The Experts below are selected from a list of 17250 Experts worldwide ranked by ideXlab platform
David Pointcheval - One of the best experts on this subject based on the ideXlab platform.
-
Public-Key Encryption Indistinguishable Under Plaintext-Checkable Attacks
2015Co-Authors: Michel Abdalla, Fabrice Benhamouda, David PointchevalAbstract:Indistinguishability under adaptive chosen-ciphertext attack (IND-CCA) is now considered the de facto security notion for Public-Key Encryption. However, the security guarantee that it offers is sometimes stronger than what is needed by certain applications. In this paper, we consider a weaker notion of security for Public-Key Encryption, termed indistinguishability under plaintext-checking attacks (IND-PCA), in which the adversary is only given access to an oracle which says whether or not a given ciphertext encrypts a given message. After formaliz- ing the IND-PCA notion, we then design a new Public-Key Encryption scheme satisfying it. The new scheme is a more efficient variant of the Cramer-Shoup Encryption scheme with shorter ciphertexts and its secu- rity is also based on the plain Decisional Diffie-Hellman (DDH) assump- tion. Additionally, the algebraic properties of the new scheme also allow for proving plaintext knowledge using Groth-Sahai non-interactive zero- knowledge proofs or smooth projective hash functions. Finally, in order to illustrate the usefulness of the new scheme, we further show that, for many password-based authenticated Key exchange (PAKE) schemes in the Bellare-Pointcheval-Rogaway security model, one can safely replace the underlying IND-CCA Encryption schemes with our new IND-PCA one. By doing so, we were able to reduce the overall communication complex- ity of these protocols and obtain the most efficient PAKE schemes to date based on the plain DDH assumption.
-
Dynamic Threshold Public-Key Encryption
Advances in Cryptology – CRYPTO 2008, 2008Co-Authors: Cécile Delerablee, David PointchevalAbstract:This paper deals with threshold Public-Key Encryption which allows a pool of players to decrypt a ciphertext if a given threshold of authorized players cooperate. We generalize this primitive to the dynamic setting, where any user can dynamically join the system, as a possible recipient; the sender can dynamically choose the authorized set of recipients, for each ciphertext; and the sender can dynamically set the threshold t for decryption capability among the authorized set. We first give a formal security model, which includes strong robustness notions, and then we propose a candidate achieving all the above dynamic properties, that is semantically secure in the standard model, under a new non-interactive assumption, that fits into the general Diffie-Hellman exponent framework on groups with a bilinear map. It furthermore compares favorably with previous proposals, a.k.a. threshold broadcast Encryption, since this is the first threshold Public-Key Encryption, with dynamic authorized set of recipients and dynamic threshold that provides constant-size ciphertexts.
Keisuke Tanaka - One of the best experts on this subject based on the ideXlab platform.
-
ACISP - Multi-recipient Public-Key Encryption from Simulators in Security Proofs
Information Security and Privacy, 2009Co-Authors: Harunaga Hiwatari, Keisuke Tanaka, Tomoyuki Asano, Koichi SakumotoAbstract:In PKC 2003, Bellare, Boldyreva, and Staddon proposed the reproducibility test. The test determines whether a single-recipient Public-Key Encryption scheme is adapted to transform into an efficient multi-recipient Public-Key Encryption scheme. In this paper, we propose a new approach to design an efficient multi-recipient single-message Public-Key Encryption scheme. We focus on a certain simulator which appears in the security proof of an ordinary (single-recipient) Public-Key Encryption scheme. By considering the behavior of the simulator, we construct two efficient multi-recipient single-message Public-Key Encryption schemes. These schemes show that there exist schemes which can be transformed into efficient multi-recipient schemes, even they do not pass the reproducibility test.
-
Universally anonymizable Public-Key Encryption
Lecture Notes in Computer Science, 2005Co-Authors: Ryotaro Hayashi, Keisuke TanakaAbstract:We first propose the notion of universally anonymizable Public-Key Encryption. Suppose that we have the encrypted data made with the same security parameter, and that these data do not satisfy the anonymity property. Consider the situation that we would like to transform these encrypted data to those with the anonymity property without decrypting these encrypted data. In this paper, in order to formalize this situation, we propose a new property for Public-Key Encryption called universal anonymizability. If we use a universally anonymizable Public-Key Encryption scheme, not only the person who made the ciphertexts, but also anyone can anonymize the encrypted data without using the corresponding secret Key. We then propose universally anonymizable Public-Key Encryption schemes based on the ElGamal Encryption scheme, the Cramer-Shoup Encryption scheme, and RSA-OAEP, and prove their security.
-
ASIACRYPT - Universally anonymizable Public-Key Encryption
Lecture Notes in Computer Science, 2005Co-Authors: Ryotaro Hayashi, Keisuke TanakaAbstract:We first propose the notion of universally anonymizable Public-Key Encryption. Suppose that we have the encrypted data made with the same security parameter, and that these data do not satisfy the anonymity property. Consider the situation that we would like to transform these encrypted data to those with the anonymity property without decrypting these encrypted data. In this paper, in order to formalize this situation, we propose a new property for Public-Key Encryption called universal anonymizability. If we use a universally anonymizable Public-Key Encryption scheme, not only the person who made the ciphertexts, but also anyone can anonymize the encrypted data without using the corresponding secret Key. We then propose universally anonymizable Public-Key Encryption schemes based on the ElGamal Encryption scheme, the Cramer-Shoup Encryption scheme, and RSA-OAEP, and prove their security.
Cécile Delerablee - One of the best experts on this subject based on the ideXlab platform.
