inherent to almost all physical implementations. Inspired by recent side-channel attacks, especially the "cold boot attacks" of Halderman et al. [Proceedings of the 17th USENIX Security Symposium, San Jose, CA, 2008, pp. 45-60], Akavia, Goldwasser, and Vaikuntanathan [Proceedings of the 6th IACR Theory of Cryptography Conference, San Francisco, CA, 2009, pp. 474-495] formalized a realistic framework for modeling the security of encryption schemes against a wide class of side-channel attacks in which adversarially chosen functions of the secret key are leaked. In the setting of public-key encryption, they showed that Regev's lattice-based scheme [Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, 2005, pp. 84-93] is resilient to any leakage of L/polylog(L)bits, where L is the length of the secret key. In this paper we revisit the above-mentioned framework and our main results are as follows. (A) We present a generic construction of a public-key encryption scheme that is resilient to key leakage from any hash proof system. The construction does not rely on additional computational assumptions, and the resulting scheme is as efficient as the underlying hash proof system. Existing constructions of hash proof systems imply that our construction can be based on a variety of number-theoretic assumptions, including the decisional Diffie-Hellman assumption (and its progressively weaker d-linear variants), the quadratic residuosity assumption, and Paillier's composite residuosity assumption. (B) We construct a new hash proof system based on the decisional Diffie-Hellman assumption (and its d-linear variants) and show that the resulting scheme is resilient to any leakage of L(1-o(1)) bits. In addition, we prove that the recent scheme of Boneh et al. [Advances in Cryptology--CRYPTO'08, Santa Barbara, CA, 2008, pp. 108-125], constructed to be a "circular-secure" encryption scheme, fits our generic approach and is also resilient to any leakage of L(1-o(1)) bits. (C) We extend the framework of key leakage to the setting of chosen-ciphertext attacks. On the theoretical side, we prove that the Naor-Yung paradigm is applicable in this setting as well, and obtain as a corollary encryption schemes that are CCA2-secure with any leakage of L(1-o(1)) bits. On the practical side, we prove that variants of the Cramer-Shoup cryptosystem (along the lines of our generic construction) are CCA1-secure with any leakage of L/4 bits, and CCA2-secure with any leakage of L/6bits. [ABSTRACT FROM AUTHOR]

Published

2012

234. Forward-Secure Identity-Based Public-Key Encryption without Random Oracles.

Author

Yu, Jia, Kong, Fanyu, Cheng, Xiangguo, Hao, Rong, and Fan, Jianxi

Subjects

*INFORMATION technology security, *PUBLIC key cryptography, *STOCHASTIC processes, *DATA encryption, *MOBILE communication systems, *COMPUTATIONAL complexity, *SEMANTIC computing

Abstract

In traditional identity-based encryption schemes, security will be entirely lost once secret keys are exposed. However, with more and more use of mobile and unprotected devices, key exposure seems unavoidable. To deal with this problem, we newly propose a forward-secure identity-based public-key encryption scheme. In this primitive, the exposure of the secret key in one period doesn't affect the security of the ciphertext generated in previous periods. Any parameter in our scheme has at most log-squared complexity in terms of the total number of time periods. We also give the semantic security notions of forward-secure identity-based public-key encryption. The proposed scheme is proven semantically secure in the standard model. As far as we are concerned, it is the first forward-secure identity-based public-key encryption scheme without random oracles. [ABSTRACT FROM AUTHOR]

Published

2011

235. A generalization of Paillier's public-key system with applications to electronic voting.

Author

Damgård, Ivan, Jurik, Mads, and Nielsen, Jesper

Subjects

*DATA protection, *PUBLIC key cryptography, *PUBLIC key infrastructure (Computer security), *DATA encryption, *COMPUTER network security, *ELECTION equipment, *VOTING, *COMPUTER software

Abstract

We propose a generalization of Paillier's probabilistic public-key system, in which the expansion factor is reduced and which allows to adjust the block length of the scheme even after the public key has been fixed, without losing the homomorphic property. We show that the generalization is as secure as Paillier's original system and propose several ways to optimize implementations of both the generalized and the original scheme. We construct a threshold variant of the generalized scheme as well as zero-knowledge protocols to show that a given ciphertext encrypts one of a set of given plaintexts, and protocols to verify multiplicative relations on plaintexts. We then show how these building blocks can be used for applying the scheme to efficient electronic voting. This reduces dramatically the work needed to compute the final result of an election, compared to the previously best known schemes. We show how the basic scheme for a yes/no vote can be easily adapted to casting a vote for up to t out of L candidates. The same basic building blocks can also be adapted to provide receipt-free elections, under appropriate physical assumptions. The scheme for 1 out of L elections can be optimized such that for a certain range of the other parameter values, the ballot size is logarithmic in L. [ABSTRACT FROM AUTHOR]

