Results 1 
5 of
5
Unbounded HIBE and AttributeBased Encryption
"... In this work, we present HIBE and ABE schemes which are “unbounded ” in the sense that the public parameters do not impose additional limitations on the functionality of the systems. In all previous constructions of HIBE in the standard model, a maximum hierarchy depth had to be fixed at setup. In a ..."
Abstract

Cited by 40 (8 self)
 Add to MetaCart
In this work, we present HIBE and ABE schemes which are “unbounded ” in the sense that the public parameters do not impose additional limitations on the functionality of the systems. In all previous constructions of HIBE in the standard model, a maximum hierarchy depth had to be fixed at setup. In all previous constructions of ABE in the standard model, either a small universe size or a bound on the size of attribute sets had to be fixed at setup. Our constructions avoid these limitations. We use a nested dual system encryption argument to prove full security for our HIBE scheme and selective security for our ABE scheme, both in the standard model and relying on static assumptions. Our ABE scheme supports LSSS matrices as access structures and also provides delegation capabilities to users. 1
NonInteractive Key Exchange ⋆
"... Abstract Noninteractive key exchange (NIKE) is a fundamental but muchoverlooked cryptographic primitive. It appears as a major contribution in the groundbreaking paper of Diffie and Hellman, but NIKE has remained largely unstudied since then. In this paper, we provide different security models fo ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
Abstract Noninteractive key exchange (NIKE) is a fundamental but muchoverlooked cryptographic primitive. It appears as a major contribution in the groundbreaking paper of Diffie and Hellman, but NIKE has remained largely unstudied since then. In this paper, we provide different security models for this primitive and explore the relationships between them. We then give constructions for secure NIKE in the Random Oracle Model based on the hardness of factoring and in the standard model based on the hardness of a variant of the decisional Bilinear Diffie Hellman Problem for asymmetric pairings. We also study the relationship between NIKE and public key encryption (PKE), showing that a secure NIKE scheme can be generically converted into an INDCCA secure PKE scheme. This conversion also illustrates the fundamental nature of NIKE in public key cryptography.
From SelectiveID to FullID IBS without Random Oracles
, 2013
"... Since its induction, the selectiveidentity (sID) model for identitybased cryptosystems and its relationship with various other notions of security has been extensively studied. As a result, it is a general consensus that the sID model is much weaker than the fullidentity (ID) model. In this paper ..."
Abstract
 Add to MetaCart
Since its induction, the selectiveidentity (sID) model for identitybased cryptosystems and its relationship with various other notions of security has been extensively studied. As a result, it is a general consensus that the sID model is much weaker than the fullidentity (ID) model. In this paper, we study the sID model for the particular case of identitybased signatures (IBS). The main focus is on the problem of constructing an IDsecure IBS given an sIDsecure IBS without using random oracles–the socalled standard model–and with reasonable security degradation. We accomplish this by devising a generic construction which uses as blackbox: i) a chameleon hash function and ii) a weaklysecure publickey signature. We argue that the resulting IBS is IDsecure but with a tightness gap of O (qs), where qs is the upper bound on the number of signature queries that the adversary is allowed to make. To the best of our knowledge, this is the first attempt at such a generic
Constant Size Ciphertext HIBE in the Augmented SelectiveID Model and its Extensions
"... phertext hierarchical identitybased encryption (HIBE) protocol. Our main contribution is to present a variant of the BBGHIBE. The new HIBE is proved to be secure (without any degradation) in an extension of the sID model (denoted the s+ID model) and the components of the identities are from Zp, ..."
Abstract
 Add to MetaCart
(Show Context)
phertext hierarchical identitybased encryption (HIBE) protocol. Our main contribution is to present a variant of the BBGHIBE. The new HIBE is proved to be secure (without any degradation) in an extension of the sID model (denoted the s+ID model) and the components of the identities are from Zp, where p is a suitable large prime. The BBGHIBE is proved to be secure in the selectiveID (sID) security model and the components of the identities are from Z∗p. In the s +ID model the adversary is allowed to vary the length of the challenge identity whereas this is not allowed in the sID model. The new HIBE shares all the good features of the BBGHIBE. The drawback is that the public parameters and the private key are longer than that of the BBGHIBE. We also provide two more extensions of the basic constantsize ciphertext HIBE. The first is a constantsize ciphertext HIBE secure in the generalised selectiveID model M2. The second one is a product construction composed of two HIBEs and a tradeoff is possible between the private key size and the ciphertext size. Key Words: hierarchical identitybased encryption, standard model, bilinear pairing.
Construction of a Hybrid (Hierarchical) IdentityBased Encryption Protocol Secure Against Adaptive Attacks
"... Abstract. The current work considers the problem of obtaining a hierarchical identitybased encryption (HIBE) protocol which is secure against adaptive key extraction and decryption queries. Such a protocol is obtained by modifying an earlier protocol by Chatterjee and Sarkar (which, in turn, is bas ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. The current work considers the problem of obtaining a hierarchical identitybased encryption (HIBE) protocol which is secure against adaptive key extraction and decryption queries. Such a protocol is obtained by modifying an earlier protocol by Chatterjee and Sarkar (which, in turn, is based on a protocol due to Waters) which is secure only against adaptive key extraction queries. The setting is quite general in the sense that random oracles are not used and security is based on the hardness of the decisional bilinear DiffieHellman (DBDH) problem. In this setting, the new construction provides the most efficient (H)IBE protocol known till date. The technique for answering decryption queries in the proof is based on earlier work by Boyen, Mei and Waters. Ciphertext validity testing is done indirectly through a symmetric authentication algorithm in a manner similar to the KurosawaDesmedt public key encryption protocol. Additionally, we perform symmetric encryption and authentication by a single authenticated encryption algorithm 3.