Results 1  10
of
250
IdentityBased Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract

Cited by 1587 (28 self)
 Add to MetaCart
(Show Context)
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
Attributebased encryption for finegrained access control of encrypted data
 In Proc. of ACMCCS’06
, 2006
"... As more sensitive data is shared and stored by thirdparty sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarsegrained level (i.e., giving another party your private key). We develop ..."
Abstract

Cited by 434 (22 self)
 Add to MetaCart
(Show Context)
As more sensitive data is shared and stored by thirdparty sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarsegrained level (i.e., giving another party your private key). We develop a new cryptosystem for finegrained sharing of encrypted data that we call KeyPolicy AttributeBased Encryption (KPABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of auditlog information and broadcast encryption. Our construction supports delegation of private keys which subsumes Hierarchical IdentityBased Encryption (HIBE). E.3 [Data En
Ciphertextpolicy attributebased encryption
 In Proceedings of the IEEE Symposium on Security and Privacy (To Appear
, 2007
"... ..."
Hierarchical IDBased Cryptography
, 2002
"... We present hierarchical identitybased encryption schemes and signature schemes that have total collusion resistance on an arbitrary number of levels and that have chosen ciphertext security in the random oracle model assuming the difficulty of the Bilinear DiffieHellman problem. ..."
Abstract

Cited by 238 (3 self)
 Add to MetaCart
We present hierarchical identitybased encryption schemes and signature schemes that have total collusion resistance on an arbitrary number of levels and that have chosen ciphertext security in the random oracle model assuming the difficulty of the Bilinear DiffieHellman problem.
Efficient SelectiveID Secure IdentityBased Encryption Without Random Oracles
 6. , SECURE IDENTITY BASED ENCRYPTION WITHOUT RANDOM ORACLES., IN FRANKLIN [20
"... We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time t ..."
Abstract

Cited by 208 (8 self)
 Add to MetaCart
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time to the identity that it intends to attack, whereas in the standard model the adversary is allowed to choose this identity adaptively. Our first secure IBE system extends to give a selective identity Hierarchical IBE secure without random oracles.
Efficient Identity Based Signature Schemes Based on Pairings
 SAC 2002, LNCS 2595
, 2002
"... We develop an efficient identity based signature scheme based on pairings whose security relies on the hardness of the DiffieHellman problem in the random oracle model. We describe how this scheme is obtained as a special version of a more general generic scheme which yields further new provably se ..."
Abstract

Cited by 184 (2 self)
 Add to MetaCart
(Show Context)
We develop an efficient identity based signature scheme based on pairings whose security relies on the hardness of the DiffieHellman problem in the random oracle model. We describe how this scheme is obtained as a special version of a more general generic scheme which yields further new provably secure identity based signature schemes if pairings are used. The generic scheme also includes traditional public key signature schemes. We further discuss issues of key escrow and the distribution of keys to multiple trust authorities. The appendix contains a brief description of the relevant properties of supersingular elliptic curves and the Weil and Tate pairings.
Trapdoors for Hard Lattices and New Cryptographic Constructions
, 2007
"... We show how to construct a variety of “trapdoor ” cryptographic tools assuming the worstcase hardness of standard lattice problems (such as approximating the shortest nonzero vector to within small factors). The applications include trapdoor functions with preimage sampling, simple and efficient “ha ..."
Abstract

Cited by 178 (25 self)
 Add to MetaCart
We show how to construct a variety of “trapdoor ” cryptographic tools assuming the worstcase hardness of standard lattice problems (such as approximating the shortest nonzero vector to within small factors). The applications include trapdoor functions with preimage sampling, simple and efficient “hashandsign ” digital signature schemes, universally composable oblivious transfer, and identitybased encryption. A core technical component of our constructions is an efficient algorithm that, given a basis of an arbitrary lattice, samples lattice points from a Gaussianlike probability distribution whose standard deviation is essentially the length of the longest vector in the basis. In particular, the crucial security property is that the output distribution of the algorithm is oblivious to the particular geometry of the given basis. ∗ Supported by the Herbert Kunzel Stanford Graduate Fellowship. † This material is based upon work supported by the National Science Foundation under Grants CNS0716786 and CNS0749931. Any opinions, findings, and conclusions or recommedations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. ‡ The majority of this work was performed while at SRI International. 1 1
Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products
"... Abstract. Predicate encryption is a new paradigm generalizing, among other things, identitybased encryption. In a predicate encryption scheme, secret keys correspond to predicates and ciphertexts are associated with attributes; the secret key SKf corresponding to a predicate f can be used to decryp ..."
Abstract

Cited by 157 (22 self)
 Add to MetaCart
Abstract. Predicate encryption is a new paradigm generalizing, among other things, identitybased encryption. In a predicate encryption scheme, secret keys correspond to predicates and ciphertexts are associated with attributes; the secret key SKf corresponding to a predicate f can be used to decrypt a ciphertext associated with attribute I if and only if f(I) = 1. Constructions of such schemes are currently known for relatively few classes of predicates. We construct such a scheme for predicates corresponding to the evaluation of inner products over ZN (for some large integer N). This, in turn, enables constructions in which predicates correspond to the evaluation of disjunctions, polynomials, CNF/DNF formulae, or threshold predicates (among others). Besides serving as a significant step forward in the theory of predicate encryption, our results lead to a number of applications that are interesting in their own right. 1
Efficient SelectiveID Secure Identity Based Encryption without Random Oracles
, 2004
"... We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time to ..."
Abstract

Cited by 133 (9 self)
 Add to MetaCart
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time to the identity that it intends to attack, whereas in the standard model the adversary is allowed to choose this identity adaptively. Our first secure IBE system extends to give a selective identity Hierarchical IBE secure without random oracles.