Results 1  10
of
256
Collusion resistant broadcast encryption with short ciphertexts and private keys
"... We describe two new public key broadcast encryption systems for stateless receivers. Both systems are fully secure against any number of colluders. In our first construction both ciphertexts and private keys are of constant size (only two group elements), for any subset of receivers. The public ke ..."
Abstract

Cited by 190 (19 self)
 Add to MetaCart
(Show Context)
We describe two new public key broadcast encryption systems for stateless receivers. Both systems are fully secure against any number of colluders. In our first construction both ciphertexts and private keys are of constant size (only two group elements), for any subset of receivers. The public key size in this system is linear in the total number of receivers. Our second system is a generalization of the first that provides a tradeoff between ciphertext size and public key size. For example, we achieve a collusion resistant broadcast system for n users where both ciphertexts and public keys are of size O (√n) for any subset of receivers. We discuss several applications of these systems.
Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products
"... Abstract. Predicate encryption is a new paradigm generalizing, among other things, identitybased encryption. In a predicate encryption scheme, secret keys correspond to predicates and ciphertexts are associated with attributes; the secret key SKf corresponding to a predicate f can be used to decryp ..."
Abstract

Cited by 168 (23 self)
 Add to MetaCart
Abstract. Predicate encryption is a new paradigm generalizing, among other things, identitybased encryption. In a predicate encryption scheme, secret keys correspond to predicates and ciphertexts are associated with attributes; the secret key SKf corresponding to a predicate f can be used to decrypt a ciphertext associated with attribute I if and only if f(I) = 1. Constructions of such schemes are currently known for relatively few classes of predicates. We construct such a scheme for predicates corresponding to the evaluation of inner products over ZN (for some large integer N). This, in turn, enables constructions in which predicates correspond to the evaluation of disjunctions, polynomials, CNF/DNF formulae, or threshold predicates (among others). Besides serving as a significant step forward in the theory of predicate encryption, our results lead to a number of applications that are interesting in their own right. 1
Practical identitybased encryption without random oracles
 of LNCS
"... Abstract. We present an Identity Based Encryption (IBE) system that is fully secure in the standard model and has several advantages over previous such systems – namely, computational efficiency, shorter public parameters, and a “tight ” security reduction, albeit to a stronger assumption that depen ..."
Abstract

Cited by 139 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present an Identity Based Encryption (IBE) system that is fully secure in the standard model and has several advantages over previous such systems – namely, computational efficiency, shorter public parameters, and a “tight ” security reduction, albeit to a stronger assumption that depends on the number of private key generation queries made by the adversary. Our assumption is a variant of Boneh et al.’s decisional Bilinear DiffieHellman Exponent assumption, which has been used to construct efficient hierarchical IBE and broadcast encryption systems. The construction is remarkably simple. It also provides recipient anonymity automatically, providing a second (and more efficient) solution to the problem of achieving anonymous IBE without random oracles. Finally, our proof of CCA2 security, which has more in common with the security proof for the CramerShoup encryption scheme than with security proofs for other IBE systems, may be of independent interest.
Fully Secure Functional Encryption: AttributeBased Encryption and (Hierarchical) Inner Product Encryption
"... In this paper, we present two fully secure functional encryption schemes. Our first result is a fully secure attributebased encryption (ABE) scheme. Previous constructions of ABE were only proven to be selectively secure. We achieve full security by adapting the dual system encryption methodology r ..."
Abstract

Cited by 139 (21 self)
 Add to MetaCart
In this paper, we present two fully secure functional encryption schemes. Our first result is a fully secure attributebased encryption (ABE) scheme. Previous constructions of ABE were only proven to be selectively secure. We achieve full security by adapting the dual system encryption methodology recently introduced by Waters and previously leveraged to obtain fully secure IBE and HIBE systems. The primary challenge in applying dual system encryption to ABE is the richer structure of keys and ciphertexts. In an IBE or HIBE system, keys and ciphertexts are both associated with the same type of simple object: identities. In an ABE system, keys and ciphertexts are associated with more complex objects: attributes and access formulas. We use a novel informationtheoretic argument to adapt the dual system encryption methodology to the more complicated structure of ABE systems. We construct our system in composite order bilinear groups, where the order is a product of three primes. We prove the security of our system from three static assumptions. Our ABE scheme supports arbitrary monotone access formulas. Our second result is a fully secure (attributehiding) predicate encryption (PE) scheme
Searchable encryption revisited: Consistency properties, relation to anonymous ibe, and extensions. Full version of current paper. Available at IACR Cryptology ePrint Archive, http://eprint.iacr.org
"... Abstract. We identify and fill some gaps with regard to consistency (the extent to which false positives are produced) for publickey encryption with keyword search (PEKS). We define computational and statistical relaxations of the existing notion of perfect consistency, show that the scheme of [7] ..."
Abstract

Cited by 134 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We identify and fill some gaps with regard to consistency (the extent to which false positives are produced) for publickey encryption with keyword search (PEKS). We define computational and statistical relaxations of the existing notion of perfect consistency, show that the scheme of [7] is computationally consistent, and provide a new scheme that is statistically consistent. We also provide a transform of an anonymous IBE scheme to a secure PEKS scheme that, unlike the previous one, guarantees consistency. Finally we suggest three extensions of the basic notions considered here, namely anonymous HIBE, publickey encryption with temporary keyword search, and identitybased encryption
CiphertextPolicy AttributeBased Encryption: An Expressive, Efficient, and Provably Secure Realization
"... We present new techniques for realizing CiphertextPolicy Attribute Encryption (CPABE) under concrete and noninteractive cryptographic assumptions. Our solutions allow any encryptor to specify access control in terms of an LSSS matrix, M, over the attributes in the system. We present three differen ..."
Abstract