Published

2010

236. CHOSEN-CIPHERTEXT SECURITY VIA CORRELATED PRODUCTS.

Author

Rose, Alon and Segev, Gil

Subjects

*CIPHERS, *MATHEMATICAL functions, *DATA loggers, *CRYPTOGRAPHY, *MATHEMATICAL analysis, *COMPUTER science

Abstract

We initiate the study of one-wayness under correlated products. We are interested in identifying necessary and sufficient conditions for a function ƒ and a distribution on inputs (x1, … ,xk) so that the function (ƒ(x1), … , f(xk)) is one-way. The main motivation of this study is the construction of public-key encryption schemes that are secure against chosen-ciphertext attacks (CCAs). We show that any collection of injective trapdoor functions that is secure under a very natural correlated product can be used to construct a CCA-secure public-key encryption scheme. The construction is simple, black-box, and admits a direct proof of security. It can be viewed as a simplification of the seminal work of Dolev, Dwork, and Naor [SIAM J. Comput., 30 (2000), pp. 391-437], while relying on a seemingly incomparable assumption. We provide evidence that security under correlated products is achievable by demonstrating that lossy trapdoor functions [Peikert and Waters, Proceedings of the 40th Annual ACM Symposium on Theory of Computing, 2008, pp. 187-196] yield injective trapdoor functions that are secure under the above-mentioned correlated product. Although we currently base security under correlated products on existing constructions of lossy trapdoor functions, we argue that the former notion is potentially weaker as a general assumption. Specifically, there is no fully black-box construction of lossy trapdoor functions from trapdoor functions that are secure under correlated products. [ABSTRACT FROM AUTHOR]

Published

2010

237. Key management of the double random-phase-encoding method using public-key encryption

Author

Saini, Nirmala and Sinha, Aloka

Subjects

*OPTICAL images, *PUBLIC key cryptography, *FOURIER transform optics, *COMPUTER simulation, *DATA protection, *ALGORITHMS

Abstract

Abstract: Public-key encryption has been used to encode the key of the encryption process. In the proposed technique, an input image has been encrypted by using the double random–phase-encoding method using extended fractional Fourier transform. The key of the encryption process have been encoded by using the Rivest–Shamir–Adelman (RSA) public-key encryption algorithm. The encoded key has then been transmitted to the receiver side along with the encrypted image. In the decryption process, first the encoded key has been decrypted using the secret key and then the encrypted image has been decrypted by using the retrieved key parameters. The proposed technique has advantage over double random-phase-encoding method because the problem associated with the transmission of the key has been eliminated by using public-key encryption. Computer simulation has been carried out to validate the proposed technique. [Copyright &y& Elsevier]

Published

2010

238. Efficient Cryptosystems From 2k-th Power Residue Symbols

Author

Benhamouda, Fabrice, Herranz, Javier, Joye, Marc, and Libert, Benoît

Published

2017

239. Qubit-wise teleportation and its application in public-key secret communication

Author

Wu, Chenmiao and Yang, Li

Published

2017

240. A Computationally Sound Mechanized Prover for Security Protocols.

Author

Blanchet, B.

Abstract

We present a new mechanized prover for secrecy properties of security protocols. In contrast to most previous provers, our tool does not rely on the Dolev-Yao model, but on the computational model. It produces proofs presented as sequences of games; these games are formalized in a probabilistic polynomial-time process calculus. Our tool provides a generic method for specifying security properties of the cryptographic primitives, which can handle shared-key and public-key encryption, signatures, message authentication codes, and hash functions. Our tool produces proofs valid for a number of sessions polynomial in the security parameter, in the presence of an active adversary. We have implemented our tool and tested it on a number of examples of protocols from the literature. [ABSTRACT FROM PUBLISHER]

