Results 1  10
of
631
IdentityBased Encryption from the Weil Pairing
, 2001
"... We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic ..."
Abstract

Cited by 1246 (25 self)
 Add to MetaCart
(Show Context)
We propose a fully functional identitybased encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational DiffieHellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
Efficient algorithms for pairingbased cryptosystems
, 2002
"... Abstract. We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in ..."
Abstract

Cited by 313 (23 self)
 Add to MetaCart
(Show Context)
Abstract. We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics. We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fpm, the latter technique being also useful in contexts other than that of pairingbased cryptography. 1
Short Signatures without Random Oracles
, 2004
"... We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption we call the Strong Di#eHellman assumption. This assumption has similar properties to the Strong RS ..."
Abstract

Cited by 295 (14 self)
 Add to MetaCart
(Show Context)
We describe a short signature scheme which is existentially unforgeable under a chosen message attack without using random oracles. The security of our scheme depends on a new complexity assumption we call the Strong Di#eHellman assumption. This assumption has similar properties to the Strong RSA assumption, hence the name. Strong RSA was previously used to construct signature schemes without random oracles. However, signatures generated by our scheme are much shorter and simpler than signatures from schemes based on Strong RSA.
Short group signatures
 In proceedings of CRYPTO ’04, LNCS series
, 2004
"... Abstract. We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the Strong DiffieHellman assumption and a new assumption in bilinear groups called the Decision ..."
Abstract

Cited by 292 (21 self)
 Add to MetaCart
(Show Context)
Abstract. We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the Strong DiffieHellman assumption and a new assumption in bilinear groups called the Decision Linear assumption. We prove security of our system, in the random oracle model, using a variant of the security definition for group signatures recently given by Bellare, Micciancio, and Warinschi. 1
Efficient identitybased encryption without random oracles
, 2005
"... We present the first efficient IdentityBased Encryption (IBE) scheme that is fully secure without random oracles. We first present our IBE construction and reduce the security of our scheme to the decisional Bilinear DiffieHellman (BDH) problem. Additionally, we show that our techniques can be use ..."
Abstract

Cited by 251 (16 self)
 Add to MetaCart
(Show Context)
We present the first efficient IdentityBased Encryption (IBE) scheme that is fully secure without random oracles. We first present our IBE construction and reduce the security of our scheme to the decisional Bilinear DiffieHellman (BDH) problem. Additionally, we show that our techniques can be used to build a new signature scheme that is secure under the computational DiffieHellman assumption without random oracles. 1
Aggregate and Verifiably Encrypted Signatures from Bilinear Maps
, 2002
"... An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verif ..."
Abstract

Cited by 250 (14 self)
 Add to MetaCart
(Show Context)
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verifier that the n users did indeed sign the n original messages (i.e., user i signed message M i for i = 1; : : : ; n). In this paper we introduce the concept of an aggregate signature scheme, present security models for such signatures, and give several applications for aggregate signatures. We construct an efficient aggregate signature from a recent short signature scheme based on bilinear maps due to Boneh, Lynn, and Shacham. Aggregate signatures are useful for reducing the size of certificate chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols such as SBGP. We also show that aggregate signatures give rise to verifiably encrypted signatures. Such signatures enable the verifier to test that a given ciphertext C is the encryption of a signature on a given message M . Verifiably encrypted signatures are used in contractsigning protocols. Finally, we show that similar ideas can be used to extend the short signature scheme to give simple ring signatures.
ChosenCiphertext Security from IdentityBased Encryption. Adv
 in Cryptology — Eurocrypt 2004, LNCS
, 2004
"... We propose simple and efficient CCAsecure publickey encryption schemes (i.e., schemes secure against adaptive chosenciphertext attacks) based on any identitybased encryption (IBE) scheme. Our constructions have ramifications of both theoretical and practical interest. First, our schemes give a n ..."
Abstract

Cited by 217 (12 self)
 Add to MetaCart
We propose simple and efficient CCAsecure publickey encryption schemes (i.e., schemes secure against adaptive chosenciphertext attacks) based on any identitybased encryption (IBE) scheme. Our constructions have ramifications of both theoretical and practical interest. First, our schemes give a new paradigm for achieving CCAsecurity; this paradigm avoids “proofs of wellformedness ” that have been shown to underlie previous constructions. Second, instantiating our construction using known IBE constructions we obtain CCAsecure encryption schemes whose performance is competitive with the most efficient CCAsecure schemes to date. Our techniques extend naturally to give an efficient method for securing also IBE schemes (even hierarchical ones) against adaptive chosenciphertext attacks. Coupled with previous work, this gives the first efficient constructions of CCAsecure IBE schemes. 1
Hierarchical IDBased Cryptography
, 2002
"... We present hierarchical identitybased encryption schemes and signature schemes that have total collusion resistance on an arbitrary number of levels and that have chosen ciphertext security in the random oracle model assuming the difficulty of the Bilinear DiffieHellman problem. ..."
Abstract

Cited by 197 (3 self)
 Add to MetaCart
We present hierarchical identitybased encryption schemes and signature schemes that have total collusion resistance on an arbitrary number of levels and that have chosen ciphertext security in the random oracle model assuming the difficulty of the Bilinear DiffieHellman problem.
Hierarchical identity based encryption with constant size ciphertext
, 2005
"... ..."
(Show Context)
Efficient threshold signature, multisignature and blind signature schemes based on the GapDiffieHellmanGroup signature scheme
 PROCEEDINGS OF PKC 2003, VOLUME 2567 OF LNCS
, 2003
"... We propose a robust proactive threshold signature scheme, a multisignature scheme and a blind signature scheme which work in any Gap DiffieHellman (GDH) group (where the Computational DiffieHellman problem is hard but the Decisional DiffieHellman problem is easy). Our constructions are based on t ..."
Abstract

Cited by 168 (0 self)
 Add to MetaCart
We propose a robust proactive threshold signature scheme, a multisignature scheme and a blind signature scheme which work in any Gap DiffieHellman (GDH) group (where the Computational DiffieHellman problem is hard but the Decisional DiffieHellman problem is easy). Our constructions are based on the recently proposed GDH signature scheme of Boneh et al. [8]. Due to the instrumental structure of GDH groups and of the base scheme, it turns out that most of our constructions are simpler, more efficient and have more useful properties than similar existing constructions. We support all the proposed schemes with proofs under the appropriate computational assumptions, using the corresponding notions of security.