Results 11  20
of
21
Dual System Encryption Framework in PrimeOrder Groups
 IACR Cryptology ePrint Archive
, 2015
"... We propose a new generic framework for achieving fully secure attribute based encryption (ABE) in primeorder bilinear groups. It is generic in the sense that it can be applied to ABE for arbitrary predicate. All previously available frameworks that are generic in this sense are given only in compos ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
We propose a new generic framework for achieving fully secure attribute based encryption (ABE) in primeorder bilinear groups. It is generic in the sense that it can be applied to ABE for arbitrary predicate. All previously available frameworks that are generic in this sense are given only in compositeorder bilinear groups, of which operations are known to be much less efficient than in primeorder ones for the same security level. These consist of the frameworks by Wee (TCC’14) and Attrapadung (Eurocrypt’14). Both provide abstractions of dualsystem encryption techniques introduced by Waters (Crypto’09). Our framework can be considered as a primeorder version of Attrapadung’s framework and works in a similar manner: it relies on a main component called pair encodings, and it generically compiles any secure pair encoding scheme for a predicate in consideration to a fully secure ABE scheme for that predicate. One feature of our new compiler is that although the resulting ABE schemes will be newly defined in primeorder groups, we require essentially the same security notions of pair encodings as before. Beside the security of pair encodings, our framework assumes only the Matrix DiffieHellman assumption (Escala et al., Crypto’13), which is a
Short Paper On the Generic Hardness of DDHII
"... Abstract. The well known Decisional DiffieHellman assumption states that given g, ga and gb, for random a, b, the element gab is pseudorandom. Canetti in [Can97] introduced a variant of this assumption in which b is still random but a is drawn according to some wellspread distribution. In this p ..."
Abstract
 Add to MetaCart
Abstract. The well known Decisional DiffieHellman assumption states that given g, ga and gb, for random a, b, the element gab is pseudorandom. Canetti in [Can97] introduced a variant of this assumption in which b is still random but a is drawn according to some wellspread distribution. In this paper we prove that his assumption holds in the generic group model and demonstrate its broad applicability in the context of leakage resilient cryptography. 1
AttributeBased Encryption for a Subclass of Circuits with Bounded Depth from Lattices
"... Abstract. In this work, we present two KeyPolicy AttributeBased Encryption (ABE) schemes for some subclass of circuits based on the Learning with Error (LWE) assumption. Our constructions are selectively secure in the standard model. More specifically, our first construction supports a subclass of ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. In this work, we present two KeyPolicy AttributeBased Encryption (ABE) schemes for some subclass of circuits based on the Learning with Error (LWE) assumption. Our constructions are selectively secure in the standard model. More specifically, our first construction supports a subclass of circuits with polynomially bounded depth. We call this subclass the ORrestricted circuits which means that for any input x, if f(x) = 0 then for all the OR gates in f, at least one of its incoming wires will evaluate to 0. The second one is a KeyPolicy ABE scheme for shallow circuits whose depth is bounded by O(log log λ), where λ is the security parameter.
Relaxed Twotoone Recoding Schemes
"... A twotoone recoding (TOR) scheme is a new cryptographic primitive, proposed in the recent work of Gorbunov, Vaikuntanathan, and Wee (GVW), as a means to construct attributebased encryption (ABE) schemes for all boolean circuits. GVW show that TOR schemes can be constructed assuming the hardness o ..."
Abstract
 Add to MetaCart
A twotoone recoding (TOR) scheme is a new cryptographic primitive, proposed in the recent work of Gorbunov, Vaikuntanathan, and Wee (GVW), as a means to construct attributebased encryption (ABE) schemes for all boolean circuits. GVW show that TOR schemes can be constructed assuming the hardness of the learningwitherrors (LWE) problem. We propose a slightly weaker variant of TOR schemes called correlationrelaxed twotoone recoding (CRTOR). Unlike the TOR schemes, our weaker variant does not require an encoding function to be pseudorandom on correlated inputs. We instead replace it with an indistinguishability property that states a ciphertext is hard to decrypt without access to a certain encoding. The primary benefit of this relaxation is that it allows the construction of ABE for circuits using the TOR paradigm from a broader class of cryptographic assumptions. We show how to construct a CRTOR scheme from the noisy cryptographic multilinear maps of Garg, Gentry, and Halevi as well as those of Coron, Lepoint, and Tibouchi. Our framework leads to an instantiation of ABE for circuits that is conceptually different from the existing constructions. 1
Dual syste...
"... Dual system encryption techniques introduced by Waters in Crypto’09 are powerful approaches for constructing fully secure functional encryption (FE) for many predicates. However, there are still some FE for certain predicates to which dual system encryption techniques seem inapplicable, and hence t ..."