Published

2008

241. A Forward-Secure Public-Key Encryption Scheme.

Author

Canetti, Ran, Halevi, Shai, and Katz, Jonathan

Subjects

CRYPTOGRAPHY, SIGNS & symbols, CIPHERS, DATA protection, SYMBOLISM

Abstract

Cryptographic computations are often carried out on insecure devices for which the threat of key exposure represents a serious concern. Forward security allows one to mitigate the damage caused by exposure of secret keys. In a forward-secure scheme, secret keys are updated at regular periods of time; exposure of the secret key corresponding to a given time period does not enable an adversary to "break" the scheme (in the appropriate sense) for any prior time period. We present the first constructions of (non-interactive) forward-secure public-key encryption schemes. Our main construction achieves security against chosen-plaintext attacks in the standard model, and all parameters of the scheme are poly-logarithmic in the total number of time periods. Some variants and extensions of this scheme are also given. We also introduce the notion of binary tree encryption and construct a binary tree encryption scheme in the standard model. Our construction implies the first hierarchical identity-based encryption scheme in the standard model. (The notion of security we achieve, however, is slightly weaker than that achieved by some previous constructions in the random oracle model.) [ABSTRACT FROM AUTHOR]

Published

2007

242. When Cryptographers Turn Lead into Gold.

Author

Tsang, P.P.

Abstract

At its core, a cryptographer's job is to "transmutate" trust: just as alchemists turn lead into gold, cryptographers transmutate trust in one or more assumptions into trust in some other simpler and better-defined assumptions, the ones on which the security of complex monolithic systems rely. Because we can enforce and verify the resulting assumptions' validity more easily, such transmutation makes those systems more secure at a higher assurance. Unlike alchemists, though, cryptographers have successfully constructed some of the building blocks (such as public-key encryption and digital signatures) that play a make-or-break role in many of today's security-critical infrastructures. In this installment of Crypto Corner, we'll look at how cryptographers transmutate trust, identify some of the reasons why they sometimes fail, and investigate how they could do a better job [ABSTRACT FROM PUBLISHER]

Published

2007

243. CHOSEN-CIPHERTEXT SECURITY FROM IDENTITY-BASED ENCRYPTION.

Author

Boneh, Dan, Canetti, Ran, Halevi, Shai, and Katz, Jonathan

Subjects

*PUBLIC key cryptography, *DATA encryption, *COMPUTER network security, *SEMANTIC networks (Information theory), *ELECTRONIC commerce, *CIPHERS

Abstract

We propose simple and efficient CCA-secure public-key encryption schemes (i.e., schemes secure against adaptive chosen-ciphertext attacks) based on any identity-based encryption (IBE) scheme. Our constructions have ramifications of both theoretical and practical interest. First, our schemes give a new paradigm for achieving CCA-security; this paradigm avoids ‘proofs of well-formedness’ that have been shown to underlie previous constructions. Second, instantiating our construction using known IBE constructions we obtain CCA-secure encryption schemes whose performance is competitive with the most efficient CCA-secure schemes to date. Our techniques extend naturally to give an efficient method for securing IBE schemes (even hierarchical ones) against adaptive chosen-ciphertext attacks. Coupled with previous work, this gives the first efficient constructions of CCA-secure IBE schemes. [ABSTRACT FROM AUTHOR]

Published

2006

244. A practical approach to attaining chosen ciphertext security.

Author

Jun, Li, Guohua, Cui, and Muxiang, Yang

Abstract

Strong security in public key cryptography is not enough; the encryption has to be achieved in an efficient way. OAEP or SAEP is only suitable for special applications (e. g. key transport), and securely transporting message of any length is a challenge. Motivated by the hybrid encryption, we present a practical approach to achieve the (adaptively) chosen ciphertext security. The time cost of encryption/decryption of proposed scheme is similar to OAEP and the bandwidth of message recovery is 92% for standard security parameter, while RSA-OAEP is 84%. The scheme is also provably secure against adaptively chosen ciphertext attacks in the random oracle model. We conclude that the approach is practical in more extensive application. [ABSTRACT FROM AUTHOR]

Published

2006

245. A Simpler Construction of CCA2-Secure Public-Key Encryption under General Assumptions.

Author

Lindell, Yehuda

Subjects

PUBLIC key cryptography, DATA encryption, COMPUTER network security, CRYPTOGRAPHY, COMPUTER security, DATA protection

