Results 1  10
of
130
Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products
"... Abstract. Predicate encryption is a new paradigm generalizing, among other things, identitybased encryption. In a predicate encryption scheme, secret keys correspond to predicates and ciphertexts are associated with attributes; the secret key SKf corresponding to a predicate f can be used to decryp ..."
Abstract

Cited by 173 (23 self)
 Add to MetaCart
Abstract. Predicate encryption is a new paradigm generalizing, among other things, identitybased encryption. In a predicate encryption scheme, secret keys correspond to predicates and ciphertexts are associated with attributes; the secret key SKf corresponding to a predicate f can be used to decrypt a ciphertext associated with attribute I if and only if f(I) = 1. Constructions of such schemes are currently known for relatively few classes of predicates. We construct such a scheme for predicates corresponding to the evaluation of inner products over ZN (for some large integer N). This, in turn, enables constructions in which predicates correspond to the evaluation of disjunctions, polynomials, CNF/DNF formulae, or threshold predicates (among others). Besides serving as a significant step forward in the theory of predicate encryption, our results lead to a number of applications that are interesting in their own right. 1
CiphertextPolicy AttributeBased Encryption: An Expressive, Efficient, and Provably Secure Realization
, 2008
"... We present new techniques for realizing CiphertextPolicy Attribute Encryption (CPABE) under concrete and noninteractive cryptographic assumptions. Our solutions allow any encryptor to specify access control in terms of an LSSS matrix, M, over the attributes in the system. We present three differen ..."
Abstract

Cited by 134 (9 self)
 Add to MetaCart
(Show Context)
We present new techniques for realizing CiphertextPolicy Attribute Encryption (CPABE) under concrete and noninteractive cryptographic assumptions. Our solutions allow any encryptor to specify access control in terms of an LSSS matrix, M, over the attributes in the system. We present three different constructions that allow different tradeoffs between the systems efficiency and the complexity of the assumptions used. All three constructions use a common methodology of “directly” solving the CPABE problem that enable us to get much better efficiency than prior approaches.
Cryptographic Cloud Storage
"... We consider the problem of building a secure cloud storage service on top of a public cloud infrastructure where the service provider is not completely trusted by the customer. We describe, at a high level, several architectures that combine recent and nonstandard cryptographic primitives in order ..."
Abstract

Cited by 131 (1 self)
 Add to MetaCart
(Show Context)
We consider the problem of building a secure cloud storage service on top of a public cloud infrastructure where the service provider is not completely trusted by the customer. We describe, at a high level, several architectures that combine recent and nonstandard cryptographic primitives in order to achieve our goal. We survey the benefits such an architecture would provide to both customers and service providers and give an overview of recent advances in cryptography motivated specifically by cloud storage. 1
Improving privacy and security in multiauthority attributebased encryption
 In Proceedings of the 16th ACM Conference on Computer and Communications Security
, 2009
"... Attribute based encryption (ABE) [13] determines decryption ability based on a user’s attributes. In a multiauthority ABE scheme, multiple attributeauthorities monitor different sets of attributes and issue corresponding decryption keys to users, and encryptors can require that a user obtain ke ..."
Abstract

Cited by 110 (2 self)
 Add to MetaCart
(Show Context)
Attribute based encryption (ABE) [13] determines decryption ability based on a user’s attributes. In a multiauthority ABE scheme, multiple attributeauthorities monitor different sets of attributes and issue corresponding decryption keys to users, and encryptors can require that a user obtain keys for appropriate attributes from each authority before decrypting a message. Chase [5] gave a multiauthority ABE scheme using the concepts of a trusted central authority (CA) and global identifiers (GID). However, the CA in that construction has the power to decrypt every ciphertext, which seems somehow contradictory to the original goal of distributing control over many potentially untrusted authorities. Moreover, in that construction, the use of a consistent GID allowed the authorities to combine their information to build a full profile with all of a user’s attributes, which unnecessarily compromises the privacy of the user. In this paper, we propose a solution which removes the trusted central authority, and protects the users ’ privacy by preventing the authorities from pooling their information on particular users, thus making ABE more usable in practice.
Functional Encryption: Definitions and Challenges
"... We initiate the formal study of functional encryption by giving precise definitions of the concept and its security. Roughly speaking, functional encryption supports restricted secret keys that enable a key holder to learn a specific function of encrypted data, but learn nothing else about the data. ..."
Abstract

Cited by 109 (17 self)
 Add to MetaCart
We initiate the formal study of functional encryption by giving precise definitions of the concept and its security. Roughly speaking, functional encryption supports restricted secret keys that enable a key holder to learn a specific function of encrypted data, but learn nothing else about the data. For example, given an encrypted program the secret key may enable the key holder to learn the output of the program on a specific input without learning anything else about the program. We show that defining security for functional encryption is nontrivial. First, we show that a natural gamebased definition is inadequate for some functionalities. We then present a natural simulationbased definition and show that it (provably) cannot be satisfied in the standard model, but can be satisfied in the random oracle model. We show how to map many existing concepts to our formalization of functional encryption and conclude with several interesting open problems in this young area.
Fully secure functional encryption with general relations from the decisional linear assumption
 In CRYPTO
, 2010
"... This paper presents a fully secure functional encryption scheme for a wide class of relations, that are specified by nonmonotone access structures combined with innerproduct relations. The security is proven under a standard assumption, the decisional linear (DLIN) assumption, in the standard mode ..."
Abstract

