Results 1  10
of
81
Efficient identitybased encryption without random oracles
, 2005
"... We present the first efficient IdentityBased Encryption (IBE) scheme that is fully secure without random oracles. We first present our IBE construction and reduce the security of our scheme to the decisional Bilinear DiffieHellman (BDH) problem. Additionally, we show that our techniques can be use ..."
Abstract

Cited by 251 (16 self)
 Add to MetaCart
(Show Context)
We present the first efficient IdentityBased Encryption (IBE) scheme that is fully secure without random oracles. We first present our IBE construction and reduce the security of our scheme to the decisional Bilinear DiffieHellman (BDH) problem. Additionally, we show that our techniques can be used to build a new signature scheme that is secure under the computational DiffieHellman assumption without random oracles. 1
Attributebased encryption for finegrained access control of encrypted data
 In Proc. of ACMCCS’06
, 2006
"... As more sensitive data is shared and stored by thirdparty sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarsegrained level (i.e., giving another party your private key). We develop ..."
Abstract

Cited by 222 (18 self)
 Add to MetaCart
(Show Context)
As more sensitive data is shared and stored by thirdparty sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarsegrained level (i.e., giving another party your private key). We develop a new cryptosystem for finegrained sharing of encrypted data that we call KeyPolicy AttributeBased Encryption (KPABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of auditlog information and broadcast encryption. Our construction supports delegation of private keys which subsumes Hierarchical IdentityBased Encryption (HIBE). E.3 [Data En
ChosenCiphertext Security from IdentityBased Encryption. Adv
 in Cryptology — Eurocrypt 2004, LNCS
, 2004
"... We propose simple and efficient CCAsecure publickey encryption schemes (i.e., schemes secure against adaptive chosenciphertext attacks) based on any identitybased encryption (IBE) scheme. Our constructions have ramifications of both theoretical and practical interest. First, our schemes give a n ..."
Abstract

Cited by 217 (12 self)
 Add to MetaCart
We propose simple and efficient CCAsecure publickey encryption schemes (i.e., schemes secure against adaptive chosenciphertext attacks) based on any identitybased encryption (IBE) scheme. Our constructions have ramifications of both theoretical and practical interest. First, our schemes give a new paradigm for achieving CCAsecurity; this paradigm avoids “proofs of wellformedness ” that have been shown to underlie previous constructions. Second, instantiating our construction using known IBE constructions we obtain CCAsecure encryption schemes whose performance is competitive with the most efficient CCAsecure schemes to date. Our techniques extend naturally to give an efficient method for securing also IBE schemes (even hierarchical ones) against adaptive chosenciphertext attacks. Coupled with previous work, this gives the first efficient constructions of CCAsecure IBE schemes. 1
Hierarchical identity based encryption with constant size ciphertext
, 2005
"... ..."
(Show Context)
Collusion resistant broadcast encryption with short ciphertexts and private keys
"... We describe two new public key broadcast encryption systems for stateless receivers. Both systems are fully secure against any number of colluders. In our first construction both ciphertexts and private keys are of constant size (only two group elements), for any subset of receivers. The public ke ..."
Abstract

Cited by 134 (18 self)
 Add to MetaCart
(Show Context)
We describe two new public key broadcast encryption systems for stateless receivers. Both systems are fully secure against any number of colluders. In our first construction both ciphertexts and private keys are of constant size (only two group elements), for any subset of receivers. The public key size in this system is linear in the total number of receivers. Our second system is a generalization of the first that provides a tradeoff between ciphertext size and public key size. For example, we achieve a collusion resistant broadcast system for n users where both ciphertexts and public keys are of size O (√n) for any subset of receivers. We discuss several applications of these systems.
Sequences of Games: A Tool for Taming Complexity in Security Proofs
, 2004
"... This paper is brief tutorial on a technique for structuring security proofs as sequences games. ..."
Abstract

Cited by 125 (0 self)
 Add to MetaCart
This paper is brief tutorial on a technique for structuring security proofs as sequences games.
Efficient SelectiveID Secure Identity Based Encryption without Random Oracles
, 2004
"... We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time to ..."
Abstract

Cited by 113 (8 self)
 Add to MetaCart
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time to the identity that it intends to attack, whereas in the standard model the adversary is allowed to choose this identity adaptively. Our first secure IBE system extends to give a selective identity Hierarchical IBE secure without random oracles.
Practical identitybased encryption without random oracles
 of LNCS
"... Abstract. We present an Identity Based Encryption (IBE) system that is fully secure in the standard model and has several advantages over previous such systems – namely, computational efficiency, shorter public parameters, and a “tight ” security reduction, albeit to a stronger assumption that depen ..."
Abstract

Cited by 94 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present an Identity Based Encryption (IBE) system that is fully secure in the standard model and has several advantages over previous such systems – namely, computational efficiency, shorter public parameters, and a “tight ” security reduction, albeit to a stronger assumption that depends on the number of private key generation queries made by the adversary. Our assumption is a variant of Boneh et al.’s decisional Bilinear DiffieHellman Exponent assumption, which has been used to construct efficient hierarchical IBE and broadcast encryption systems. The construction is remarkably simple. It also provides recipient anonymity automatically, providing a second (and more efficient) solution to the problem of achieving anonymous IBE without random oracles. Finally, our proof of CCA2 security, which has more in common with the security proof for the CramerShoup encryption scheme than with security proofs for other IBE systems, may be of independent interest.
Lossy Trapdoor Functions and Their Applications
 ELECTRONIC COLLOQUIUM ON COMPUTATIONAL COMPLEXITY, REPORT NO. 80 (2007)
, 2007
"... We propose a new general primitive called lossy trapdoor functions (lossy TDFs), and realize it under a variety of different number theoretic assumptions, including hardness of the decisional DiffieHellman (DDH) problem and the worstcase hardness of standard lattice problems. Using lossy TDFs, we ..."
Abstract

Cited by 92 (19 self)
 Add to MetaCart
(Show Context)
We propose a new general primitive called lossy trapdoor functions (lossy TDFs), and realize it under a variety of different number theoretic assumptions, including hardness of the decisional DiffieHellman (DDH) problem and the worstcase hardness of standard lattice problems. Using lossy TDFs, we develop a new approach for constructing many important cryptographic primitives, including standard trapdoor functions, CCAsecure cryptosystems, collisionresistant hash functions, and more. All of our constructions are simple, efficient, and blackbox. Taken all together, these results resolve some longstanding open problems in cryptography. They give the first known (injective) trapdoor functions based on problems not directly related to integer factorization, and provide the first known CCAsecure cryptosystem based solely on worstcase lattice assumptions.
Direct Chosen Ciphertext Security from IdentityBased Techniques
 In ACM Conference on Computer and Communications Security
, 2005
"... We describe a new encryption technique that is secure in the standard model against adaptive chosen ciphertext (CCA2) attacks. We base our method on two very e#cient IdentityBased Encryption (IBE) schemes without random oracles due to Boneh and Boyen, and Waters. ..."
Abstract

Cited by 79 (7 self)
 Add to MetaCart
We describe a new encryption technique that is secure in the standard model against adaptive chosen ciphertext (CCA2) attacks. We base our method on two very e#cient IdentityBased Encryption (IBE) schemes without random oracles due to Boneh and Boyen, and Waters.