Results 1  10
of
182
ChosenCiphertext Security from IdentityBased Encryption. Adv
 in Cryptology — Eurocrypt 2004, LNCS
, 2004
"... We propose simple and efficient CCAsecure publickey encryption schemes (i.e., schemes secure against adaptive chosenciphertext attacks) based on any identitybased encryption (IBE) scheme. Our constructions have ramifications of both theoretical and practical interest. First, our schemes give a n ..."
Abstract

Cited by 264 (13 self)
 Add to MetaCart
(Show Context)
We propose simple and efficient CCAsecure publickey encryption schemes (i.e., schemes secure against adaptive chosenciphertext attacks) based on any identitybased encryption (IBE) scheme. Our constructions have ramifications of both theoretical and practical interest. First, our schemes give a new paradigm for achieving CCAsecurity; this paradigm avoids “proofs of wellformedness ” that have been shown to underlie previous constructions. Second, instantiating our construction using known IBE constructions we obtain CCAsecure encryption schemes whose performance is competitive with the most efficient CCAsecure schemes to date. Our techniques extend naturally to give an efficient method for securing also IBE schemes (even hierarchical ones) against adaptive chosenciphertext attacks. Coupled with previous work, this gives the first efficient constructions of CCAsecure IBE schemes. 1
Design and Analysis of Practical PublicKey Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack
 SIAM Journal on Computing
, 2001
"... A new public key encryption scheme, along with several variants, is proposed and analyzed. The scheme and its variants are quite practical, and are proved secure against adaptive chosen ciphertext attack under standard intractability assumptions. These appear to be the first publickey encryption sc ..."
Abstract

Cited by 222 (11 self)
 Add to MetaCart
(Show Context)
A new public key encryption scheme, along with several variants, is proposed and analyzed. The scheme and its variants are quite practical, and are proved secure against adaptive chosen ciphertext attack under standard intractability assumptions. These appear to be the first publickey encryption schemes in the literature that are simultaneously practical and provably secure.
Improved proxy reencryption schemes with applications to secure distributed storage
 IN NDSS
, 2005
"... In 1998, Blaze, Bleumer, and Strauss proposed an application called atomic proxy reencryption, in which a semitrusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. We predict that fast and secure reencryption will become increasingly popu ..."
Abstract

Cited by 174 (16 self)
 Add to MetaCart
In 1998, Blaze, Bleumer, and Strauss proposed an application called atomic proxy reencryption, in which a semitrusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. We predict that fast and secure reencryption will become increasingly popular as a method for managing encrypted file systems. Although efficiently computable, the widespread adoption of BBS reencryption has been hindered by considerable security risks. Following recent work of Ivan and Dodis, we present new reencryption schemes that realize a stronger notion of security and we demonstrate the usefulness of proxy reencryption as a method of adding access control to the SFS readonly file system. Performance measurements of our experimental file system demonstrate that proxy reencryption can work effectively in practice.
Practical Verifiable Encryption and Decryption of Discrete Logarithms
, 2003
"... Abstract. This paper addresses the problem of designing practical protocols for proving properties about encrypted data. To this end, it presents a variant of the new public key encryption of Cramer and Shoup based on Paillier’s decision composite residuosity assumption, along with efficient protoco ..."
Abstract

Cited by 169 (22 self)
 Add to MetaCart
(Show Context)
Abstract. This paper addresses the problem of designing practical protocols for proving properties about encrypted data. To this end, it presents a variant of the new public key encryption of Cramer and Shoup based on Paillier’s decision composite residuosity assumption, along with efficient protocols for verifiable encryption and decryption of discrete logarithms (and more generally, of representations with respect to multiple bases). This is the first verifiable encryption system that provides chosen ciphertext security and avoids inefficient cutandchoose proofs. The presented protocols have numerous applications, including key escrow, optimistic fair exchange, publicly verifiable secret and signature sharing, universally composable commitments, group signatures, and confirmer signatures. 1
Sequences of Games: A Tool for Taming Complexity in Security Proofs
, 2004
"... This paper is brief tutorial on a technique for structuring security proofs as sequences games. ..."
Abstract