Cited by 120 (9 self)
 Add to MetaCart
(Show Context)
We present new techniques for realizing CiphertextPolicy Attribute Encryption (CPABE) under concrete and noninteractive cryptographic assumptions. Our solutions allow any encryptor to specify access control in terms of an LSSS matrix, M, over the attributes in the system. We present three different constructions that allow different tradeoffs between the systems efficiency and the complexity of the assumptions used. All three constructions use a common methodology of “directly ” solving the CPABE problem that enable us to get much better efficiency than prior approaches. 1
Multidimension range query over encrypted data
 In IEEE Symposium on Security and Privacy
, 2007
"... encryption We design an encryption scheme called Multidimensional Range Query over Encrypted Data (MRQED), to address the privacy concerns related to the sharing of network audit logs and various other applications. Our scheme allows a network gateway to encrypt summaries of network flows before su ..."
Abstract

Cited by 108 (4 self)
 Add to MetaCart
(Show Context)
encryption We design an encryption scheme called Multidimensional Range Query over Encrypted Data (MRQED), to address the privacy concerns related to the sharing of network audit logs and various other applications. Our scheme allows a network gateway to encrypt summaries of network flows before submitting them to an untrusted repository. When network intrusions are suspected, an authority can release a key to an auditor, allowing the auditor to decrypt flows whose attributes (e.g., source and destination addresses, port numbers, etc.) fall within specific ranges. However, the privacy of all irrelevant flows are still preserved. We formally define the security for MRQED and prove the security of our construction under the decision bilinear DiffieHellman and decision linear assumptions in certain bilinear groups. We study the practical performance of our construction in the context of network audit logs. Apart from network audit logs, our scheme also has interesting applications for financial audit logs, medical privacy, untrusted remote storage, etc. In particular, we show that MRQED implies a solution to its dual problem, which enables investors to trade stocks through a broker in a privacypreserving manner. 1
Pairingbased Cryptography at High Security Levels
 Proceedings of Cryptography and Coding 2005, volume 3796 of LNCS
, 2005
"... Abstract. In recent years cryptographic protocols based on the Weil and Tate pairings on elliptic curves have attracted much attention. A notable success in this area was the elegant solution by Boneh and Franklin [7] of the problem of efficient identitybased encryption. At the same time, the secur ..."
Abstract

Cited by 92 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In recent years cryptographic protocols based on the Weil and Tate pairings on elliptic curves have attracted much attention. A notable success in this area was the elegant solution by Boneh and Franklin [7] of the problem of efficient identitybased encryption. At the same time, the security standards for public key cryptosystems are expected to increase, so that in the future they will be capable of providing security equivalent to 128, 192, or 256bit AES keys. In this paper we examine the implications of heightened security needs for pairingbased cryptosystems. We first describe three different reasons why highsecurity users might have concerns about the longterm viability of these systems. However, in our view none of the risks inherent in pairingbased systems are sufficiently serious to warrant pulling them from the shelves. We next discuss two families of elliptic curves E for use in pairingbased cryptosystems. The first has the property that the pairing takes values in the prime field Fp over which the curve is defined; the second family consists of supersingular curves with embedding degree k = 2. Finally, we examine the efficiency of the Weil pairing as opposed to the Tate pairing and compare a range of choices of embedding degree k, including k = 1 and k = 24. Let E be the elliptic curve 1.
Direct Chosen Ciphertext Security from IdentityBased Techniques
 In ACM Conference on Computer and Communications Security
, 2005
"... We describe a new encryption technique that is secure in the standard model against adaptive chosen ciphertext (CCA2) attacks. We base our method on two very e#cient IdentityBased Encryption (IBE) schemes without random oracles due to Boneh and Boyen, and Waters. ..."
Abstract

Cited by 83 (7 self)
 Add to MetaCart
We describe a new encryption technique that is secure in the standard model against adaptive chosen ciphertext (CCA2) attacks. We base our method on two very e#cient IdentityBased Encryption (IBE) schemes without random oracles due to Boneh and Boyen, and Waters.
Fully secure functional encryption with general relations from the decisional linear assumption
 In CRYPTO
, 2010
"... This paper presents a fully secure functional encryption scheme for a wide class of relations, that are specified by nonmonotone access structures combined with innerproduct relations. The security is proven under a standard assumption, the decisional linear (DLIN) assumption, in the standard mode ..."
Abstract

Cited by 78 (0 self)
 Add to MetaCart
(Show Context)
This paper presents a fully secure functional encryption scheme for a wide class of relations, that are specified by nonmonotone access structures combined with innerproduct relations. The security is proven under a standard assumption, the decisional linear (DLIN) assumption, in the standard model. The proposed functional encryption scheme covers, as special cases, (1) keypolicy, ciphertextpolicy and unifiedpolicy (of key and ciphertext policies) attributebased encryption with nonmonotone access structures, and (2) (hierarchical) predicate encryption with innerproduct relations and functional encryption with nonzero