-
Dynamic Threshold Public-Key Encryption
Advances in Cryptology – CRYPTO 2008, 2008Co-Authors: Cécile Delerablee, David PointchevalAbstract:This paper deals with threshold Public-Key Encryption which allows a pool of players to decrypt a ciphertext if a given threshold of authorized players cooperate. We generalize this primitive to the dynamic setting, where any user can dynamically join the system, as a possible recipient; the sender can dynamically choose the authorized set of recipients, for each ciphertext; and the sender can dynamically set the threshold t for decryption capability among the authorized set. We first give a formal security model, which includes strong robustness notions, and then we propose a candidate achieving all the above dynamic properties, that is semantically secure in the standard model, under a new non-interactive assumption, that fits into the general Diffie-Hellman exponent framework on groups with a bilinear map. It furthermore compares favorably with previous proposals, a.k.a. threshold broadcast Encryption, since this is the first threshold Public-Key Encryption, with dynamic authorized set of recipients and dynamic threshold that provides constant-size ciphertexts.
Dong Hoon Lee - One of the best experts on this subject based on the ideXlab platform.
-
Selectively chosen ciphertext security in threshold Public-Key Encryption
Security and Communication Networks, 2012Co-Authors: Ki-tak Kim, Jong Hwan Park, Dong Hoon LeeAbstract:Threshold Public-Key Encryption can control decryption abilities of an authorized user group in such a way that each user of the group can produce only a decryption share and at least t of them should collect decryption shares to recover a message. We present a new threshold Public-Key Encryption that is secure against selectively chosen ciphertext attacks. Semantic security against chosen ciphertext adversaries is the de facto level of security for Public-Key Encryption deployed in practice because many Encryption systems are broken in a model of chosen ciphertext security. The security of the proposed system is formally proved without random oracles under a new assumption. We also provide proof of the intractability of our assumption in the generic group model. Copyright © 2012 John Wiley & Sons, Ltd.
-
Generic construction of designated tester Public-Key Encryption with Keyword search
Information Sciences, 2012Co-Authors: Hyun Sook Rhee, Jong Hwan Park, Dong Hoon LeeAbstract:This paper provides two generic transformations to construct a designated tester Public-Key Encryption with Keyword search scheme using two identity-based Encryption schemes. We also identify the properties of identity-based Encryption that are sufficient to provide the confidentiality and consistency in designated tester Public-Key Encryption with Keyword search. The anonymity and confidentiality of identity-based Encryption are sufficient for achieving confidentiality of designated tester Public-Key Encryption with Keyword search, and the confidentiality of identity-based Encryption is sufficient for achieving consistency of designated tester Public-Key Encryption with Keyword search. Our constructions do not need any global set-up for the Public parameters. We further extend our generic method to construct designated tester identity-based Encryption with Keyword search, where Encryption is performed under the identity of a recipient instead of a Public Key.
-
improved searchable Public Key Encryption with designated tester
Computer and Communications Security, 2009Co-Authors: Hyun Sook Rhee, Jong Hwan Park, Willy Susilo, Dong Hoon LeeAbstract:Recently, Baek et al. proposed an efficient Public Key Encryption scheme with Keyword search based on the scheme of Boneh et al., However, the security model of Baek et al. seriously limits the ability of the adversary. In this paper, we enhance the security model of the Public Key Encryption with Keyword search to properly incorporate the ability of an adversary. We also construct a Public Key Encryption scheme with Keyword search secure in the enhanced security model.
-
AsiaCCS - Improved searchable Public Key Encryption with designated tester
Proceedings of the 4th International Symposium on Information Computer and Communications Security - ASIACCS '09, 2009Co-Authors: Hyun Sook Rhee, Jong Hwan Park, Willy Susilo, Dong Hoon LeeAbstract:Recently, Baek et al. proposed an efficient Public Key Encryption scheme with Keyword search based on the scheme of Boneh et al., However, the security model of Baek et al. seriously limits the ability of the adversary. In this paper, we enhance the security model of the Public Key Encryption with Keyword search to properly incorporate the ability of an adversary. We also construct a Public Key Encryption scheme with Keyword search secure in the enhanced security model.
Ivan Osipkov - One of the best experts on this subject based on the ideXlab platform.
-
Timed-Release and Key-Insulated Public Key Encryption
FC 2006: Financial Cryptography and Data Security, 2006Co-Authors: Jung Cheon, Nicholas Hopper, Yongdae Kim, Ivan OsipkovAbstract:In this paper we consider two security notions related to Identity Based Encryption: Key-insulated Public Key Encryption, introduced by Dodis, Katz, Xu and Yung; and Timed-Release Public Key cryptography, introduced independently by May and Rivest, Shamir and Wagner. We first formalize the notion of secure timed-release Public Key Encryption, and show that, despite several differences in its formulation, it is equivalent to strongly Key-insulated Public Key Encryption (with optimal threshold and random access Key updates). Next, we introduce the concept of an authenticated timed-release cryptosystem, briefly consider generic constructions, and then give a construction based on a single primitive which is efficient and provably secure.
-
Financial Cryptography - Timed-release and Key-insulated Public Key Encryption
Financial Cryptography and Data Security, 2006Co-Authors: Jung Hee Cheon, Yongdae Kim, Nicholas Hopper, Ivan OsipkovAbstract:In this paper we consider two security notions related to Identity Based Encryption: Key-insulated Public Key Encryption, introduced by Dodis, Katz, Xu and Yung; and Timed-Release Public Key cryptography, introduced independently by May and Rivest, Shamir and Wagner. We first formalize the notion of secure timed-release Public Key Encryption, and show that, despite several differences in its formulation, it is equivalent to strongly Key-insulated Public Key Encryption (with optimal threshold and random access Key updates). Next, we introduce the concept of an authenticated timed-release cryptosystem, briefly consider generic constructions, and then give a construction based on a single primitive which is efficient and provably secure.