Abstract

In this paper we present a simpler construction of a public-key encryption scheme that achieves adaptive chosen ciphertext security (CCA2), assuming the existence of trapdoor permutations. We build on previous works of Sahai and De Santis et al. and construct a scheme that we believe is the easiest to understand to date. In particular, it is only slightly more involved than the Naor--Yung encryption scheme that is secure against passive chosen-ciphertext attacks (CCA1). We stress that the focus of this paper is on simplicity only. [ABSTRACT FROM AUTHOR]

Published

2006

246. A Memory Optimized Public-Key Crypto Algorithm Using Modified Modular Exponentiation (MME).

Author

Oluwatope, A. O., Ojo, B. A., Aderounmu, G. A., and Adigun, M. O.

Subjects

*DATA protection, *COMPUTER security, *CRYPTOGRAPHY, *PUBLIC key cryptography, *ALGORITHMS, *COMPUTER storage devices

Abstract

Since the advent of data communication over networks, it has become imperative to ensure security of information. Cryptography is a technique that is being employed. This paper takes a look at an important aspect of the public key encryption scheme, the modular exponentiation technique, with the view of optimizing it. Taking a look at some public key encryption schemes, it would be observed that the modular exponentiation process is primal to achieving high speed algorithms in data encryption. With special emphasis on the Montgomery exponentiation algorithm, a blend of this algorithm with the sliding window method of exponentiation is proposed. A detailed complexity analysis of the proposed and selected algorithms was carried out. Both algorithms were implemented and simulated using MATLAB 6.5. While the proposed algorithm did not prove to be faster than the classical Montgomery exponentiation algorithm, it was rather observed that it makes lesser number of calls to the Montgomery reduction sub-function. This means 10% lesser number of loops during execution and thus better optimized for lower memory applications. [ABSTRACT FROM AUTHOR]

Published

2006

247. RSA-OAEP Is Secure under the RSA Assumption.

Author

Fujisaki, Eiichiro, Okamoto, Tatsuaki, Pointcheval, David, and Stern, Jacques

Subjects

CRYPTOGRAPHY, CIPHERS, CRYPTOGRAMS, SEMANTICS, PERMUTATIONS, COMBINATORICS

Abstract

Recently Victor Shoup noted that there is a gap in the widely believed security result of OAEP against adaptive chosen-ciphertext attacks. Moreover, he showed that, presumably, OAEP cannot be proven secure from the one-wayness of the underlying trapdoor permutation. This paper establishes another result on the security of OAEP. It proves that OAEP offers semantic security against adaptive chosen-ciphertext attacks, in the random oracle model, under the partial-domain one-wayness of the underlying permutation. Therefore, this uses a formally stronger assumption. Nevertheless, since partial-domain one-wayness of the RSA function is equivalent to its (full-domain) one-wayness, it follows that the security of RSA-OAEP can actually be proven under the sole RSA assumption, although the reduction is not tight. [ABSTRACT FROM AUTHOR]

Published

2004

248. DESIGN AND ANALYSIS OF PRACTICAL PUBLIC-KEY ENCRYPTION SCHEMES SECURE AGAINST ADAPTIVE CHOSEN CIPHERTEXT ATTACK.

Author

Cramer, Ronald and Shoup, Victor

Subjects

*DATA encryption, *DATA protection, *COMPUTER security, *COMPUTER network security, *COMPUTER systems, *ELECTRONIC data processing

Abstract

A new public-key encryption scheme, along with several variants, is proposed and analyzed. The scheme and its variants are quite practical and are proved secure against adaptive chosen ciphertext attack under standard intractability assumptions. These appear to be the first public-key encryption schemes in the literature that are simultaneously practical and provably secure. [ABSTRACT FROM AUTHOR]

Published

2003

249. Asymmetric cryptography and practical security

Author

David Pointcheval

Subjects

cryptography, digital signatures, public-key encryption, provable security, random oracle model, Telecommunication, TK5101-6720, Information technology, T58.5-58.64