Abstract
 Add to MetaCart
(Show Context)
Dual system encryption techniques introduced by Waters in Crypto’09 are powerful approaches for constructing fully secure functional encryption (FE) for many predicates. However, there are still some FE for certain predicates to which dual system encryption techniques seem inapplicable, and hence their fullysecure realization remains an important problem. A notable example is FE for regular languages, introduced by Waters in Crypto’12. We propose a generic framework that abstracts the concept of dual system encryption techniques. We introduce a new primitive called pair encoding scheme for predicates and show that it implies fully secure functional encryption (for the same predicates) via a generic construction. Using the framework, we obtain the first fully secure schemes for functional encryption primitives of which only selectively secure schemes were known so far. Our three main instantiations include FE for regular languages, unbounded attributebased encryption (ABE) for large universes, and ABE with constantsize ciphertexts. Our main ingredient for overcoming the barrier of inapplicability for the dual system techniques to certain predicates is a computational security notion of the pair encoding scheme which
Fully Secure Functional Encryption for Inner Products, from Standard Assumptions
"... Abstract. Functional encryption is a modern publickey paradigm where a master secret key can be used to derive subkeys SKF associated with certain functions F in such a way that the decryption operation reveals F (M), if M is the encrypted message, and nothing else. Recently, Abdalla et al. gave s ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Functional encryption is a modern publickey paradigm where a master secret key can be used to derive subkeys SKF associated with certain functions F in such a way that the decryption operation reveals F (M), if M is the encrypted message, and nothing else. Recently, Abdalla et al. gave simple and efficient realizations of the primitive for the computation of linear functions on encrypted data: given an encryption of a vector y over some specified base ring, a secret key SKx for the vector x allows computing 〈x,y〉. Their technique surprisingly allows for instantiations under standard assumptions, like the hardness of the Decision DiffieHellman (DDH) and LearningwithErrors (LWE) problems. Their constructions, however, are only proved secure against selective adversaries, which have to declare the challenge messages M0 and M1 at the outset of the game. In this paper, we provide constructions that provably achieve security against more realistic adaptive attacks (where the messages M0 and M1
Generic Conversions from CPA to CCA secure Functional Encryption
"... Abstract. In 2004, CanettiHaleviKatz and later BonehKatz showed generic CCAsecure PKE constructions from a CPAsecure IBE. Goyal et al. in 2006 further extended the aforementioned idea implicitly to provide a specific CCAsecure KPABE with policies represented by monotone access trees. Later, ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. In 2004, CanettiHaleviKatz and later BonehKatz showed generic CCAsecure PKE constructions from a CPAsecure IBE. Goyal et al. in 2006 further extended the aforementioned idea implicitly to provide a specific CCAsecure KPABE with policies represented by monotone access trees. Later, Yamada et al. in 2011 generalized the CPA to CCA conversion to all those ABE, where the policies are represented by either monotone access trees (MAT) or monotone span programs (MSP), but not the others like sets of minimal sets. Moreover, the underlying CPAsecure constructions must satisfy one of the two features called keydelegation and verifiability. Along with ABE, many other different encryptions schemes, such as innerproduct, hidden vector, spatial encryption schemes etc. can be studied under an unified framework, called functional encryption (FE), as introduced by BonehSahaiWaters in 2011. The generic conversions, due to Yamada et al., can not be applied to all these functional encryption schemes. On the other hand, to the best of our knowledge, there is no known CCAsecure construction beyond ABE over MSP and MAT. This paper provides different ways of obtaining CCAsecure functional encryptions of almost all categories. In particular, we provide a generic conversion from a CPAsecure functional encryption into a CCAsecure functional encryption provided the underlying CPAsecure encryption scheme has either restricted delegation or verifiability feature. We observe that almost all functional encryption schemes have this feature. The KPFE schemes of Waters (proposed in 2012) and Attrapadung (proposed in 2014) for regular languages do not possess the usual delegation property. However, they can be converted into corresponding CCAsecure schemes as they satisfy the restricted delegation.
Conversions among Several Classes of Predicate Encryption and Applications to ABE with Various Compactness Tradeoffs
, 2015
"... Predicate encryption is an advanced form of publickey encryption that yield high flexibility in terms of access control. In the literature, many predicate encryption schemes have been proposed such as fuzzyIBE, KPABE, CPABE, (doubly) spatial encryption (DSE), and ABE for arithmetic span programs ..."
Abstract
 Add to MetaCart
Predicate encryption is an advanced form of publickey encryption that yield high flexibility in terms of access control. In the literature, many predicate encryption schemes have been proposed such as fuzzyIBE, KPABE, CPABE, (doubly) spatial encryption (DSE), and ABE for arithmetic span programs. In this paper, we study relations among them and show that some of them are in fact equivalent by giving conversions among them. More specifically, our main contributions are as follows: − We show that monotonic, small universe KPABE (CPABE) with bounds on the size of attribute sets and span programs (or linear secret sharing matrix) can be converted into DSE. Furthermore, we show that DSE implies nonmonotonic CPABE (and KPABE) with the same bounds on parameters. This implies that monotonic/nonmonotonic KP/CPABE (with the bounds) and DSE are all equivalent in the sense that one implies another. − We also show that if we start from KPABE without bounds on the size of span programs (but bounds on the size of attribute sets), we can obtain ABE for arithmetic span programs. The other direction is also shown: ABE for arithmetic span programs can be converted into KPABE. These
Papers Faculty of Engineering and Information Sciences
"... An adaptively CCAsecure ciphertextpolicy attributebased proxy reencryption for cloud data sharing ..."
Abstract
 Add to MetaCart
(Show Context)
An adaptively CCAsecure ciphertextpolicy attributebased proxy reencryption for cloud data sharing
LIBRARIES BUILDING PRACTICAL SYSTEMS THAT COMPUTE ON ENCRYPTED DATA
, 2014
"... Theft of confidential data is prevalent. In most applications, confidential data is stored at servers. Thus, existing systems naturally try to prevent adversaries from compromising these servers. However, experience has shown that adversaries still find a way to break in and steal the data. This dis ..."
Abstract
 Add to MetaCart
Theft of confidential data is prevalent. In most applications, confidential data is stored at servers. Thus, existing systems naturally try to prevent adversaries from compromising these servers. However, experience has shown that adversaries still find a way to break in and steal the data. This dissertation shows how to protect data confidentiality even when attackers get access to all the data stored on servers. We achieve this protection through a new approach to building secure systems: building practical systems that compute on encrypted data, without access to the decryption key. In this setting, we designed and built a database system (CryptDB), a web application platform (Mylar), and two mobile systems, as well as developed new cryptographic schemes for them. We showed that these systems support a wide range of applications with low overhead. The work in this thesis has already had impact: Google uses CryptDB's design for their new Encrypted BigQuery