Results 1  10
of
81
Attributebased encryption for finegrained access control of encrypted data
 In Proc. of ACMCCS’06
, 2006
"... As more sensitive data is shared and stored by thirdparty sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarsegrained level (i.e., giving another party your private key). We develop ..."
Abstract

Cited by 434 (22 self)
 Add to MetaCart
(Show Context)
As more sensitive data is shared and stored by thirdparty sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarsegrained level (i.e., giving another party your private key). We develop a new cryptosystem for finegrained sharing of encrypted data that we call KeyPolicy AttributeBased Encryption (KPABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of auditlog information and broadcast encryption. Our construction supports delegation of private keys which subsumes Hierarchical IdentityBased Encryption (HIBE). E.3 [Data En
ChosenCiphertext Security from IdentityBased Encryption. Adv
 in Cryptology — Eurocrypt 2004, LNCS
, 2004
"... We propose simple and efficient CCAsecure publickey encryption schemes (i.e., schemes secure against adaptive chosenciphertext attacks) based on any identitybased encryption (IBE) scheme. Our constructions have ramifications of both theoretical and practical interest. First, our schemes give a n ..."
Abstract

Cited by 259 (13 self)
 Add to MetaCart
(Show Context)
We propose simple and efficient CCAsecure publickey encryption schemes (i.e., schemes secure against adaptive chosenciphertext attacks) based on any identitybased encryption (IBE) scheme. Our constructions have ramifications of both theoretical and practical interest. First, our schemes give a new paradigm for achieving CCAsecurity; this paradigm avoids “proofs of wellformedness ” that have been shown to underlie previous constructions. Second, instantiating our construction using known IBE constructions we obtain CCAsecure encryption schemes whose performance is competitive with the most efficient CCAsecure schemes to date. Our techniques extend naturally to give an efficient method for securing also IBE schemes (even hierarchical ones) against adaptive chosenciphertext attacks. Coupled with previous work, this gives the first efficient constructions of CCAsecure IBE schemes. 1
Practical identitybased encryption without random oracles
 of LNCS
"... Abstract. We present an Identity Based Encryption (IBE) system that is fully secure in the standard model and has several advantages over previous such systems – namely, computational efficiency, shorter public parameters, and a “tight ” security reduction, albeit to a stronger assumption that depen ..."
Abstract

Cited by 125 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present an Identity Based Encryption (IBE) system that is fully secure in the standard model and has several advantages over previous such systems – namely, computational efficiency, shorter public parameters, and a “tight ” security reduction, albeit to a stronger assumption that depends on the number of private key generation queries made by the adversary. Our assumption is a variant of Boneh et al.’s decisional Bilinear DiffieHellman Exponent assumption, which has been used to construct efficient hierarchical IBE and broadcast encryption systems. The construction is remarkably simple. It also provides recipient anonymity automatically, providing a second (and more efficient) solution to the problem of achieving anonymous IBE without random oracles. Finally, our proof of CCA2 security, which has more in common with the security proof for the CramerShoup encryption scheme than with security proofs for other IBE systems, may be of independent interest.
Lossy Trapdoor Functions and Their Applications
 ELECTRONIC COLLOQUIUM ON COMPUTATIONAL COMPLEXITY, REPORT NO. 80 (2007)
, 2007
"... We propose a new general primitive called lossy trapdoor functions (lossy TDFs), and realize it under a variety of different number theoretic assumptions, including hardness of the decisional DiffieHellman (DDH) problem and the worstcase hardness of standard lattice problems. Using lossy TDFs, we ..."
Abstract

Cited by 118 (21 self)
 Add to MetaCart
(Show Context)
We propose a new general primitive called lossy trapdoor functions (lossy TDFs), and realize it under a variety of different number theoretic assumptions, including hardness of the decisional DiffieHellman (DDH) problem and the worstcase hardness of standard lattice problems. Using lossy TDFs, we develop a new approach for constructing many important cryptographic primitives, including standard trapdoor functions, CCAsecure cryptosystems, collisionresistant hash functions, and more. All of our constructions are simple, efficient, and blackbox. Taken all together, these results resolve some longstanding open problems in cryptography. They give the first known (injective) trapdoor functions based on problems not directly related to integer factorization, and provide the first known CCAsecure cryptosystem based solely on worstcase lattice assumptions.
TagKEM/DEM: a New Framework for Hybrid Encryption and a New Analysis of KurosawaDesmedt KEM
 in Proc. Eurocrypt
, 2005
"... Abstract This paper presents a novel framework for the generic construction of hybrid encryptionschemes which produces more efficient schemes than the ones known before. A previous ..."
Abstract