Cited by 79 (0 self)
 Add to MetaCart
This paper presents a fully secure functional encryption scheme for a wide class of relations, that are specified by nonmonotone access structures combined with innerproduct relations. The security is proven under a standard assumption, the decisional linear (DLIN) assumption, in the standard model. The proposed functional encryption scheme covers, as special cases, (1) keypolicy, ciphertextpolicy and unifiedpolicy (of key and ciphertext policies) attributebased encryption with nonmonotone access structures, and (2) (hierarchical) predicate encryption with innerproduct relations and functional encryption with nonzero
Hierarchical attributebased encryption for finegrained access control in cloud storage services,”
 in Proceedings of the 17th ACM Conference on Computer and Communications Security,
, 2010
"... Abstract In the ciphertextpolicy attribute based encryption (CPABE) scheme, a private key holder is related with a set of attributes while the data is encrypted under an access structure defined by the data provider. In most proposed schemes, the characteristics of the attributes are treated as s ..."
Abstract

Cited by 57 (3 self)
 Add to MetaCart
(Show Context)
Abstract In the ciphertextpolicy attribute based encryption (CPABE) scheme, a private key holder is related with a set of attributes while the data is encrypted under an access structure defined by the data provider. In most proposed schemes, the characteristics of the attributes are treated as same level. While in the real world circumstance, the attributes are always in the different levels. In this paper, In this paper, a scheme is proposed under a different hierarchy of attributes with the name of ciphertextpolicy hierarchical attribute based encryption. The CPHABE scheme is proved to be secure under the decisional qparallel bilinear DiffieHellman exponent assumption, which can be considered as the generalization of the traditional CPABE.
How to delegate and verify in public: Verifiable computation from attributebased encryption,”
 in Proceedings of the 9th International Conference on Theory of Cryptography (TCC’12),
, 2012
"... Abstract. The wide variety of small, computationally weak devices, and the growing number of computationally intensive tasks makes it appealing to delegate computation to data centers. However, outsourcing computation is useful only when the returned result can be trusted, which makes verifiable co ..."
Abstract

Cited by 55 (6 self)
 Add to MetaCart
(Show Context)
Abstract. The wide variety of small, computationally weak devices, and the growing number of computationally intensive tasks makes it appealing to delegate computation to data centers. However, outsourcing computation is useful only when the returned result can be trusted, which makes verifiable computation (VC) a must for such scenarios. In this work we extend the definition of verifiable computation in two important directions: public delegation and public verifiability, which have important applications in many practical delegation scenarios. Yet, existing VC constructions based on standard cryptographic assumptions fail to achieve these properties. As the primary contribution of our work, we establish an important (and somewhat surprising) connection between verifiable computation and attributebased encryption (ABE), a primitive that has been widely studied. Namely, we show how to construct a VC scheme with public delegation and public verifiability from any ABE scheme. The VC scheme verifies any function in the class of functions covered by the permissible ABE policies (currently Boolean formulas). This scheme enjoys a very efficient verification algorithm that depends only on the output size. Efficient delegation, however, requires the ABE encryption algorithm to be cheaper than the original function computation. Strengthening this connection, we show a construction of a multifunction verifiable computation scheme from an ABE scheme with outsourced decryption, a primitive defined recently by Green, Hohenberger and Waters (USENIX Security 2011). A multifunction VC scheme allows the verifiable evaluation of multiple functions on the same preprocessed input. In the other direction, we also explore the construction of an ABE scheme from verifiable computation protocols. Research conducted as part of an internship with Microsoft Research.
Functional Encryption for Inner Product Predicates from Learning with Errors
, 2011
"... We propose a latticebased functional encryption scheme for inner product predicates whose security follows from the difficulty of the learning with errors (LWE) problem. This construction allows us to achieve applications such as range and subset queries, polynomial evaluation, and CNF/DNF formulas ..."
Abstract

Cited by 39 (12 self)
 Add to MetaCart
(Show Context)
We propose a latticebased functional encryption scheme for inner product predicates whose security follows from the difficulty of the learning with errors (LWE) problem. This construction allows us to achieve applications such as range and subset queries, polynomial evaluation, and CNF/DNF formulas on encrypted data. Our scheme supports inner products over small fields, in contrast to earlier works based on bilinear maps. Our construction is the first functional encryption scheme based on lattice techniques that goes beyond basic identitybased encryption. The main technique in our scheme is a novel twist to the identitybased encryption scheme of Agrawal, Boneh and Boyen (Eurocrypt 2010). Our scheme is weakly attribute hiding in the standard model.
Functional Encryption with Bounded Collusions via MultiParty Computation ∗
, 2012
"... We construct a functional encryption scheme secure against an apriori bounded polynomial number of collusions for the class of all polynomialsize circuits. Our constructions require only semantically secure publickey encryption schemes and pseudorandom generators computable by smalldepth circuit ..."
Abstract

Cited by 39 (8 self)
 Add to MetaCart
We construct a functional encryption scheme secure against an apriori bounded polynomial number of collusions for the class of all polynomialsize circuits. Our constructions require only semantically secure publickey encryption schemes and pseudorandom generators computable by smalldepth circuits (known to be implied by most concrete intractability assumptions). For certain special cases such as predicate encryption schemes with public index, the construction requires only semantically secure encryption schemes, which is clearly the minimal necessary assumption. Our constructions rely heavily on techniques from secure multiparty computation and randomized encodings. All our constructions are secure under a strong, adaptive simulationbased definition of functional encryption.