Results 1 
6 of
6
ChosenCiphertext Security from IdentityBased Encryption. Adv
 in Cryptology — Eurocrypt 2004, LNCS
, 2004
"... We propose simple and efficient CCAsecure publickey encryption schemes (i.e., schemes secure against adaptive chosenciphertext attacks) based on any identitybased encryption (IBE) scheme. Our constructions have ramifications of both theoretical and practical interest. First, our schemes give a n ..."
Abstract

Cited by 217 (12 self)
 Add to MetaCart
(Show Context)
We propose simple and efficient CCAsecure publickey encryption schemes (i.e., schemes secure against adaptive chosenciphertext attacks) based on any identitybased encryption (IBE) scheme. Our constructions have ramifications of both theoretical and practical interest. First, our schemes give a new paradigm for achieving CCAsecurity; this paradigm avoids “proofs of wellformedness ” that have been shown to underlie previous constructions. Second, instantiating our construction using known IBE constructions we obtain CCAsecure encryption schemes whose performance is competitive with the most efficient CCAsecure schemes to date. Our techniques extend naturally to give an efficient method for securing also IBE schemes (even hierarchical ones) against adaptive chosenciphertext attacks. Coupled with previous work, this gives the first efficient constructions of CCAsecure IBE schemes. 1
Improved Efficiency for CCASecure Cryptosystems Built Using IdentityBased Encryption
, 2004
"... Recently, Canetti, Halevi, and Katz showed a general method for constructing CCAsecure encryption schemes from identitybased encryption schemes in the standard model. We improve the efficiency of their construction, and show two specific instantiations of our resulting scheme which offer the most ..."
Abstract

Cited by 78 (8 self)
 Add to MetaCart
(Show Context)
Recently, Canetti, Halevi, and Katz showed a general method for constructing CCAsecure encryption schemes from identitybased encryption schemes in the standard model. We improve the efficiency of their construction, and show two specific instantiations of our resulting scheme which offer the most efficient encryption (and, in one case, key generation) of any CCAsecure encryption scheme to date.
Statisticallyhiding commitment from any oneway function
 In 39th STOC
, 2007
"... We give a construction of statisticallyhiding commitment schemes (ones where the hiding property holds information theoretically), based on the minimal cryptographic assumption that oneway functions exist. Our construction employs twophase commitment schemes, recently constructed by Nguyen, Ong a ..."
Abstract

Cited by 30 (7 self)
 Add to MetaCart
We give a construction of statisticallyhiding commitment schemes (ones where the hiding property holds information theoretically), based on the minimal cryptographic assumption that oneway functions exist. Our construction employs twophase commitment schemes, recently constructed by Nguyen, Ong and Vadhan (FOCS ‘06), and universal oneway hash functions introduced and constructed by Naor and Yung (STOC ‘89) and Rompel (STOC ‘90).
Reducing complexity assumptions for statisticallyhiding commitment
 In EUROCRYPT
, 2005
"... We revisit the following question: what are the minimal assumptions needed to construct statisticallyhiding commitment schemes? Naor et al. show how to construct such schemes based on any oneway permutation. We improve upon this by showing a construction based on any approximable preimagesize one ..."
Abstract

Cited by 29 (8 self)
 Add to MetaCart
(Show Context)
We revisit the following question: what are the minimal assumptions needed to construct statisticallyhiding commitment schemes? Naor et al. show how to construct such schemes based on any oneway permutation. We improve upon this by showing a construction based on any approximable preimagesize oneway function. These are oneway functions for which it is possible to efficiently approximate the number of preimages of a given output. A special case is the class of regular oneway functions where all points in the image of the function have the same number of preimages. We also prove two additional results related to statisticallyhiding commitment. First, we prove a (folklore) parallel composition theorem showing, roughly speaking, that the statistical hiding property of any such commitment scheme is amplified exponentially when multiple independent parallel executions of the scheme are carried out. Second, we show a compiler which transforms any commitment scheme which is statistically hiding against an honestbutcurious receiver into one which is statistically hiding even against a malicious receiver. 1
Concurrent/Resettable ZeroKnowledge with Concurrent Soundness in the Bare PublicKey Model and Its Applications
, 2003
"... In this paper, we present both practical and general 4round concurrent and resettable zeroknowledge arguments with concurrent soundness in the bare publickey (BPK) model. To our knowledge, our result is the first work that achieves concurrent soundness for ZK protocols in the BPK model and stan ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
In this paper, we present both practical and general 4round concurrent and resettable zeroknowledge arguments with concurrent soundness in the bare publickey (BPK) model. To our knowledge, our result is the first work that achieves concurrent soundness for ZK protocols in the BPK model and stands for the current stateoftheart of concurrent zeroknowledge with setup assumptions.
Concurrent Knowledge Extraction in the PublicKey Model
, 2009
"... Knowledge extraction is a fundamental notion, modelling machine possession of values (witnesses) in a computational complexity sense. The notion provides an essential tool for cryptographic protocol design and analysis, enabling one to argue about the internal state of protocol players without ever ..."
Abstract
 Add to MetaCart
(Show Context)
Knowledge extraction is a fundamental notion, modelling machine possession of values (witnesses) in a computational complexity sense. The notion provides an essential tool for cryptographic protocol design and analysis, enabling one to argue about the internal state of protocol players without ever looking at this supposedly secret state. However, when transactions are concurrent (e.g., over the Internet) with players possessing publickeys (as is common in cryptography), assuring that entities “know” what they claim to know, where adversaries may be well coordinated across different transactions, turns out to be much more subtle and in need of reexamination. Here, we investigate how to formally treat knowledge possession by parties (with registered publickeys) interacting over the Internet. Stated more technically, we look into the relative power of the notion of “concurrent knowledgeextraction” (CKE) in the concurrent zeroknowledge (CZK) bare publickey (BPK) model. We show the potential vulnerability of maninthemiddle (MIM) attacks turn out to be a real security threat to existing natural protocols running concurrently in the publickey model, which motivates us to introduce and formalize the notion of CKE. Then, both generic (based on standard polynomial assumptions) and efficient (employing complexity leveraging in a novel way) implementations for N P are presented for constantround (in particular, roundoptimal) concurrently knowledgeextractable concurrent zeroknowledge (CZKCKE) arguments in the BPK model. The efficient implementation can be further high practically instantiated for specific numbertheoretic language. Along the way, we discuss and clarify the various subtleties surrounding the security formulation and analysis, which provides insights into the complex CZKCKE setting.