Cited by 66 (8 self)
 Add to MetaCart
(Show Context)
Abstract This paper presents a novel framework for the generic construction of hybrid encryptionschemes which produces more efficient schemes than the ones known before. A previous
Secure Hybrid Encryption from Weakened Key Encapsulation
 Advances in Cryptology – CRYPTO 2007
, 2007
"... Abstract We put forward a new paradigm for building hybrid encryption schemes from constrainedchosenciphertext secure (CCCA) keyencapsulation mechanisms (KEMs) plus authenticated ..."
Abstract

Cited by 54 (9 self)
 Add to MetaCart
(Show Context)
Abstract We put forward a new paradigm for building hybrid encryption schemes from constrainedchosenciphertext secure (CCCA) keyencapsulation mechanisms (KEMs) plus authenticated
version. The Twin DiffieHellman Problem and Applications
, 2008
"... We propose a new computational problem called the twin DiffieHellman problem. This problem is closely related to the usual (computational) DiffieHellman problem and can be used in many of the same cryptographic constructions that are based on the DiffieHellman problem. Moreover, the twin DiffieH ..."
Abstract

Cited by 44 (4 self)
 Add to MetaCart
(Show Context)
We propose a new computational problem called the twin DiffieHellman problem. This problem is closely related to the usual (computational) DiffieHellman problem and can be used in many of the same cryptographic constructions that are based on the DiffieHellman problem. Moreover, the twin DiffieHellman problem is at least as hard as the ordinary DiffieHellman problem. However, we are able to show that the twin DiffieHellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem — this is a feature not enjoyed by the ordinary DiffieHellman problem. In particular, we show how to build a certain “trapdoor test ” that allows us to effectively answer such decision oracle queries without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary DiffieHellman problem is hard. We present several other applications as well, including: a new variant of Diffie and Hellman’s noninteractive key exchange protocol; a new variant of CramerShoup encryption, with a very simple proof in the standard model; a new variant of BonehFranklin identitybased encryption, with very short ciphertexts; a more robust version of a passwordauthenticated key exchange protocol of Abdalla and Pointcheval. 1
ChosenCiphertext Security via Correlated Products
"... We initiate the study of onewayness under correlated products. We are interested in identifying necessary and sufficient conditions for a function f and a distribution on inputs (x1,..., xk), so that the function (f(x1),..., f(xk)) is oneway. The main motivation of this study is the construction o ..."
Abstract

Cited by 42 (4 self)
 Add to MetaCart
(Show Context)
We initiate the study of onewayness under correlated products. We are interested in identifying necessary and sufficient conditions for a function f and a distribution on inputs (x1,..., xk), so that the function (f(x1),..., f(xk)) is oneway. The main motivation of this study is the construction of publickey encryption schemes that are secure against chosenciphertext attacks (CCA). We show that any collection of injective trapdoor functions that is secure under very natural correlated products can be used to construct a CCAsecure publickey encryption scheme. The construction is simple, blackbox, and admits a direct proof of security. We provide evidence that security under correlated products is achievable by demonstrating that any collection of lossy trapdoor functions, a powerful primitive introduced by Peikert and Waters (STOC ’08), yields a collection of injective trapdoor functions that is secure under the above mentioned natural correlated products. Although we eventually base security under correlated products on lossy trapdoor functions, we argue that the former notion is potentially weaker as a general assumption. Specifically, there is no fullyblackbox construction of lossy trapdoor functions from trapdoor functions that are secure under correlated products.
A cramershoup encryption scheme from the linear assumption and from progressively weaker linear variants
, 2007
"... We describe a CCAsecure publickey encryption scheme, in the CramerShoup paradigm, based on the Linear assumption of Boneh, Boyen, and Shacham. Through a comparison to the Kiltz tagencryption scheme from TCC 2006, our scheme gives evidence that the CramerShoup paradigm yields CCA encryption with ..."
Abstract

Cited by 39 (0 self)
 Add to MetaCart
(Show Context)
We describe a CCAsecure publickey encryption scheme, in the CramerShoup paradigm, based on the Linear assumption of Boneh, Boyen, and Shacham. Through a comparison to the Kiltz tagencryption scheme from TCC 2006, our scheme gives evidence that the CramerShoup paradigm yields CCA encryption with shorter ciphertexts than the CanettiHaleviKatz paradigm. We present a generalization of the Linear assumption into a family of progressively weaker assumptions and show how to instantiate our Linear CramerShoup encryption using the progressively weaker members of this family.
Chosen ciphertext secure public key threshold encryption without random oracles
 in Proceedings of RSACT 2006
, 2006
"... Abstract. We present a noninteractive chosen ciphertext secure threshold encryption system. The proof of security is set in the standard model and does not use random oracles. Our construction uses the recent identity based encryption system of Boneh and Boyen and the chosen ciphertext secure const ..."
Abstract

Cited by 30 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We present a noninteractive chosen ciphertext secure threshold encryption system. The proof of security is set in the standard model and does not use random oracles. Our construction uses the recent identity based encryption system of Boneh and Boyen and the chosen ciphertext secure construction of Canetti, Halevi, and Katz.