Cited by 162 (0 self)
 Add to MetaCart
This paper is brief tutorial on a technique for structuring security proofs as sequences games.
Lossy Trapdoor Functions and Their Applications
 ELECTRONIC COLLOQUIUM ON COMPUTATIONAL COMPLEXITY, REPORT NO. 80 (2007)
, 2007
"... We propose a new general primitive called lossy trapdoor functions (lossy TDFs), and realize it under a variety of different number theoretic assumptions, including hardness of the decisional DiffieHellman (DDH) problem and the worstcase hardness of standard lattice problems. Using lossy TDFs, we ..."
Abstract

Cited by 119 (21 self)
 Add to MetaCart
(Show Context)
We propose a new general primitive called lossy trapdoor functions (lossy TDFs), and realize it under a variety of different number theoretic assumptions, including hardness of the decisional DiffieHellman (DDH) problem and the worstcase hardness of standard lattice problems. Using lossy TDFs, we develop a new approach for constructing many important cryptographic primitives, including standard trapdoor functions, CCAsecure cryptosystems, collisionresistant hash functions, and more. All of our constructions are simple, efficient, and blackbox. Taken all together, these results resolve some longstanding open problems in cryptography. They give the first known (injective) trapdoor functions based on problems not directly related to integer factorization, and provide the first known CCAsecure cryptosystem based solely on worstcase lattice assumptions.
PublicKey Cryptosystems Resilient to Key Leakage
"... Most of the work in the analysis of cryptographic schemes is concentrated in abstract adversarial models that do not capture sidechannel attacks. Such attacks exploit various forms of unintended information leakage, which is inherent to almost all physical implementations. Inspired by recent sidec ..."
Abstract

Cited by 89 (6 self)
 Add to MetaCart
(Show Context)
Most of the work in the analysis of cryptographic schemes is concentrated in abstract adversarial models that do not capture sidechannel attacks. Such attacks exploit various forms of unintended information leakage, which is inherent to almost all physical implementations. Inspired by recent sidechannel attacks, especially the “cold boot attacks ” of Halderman et al. (USENIX Security ’08), Akavia, Goldwasser and Vaikuntanathan (TCC ’09) formalized a realistic framework for modeling the security of encryption schemes against a wide class of sidechannel attacks in which adversarially chosen functions of the secret key are leaked. In the setting of publickey encryption, Akavia et al. showed that Regev’s latticebased scheme (STOC ’05) is resilient to any leakage of
Improved Efficiency for CCASecure Cryptosystems Built Using IdentityBased Encryption
, 2004
"... Recently, Canetti, Halevi, and Katz showed a general method for constructing CCAsecure encryption schemes from identitybased encryption schemes in the standard model. We improve the efficiency of their construction, and show two specific instantiations of our resulting scheme which offer the most ..."
Abstract

Cited by 84 (8 self)
 Add to MetaCart
(Show Context)
Recently, Canetti, Halevi, and Katz showed a general method for constructing CCAsecure encryption schemes from identitybased encryption schemes in the standard model. We improve the efficiency of their construction, and show two specific instantiations of our resulting scheme which offer the most efficient encryption (and, in one case, key generation) of any CCAsecure encryption scheme to date.
Direct Chosen Ciphertext Security from IdentityBased Techniques
 In ACM Conference on Computer and Communications Security
, 2005
"... We describe a new encryption technique that is secure in the standard model against adaptive chosen ciphertext (CCA2) attacks. We base our method on two very e#cient IdentityBased Encryption (IBE) schemes without random oracles due to Boneh and Boyen, and Waters. ..."
Abstract

Cited by 83 (7 self)
 Add to MetaCart
We describe a new encryption technique that is secure in the standard model against adaptive chosen ciphertext (CCA2) attacks. We base our method on two very e#cient IdentityBased Encryption (IBE) schemes without random oracles due to Boneh and Boyen, and Waters.
TagKEM/DEM: a New Framework for Hybrid Encryption and a New Analysis of KurosawaDesmedt KEM
 in Proc. Eurocrypt
, 2005
"... Abstract This paper presents a novel framework for the generic construction of hybrid encryptionschemes which produces more efficient schemes than the ones known before. A previous ..."
Abstract

Cited by 67 (8 self)
 Add to MetaCart
(Show Context)
Abstract This paper presents a novel framework for the generic construction of hybrid encryptionschemes which produces more efficient schemes than the ones known before. A previous