The Experts below are selected from a list of 20625 Experts worldwide ranked by ideXlab platform
Yusuke Sakai - One of the best experts on this subject based on the ideXlab platform.
-
A Revocable Group Signature Scheme from Identity-Based Revocation Techniques: Achieving Constant-Size Revocation List
Applied Cryptography and Network Security, 2014Co-Authors: Nuttapong Attrapadung, Keita Emura, Goichiro Hanaoka, Yusuke SakaiAbstract:Any multi-user cryptographic primitives need Revocation since a legitimate user may quit the organization, or may turn to be malicious, or the key may be leaked. In the group signature context, usually group manager publishes the Revocation list that contains Revocation tokens. Since signers/verifiers need to obtain the Revocation list in each Revocation epoch for generating/verifying a group signature, a small-size Revocation list is really important in practice. However, all previous revocable group signatures require at least O(r)-size Revocation list, where r is the number of revoked users. In this paper, we propose the first revocable group signature scheme with the constant size Revocation list from identity-based Revocation (IBR) techniques. We use an IBR scheme proposed by Attrapadung-Libert-Panafieu (PKC2011) as a building block. Although the maximum number of the revoked users needs to be fixed in the setup phase, however, the maximum number of group members is potentially unbounded (as in IBR). This property has not been achieved in the recent scalable revocable group signature schemes, and seems to be of independent interest.
-
ACNS - A Revocable Group Signature Scheme from Identity-Based Revocation Techniques: Achieving Constant-Size Revocation List
Applied Cryptography and Network Security, 2014Co-Authors: Nuttapong Attrapadung, Keita Emura, Goichiro Hanaoka, Yusuke SakaiAbstract:Any multi-user cryptographic primitives need Revocation since a legitimate user may quit the organization, or may turn to be malicious, or the key may be leaked. In the group signature context, usually group manager publishes the Revocation list that contains Revocation tokens. Since signers/verifiers need to obtain the Revocation list in each Revocation epoch for generating/verifying a group signature, a small-size Revocation list is really important in practice. However, all previous revocable group signatures require at least O(r)-size Revocation list, where r is the number of revoked users. In this paper, we propose the first revocable group signature scheme with the constant size Revocation list from identity-based Revocation (IBR) techniques. We use an IBR scheme proposed by Attrapadung-Libert-Panafieu (PKC2011) as a building block. Although the maximum number of the revoked users needs to be fixed in the setup phase, however, the maximum number of group members is potentially unbounded (as in IBR). This property has not been achieved in the recent scalable revocable group signature schemes, and seems to be of independent interest.
Nuttapong Attrapadung - One of the best experts on this subject based on the ideXlab platform.
-
A Revocable Group Signature Scheme from Identity-Based Revocation Techniques: Achieving Constant-Size Revocation List
Applied Cryptography and Network Security, 2014Co-Authors: Nuttapong Attrapadung, Keita Emura, Goichiro Hanaoka, Yusuke SakaiAbstract:Any multi-user cryptographic primitives need Revocation since a legitimate user may quit the organization, or may turn to be malicious, or the key may be leaked. In the group signature context, usually group manager publishes the Revocation list that contains Revocation tokens. Since signers/verifiers need to obtain the Revocation list in each Revocation epoch for generating/verifying a group signature, a small-size Revocation list is really important in practice. However, all previous revocable group signatures require at least O(r)-size Revocation list, where r is the number of revoked users. In this paper, we propose the first revocable group signature scheme with the constant size Revocation list from identity-based Revocation (IBR) techniques. We use an IBR scheme proposed by Attrapadung-Libert-Panafieu (PKC2011) as a building block. Although the maximum number of the revoked users needs to be fixed in the setup phase, however, the maximum number of group members is potentially unbounded (as in IBR). This property has not been achieved in the recent scalable revocable group signature schemes, and seems to be of independent interest.