Abstract

Since the appearance of public-key cryptography in Diffie-Hellman seminal paper, many schemes have been proposed, but many have been broken. Indeed, for many people, the simple fact that a cryptographic algorithm withstands cryptanalytic attacks for several years is considered as a kind of validation. But some schemes took a long time before being widely studied, and maybe thereafter being broken. A~much more convincing line of research has tried to provide ``provable`` security for cryptographic protocols, in a complexity theory sense: if one can break the cryptographic protocol, one can efficiently solve the underlying problem. Unfortunately, very few practical schemes can be proven in this so-called ``standard model`` because such a security level rarely meets with efficiency. A convenient but recent way to achieve some kind of validation of efficient schemes has been to identify some concrete cryptographic objects with ideal random ones: hash functions are considered as behaving like random functions, in the so-called ``random oracle model``, block ciphers are assumed to provide perfectly independent and random permutations for each key in the ``ideal cipher model``, and groups are used as black-box groups in the ``generic model``. In this paper, we focus on practical asymmetric protocols together with their ``reductionist`` security proofs. We cover the two main goals that public-key cryptography is devoted to solve: authentication with digital signatures, and confidentiality with public-key encryption schemes.

Published

2002

250. Preserving privacy in speaker and speech characterisation

Author

Nautsch, Andreas, Jiménez, Abelino, Treiber, Amos, Kolberg, Jascha, Jasserand, Catherine, Kindt, Els, Delgado, Héctor, Todisco, Massimiliano, Hmani, Mohamed Amine, Mtibaa, Aymen, Abdelraheem, Mohammed Ahmed, Abad, Alberto, Teixeira, Francisco, Matrouf, Driss, Gomez-Barrero, Marta, Petrovska-Delacrétaz, Dijana, Chollet, Gérard, Evans, Nicholas, Schneider, Thomas, Bonastre, Jean-François, Raj, Bhiksha, Trancoso, Isabel, Busch, Christoph, Eurecom [Sophia Antipolis], Hochschule Darmstadt, Carnegie Mellon University [Pittsburgh] (CMU), Technische Universität Darmstadt (TU Darmstadt), University of Groningen [Groningen], Catholic University of Leuven - Katholieke Universiteit Leuven (KU Leuven), ARMEDIA (ARMEDIA-SAMOVAR), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)-Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Centre National de la Recherche Scientifique (CNRS), Département Electronique et Physique (EPH), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), Institut Polytechnique de Paris (IP Paris), Intelligent Voice Ltd, Instituto de Engenharia de Sistemas e Computadores Investigação e Desenvolvimento em Lisboa (INESC-ID), Instituto Superior Técnico, Universidade Técnica de Lisboa (IST)-Instituto de Engenharia de Sistemas e Computadores (INESC), Laboratoire Informatique d'Avignon (LIA), Centre d'Enseignement et de Recherche en Informatique - CERI-Avignon Université (AU), Language Technologies Institute [Pittsburgh] (LTI), and Transboundary Legal Studies

Subjects

PUBLIC-KEY ENCRYPTION, Voice biometrics, HOMOMORPHIC ENCRYPTION, IDENTIFICATION, SECURE, MODELS, Data_MISCELLANEOUS, Legislation, RECOGNITION, EFFICIENT, IMAGE-RECONSTRUCTION, VERIFICATION, Cryptography, [INFO]Computer Science [cs], TEMPLATES, Standardisation, Data privacy

Abstract

Speech recordings are a rich source of personal, sensitive data that can be used to support a plethora of diverse applications, from health profiling to biometric recognition. It is therefore essential that speech recordings are adequately protected so that they cannot be misused. Such protection, in the form of privacy-preserving technologies, is required to ensure that: (i) the biometric profiles of a given individual (e.g., across different biometric service operators) are unlinkable; (ii) leaked, encrypted biometric information is irreversible, and that (iii) biometric references are renewable. Whereas many privacy-preserving technologies have been developed for other biometric characteristics, very few solutions have been proposed to protect privacy in the case of speech signals. Despite privacy preservation this is now being mandated by recent European and international data protection regulations. With the aim of fostering progress and collaboration between researchers in the speech, biometrics and applied cryptography communities, this survey article provides an introduction to the field, starting with a legal perspective on privacy preservation in the case of speech data. It then establishes the requirements for effective privacy preservation, reviews generic cryptography-based solutions, followed by specific techniques that are applicable to speaker characterisation (biometric applications) and speech characterisation (non-biometric applications). Glancing at non-biometrics, methods are presented to avoid function creep, preventing the exploitation of biometric information, e.g., to single out an identity in speech-assisted health care via speaker characterisation. In promoting harmonised research, the article also outlines common, empirical evaluation metrics for the assessment of privacy-preserving technologies for speech data.

Published

2019