Results 1  10
of
251
Attributebased encryption for finegrained access control of encrypted data
 In Proc. of ACMCCS’06
, 2006
"... As more sensitive data is shared and stored by thirdparty sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarsegrained level (i.e., giving another party your private key). We develop ..."
Abstract

Cited by 481 (23 self)
 Add to MetaCart
(Show Context)
As more sensitive data is shared and stored by thirdparty sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarsegrained level (i.e., giving another party your private key). We develop a new cryptosystem for finegrained sharing of encrypted data that we call KeyPolicy AttributeBased Encryption (KPABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of auditlog information and broadcast encryption. Our construction supports delegation of private keys which subsumes Hierarchical IdentityBased Encryption (HIBE). E.3 [Data En
Efficient identitybased encryption without random oracles
, 2005
"... We present the first efficient IdentityBased Encryption (IBE) scheme that is fully secure without random oracles. We first present our IBE construction and reduce the security of our scheme to the decisional Bilinear DiffieHellman (BDH) problem. Additionally, we show that our techniques can be use ..."
Abstract

Cited by 339 (18 self)
 Add to MetaCart
(Show Context)
We present the first efficient IdentityBased Encryption (IBE) scheme that is fully secure without random oracles. We first present our IBE construction and reduce the security of our scheme to the decisional Bilinear DiffieHellman (BDH) problem. Additionally, we show that our techniques can be used to build a new signature scheme that is secure under the computational DiffieHellman assumption without random oracles. 1
Aggregate and Verifiably Encrypted Signatures from Bilinear Maps
, 2002
"... An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verif ..."
Abstract

Cited by 321 (13 self)
 Add to MetaCart
(Show Context)
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verifier that the n users did indeed sign the n original messages (i.e., user i signed message M i for i = 1; : : : ; n). In this paper we introduce the concept of an aggregate signature scheme, present security models for such signatures, and give several applications for aggregate signatures. We construct an efficient aggregate signature from a recent short signature scheme based on bilinear maps due to Boneh, Lynn, and Shacham. Aggregate signatures are useful for reducing the size of certificate chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols such as SBGP. We also show that aggregate signatures give rise to verifiably encrypted signatures. Such signatures enable the verifier to test that a given ciphertext C is the encryption of a signature on a given message M . Verifiably encrypted signatures are used in contractsigning protocols. Finally, we show that similar ideas can be used to extend the short signature scheme to give simple ring signatures.
Hierarchical identity based encryption with constant size ciphertext
, 2005
"... ..."
(Show Context)
Signature schemes and anonymous credentials from bilinear maps
, 2004
"... We propose a new and efficient signature scheme that is provably secure in the plain model. The security of our scheme is based on a discretelogarithmbased assumption put forth by Lysyanskaya, Rivest, Sahai, and Wolf (LRSW) who also showed that it holds for generic groups and is independent of th ..."
Abstract

Cited by 235 (25 self)
 Add to MetaCart
We propose a new and efficient signature scheme that is provably secure in the plain model. The security of our scheme is based on a discretelogarithmbased assumption put forth by Lysyanskaya, Rivest, Sahai, and Wolf (LRSW) who also showed that it holds for generic groups and is independent of the decisional DiffieHellman assumption. We prove security of our scheme under the LRSW assumption for groups with bilinear maps. We then show how our scheme can be used to construct efficient anonymous credential systems as well as group signature and identity escrow schemes. To this end, we provide efficient protocols that allow one to prove in zeroknowledge the knowledge of a signature on a committed (or encrypted) message and to obtain a signature on a committed message.
Efficient SelectiveID Secure IdentityBased Encryption Without Random Oracles
 6. , SECURE IDENTITY BASED ENCRYPTION WITHOUT RANDOM ORACLES., IN FRANKLIN [20
"... We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time t ..."
Abstract

Cited by 219 (9 self)
 Add to MetaCart
(Show Context)
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time to the identity that it intends to attack, whereas in the standard model the adversary is allowed to choose this identity adaptively. Our first secure IBE system extends to give a selective identity Hierarchical IBE secure without random oracles.
Efficient SelectiveID Secure Identity Based Encryption without Random Oracles
, 2004
"... We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time to ..."
Abstract

Cited by 146 (9 self)
 Add to MetaCart
We construct two efficient Identity Based Encryption (IBE) systems that are selective identity secure without the random oracle model. Selective identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time to the identity that it intends to attack, whereas in the standard model the adversary is allowed to choose this identity adaptively. Our first secure IBE system extends to give a selective identity Hierarchical IBE secure without random oracles.
Practical identitybased encryption without random oracles
 of LNCS
"... Abstract. We present an Identity Based Encryption (IBE) system that is fully secure in the standard model and has several advantages over previous such systems – namely, computational efficiency, shorter public parameters, and a “tight ” security reduction, albeit to a stronger assumption that depen ..."
Abstract

Cited by 139 (2 self)
 Add to MetaCart
Abstract. We present an Identity Based Encryption (IBE) system that is fully secure in the standard model and has several advantages over previous such systems – namely, computational efficiency, shorter public parameters, and a “tight ” security reduction, albeit to a stronger assumption that depends on the number of private key generation queries made by the adversary. Our assumption is a variant of Boneh et al.’s decisional Bilinear DiffieHellman Exponent assumption, which has been used to construct efficient hierarchical IBE and broadcast encryption systems. The construction is remarkably simple. It also provides recipient anonymity automatically, providing a second (and more efficient) solution to the problem of achieving anonymous IBE without random oracles. Finally, our proof of CCA2 security, which has more in common with the security proof for the CramerShoup encryption scheme than with security proofs for other IBE systems, may be of independent interest.
Fully Secure Functional Encryption: AttributeBased Encryption and (Hierarchical) Inner Product Encryption
"... In this paper, we present two fully secure functional encryption schemes. Our first result is a fully secure attributebased encryption (ABE) scheme. Previous constructions of ABE were only proven to be selectively secure. We achieve full security by adapting the dual system encryption methodology r ..."
Abstract

Cited by 139 (21 self)
 Add to MetaCart
In this paper, we present two fully secure functional encryption schemes. Our first result is a fully secure attributebased encryption (ABE) scheme. Previous constructions of ABE were only proven to be selectively secure. We achieve full security by adapting the dual system encryption methodology recently introduced by Waters and previously leveraged to obtain fully secure IBE and HIBE systems. The primary challenge in applying dual system encryption to ABE is the richer structure of keys and ciphertexts. In an IBE or HIBE system, keys and ciphertexts are both associated with the same type of simple object: identities. In an ABE system, keys and ciphertexts are associated with more complex objects: attributes and access formulas. We use a novel informationtheoretic argument to adapt the dual system encryption methodology to the more complicated structure of ABE systems. We construct our system in composite order bilinear groups, where the order is a product of three primes. We prove the security of our system from three static assumptions. Our ABE scheme supports arbitrary monotone access formulas. Our second result is a fully secure (attributehiding) predicate encryption (PE) scheme
Secure Identity Based Encryption without Random Oracles
, 2004
"... We present a fully secure identity based encryption scheme whose proof of security does not rely on the random oracle heuristic. Security is based on the decisional bilinear DiffieHellman assumption. Previous constructions of this type incured a large penatly factor in the security reduction from t ..."
Abstract

Cited by 137 (10 self)
 Add to MetaCart
We present a fully secure identity based encryption scheme whose proof of security does not rely on the random oracle heuristic. Security is based on the decisional bilinear DiffieHellman assumption. Previous constructions of this type incured a large penatly factor in the security reduction from the underlying complexity assumption. The security reduction of the present system is polynomial in all the parameters.