-
ACNS - A Revocable Group Signature Scheme from Identity-Based Revocation Techniques: Achieving Constant-Size Revocation List
Applied Cryptography and Network Security, 2014Co-Authors: Nuttapong Attrapadung, Keita Emura, Goichiro Hanaoka, Yusuke SakaiAbstract:Any multi-user cryptographic primitives need Revocation since a legitimate user may quit the organization, or may turn to be malicious, or the key may be leaked. In the group signature context, usually group manager publishes the Revocation list that contains Revocation tokens. Since signers/verifiers need to obtain the Revocation list in each Revocation epoch for generating/verifying a group signature, a small-size Revocation list is really important in practice. However, all previous revocable group signatures require at least O(r)-size Revocation list, where r is the number of revoked users. In this paper, we propose the first revocable group signature scheme with the constant size Revocation list from identity-based Revocation (IBR) techniques. We use an IBR scheme proposed by Attrapadung-Libert-Panafieu (PKC2011) as a building block. Although the maximum number of the revoked users needs to be fixed in the setup phase, however, the maximum number of group members is potentially unbounded (as in IBR). This property has not been achieved in the recent scalable revocable group signature schemes, and seems to be of independent interest.
-
attribute based encryption supporting direct indirect Revocation modes
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding, 2009Co-Authors: Nuttapong Attrapadung, Hideki ImaiAbstract:Attribute-based encryption (ABE) enables an access control mechanism over encrypted data by specifying access policies among private keys and ciphertexts. In this paper, we focus on ABE that supports Revocation. Currently, there are two available revocable ABE schemes in the literature. Their Revocation mechanisms, however, differ in the sense that they can be considered as direct and indirect methods. Direct Revocation enforces Revocation directly by the sender who specifies the Revocation list while encrypting. Indirect Revocation enforces Revocation by the key authority who releases a key update material periodically in such a way that only non-revoked users can update their keys (hence, revoked users' keys are implicitly rendered useless). An advantage of the indirect method over the direct one is that it does not require senders to know the Revocation list. In contrast, an advantage of the direct method over the other is that it does not involve key update phase for all non-revoked users interacting with the key authority. In this paper, we present the first Hybrid Revocable ABE scheme that allows senders to select on-the-fly when encrypting whether to use either direct or indirect Revocation mode; therefore, it combines best advantages from both methods.
Benoît Libert - One of the best experts on this subject based on the ideXlab platform.
-
Scalable Group Signatures with Revocation
Advances in Cryptology – EUROCRYPT 2012, 2012Co-Authors: Benoît Libert, Thomas Peters, Moti YungAbstract:Group signatures are a central cryptographic primitive, simultaneously supporting accountability and anonymity. They allow users to anonymously sign messages on behalf of a group they are members of. The recent years saw the appearance of several constructions with security proofs in the standard model (i.e., without appealing to the random oracle heuristic). For a digital signature scheme to be adopted, an efficient Revocation scheme (as in regular PKI) is absolutely necessary. Despite over a decade of extensive research, membership Revocation remains a non-trivial problem in group signatures: all existing solutions are not truly scalable due to either high overhead (e.g., large group public key size), or limiting operational requirement (the need for all users to follow the system’s entire history). In the standard model, the situation is even worse as many existing solutions are not readily adaptable. To fill this gap and tackle this challenge, we describe a new Revocation approach based, perhaps somewhat unexpectedly, on the Naor-Naor-Lotspiech framework which was introduced for a different problem (namely, that of broadcast encryption). Our mechanism yields efficient and scalable revocable group signatures in the standard model. In particular, the size of signatures and the verification cost are independent of the number of Revocations and the maximal cardinality N of the group while other complexities are at most polylogarithmic in N. Moreover, the schemes are history-independent: unrevoked group members do not have to update their keys when a Revocation occurs.
-
Group Signatures with Verifier-Local Revocation and Backward Unlinkability in the Standard Model
2009Co-Authors: Benoît Libert, Damien VergnaudAbstract:Group signatures allow users to anonymously sign messages in the name of a group. Membership Revocation has always been a critical issue in such systems. In 2004, Boneh and Shacham formalized the concept of group signatures with verifier-local Revocation where Revocation messages are only sent to signature verifiers (as opposed to both signers and verifiers). This paper presents an efficient {verifier-local Revocation group signature} (VLR-GS) providing backward unlinkability (i.e. previously issued signatures remain anonymous even after the signer's Revocation) with a security proof in the standard model (i.e. without resorting to the random oracle heuristic).
-
CANS - Group Signatures with Verifier-Local Revocation and Backward Unlinkability in the Standard Model
Cryptology and Network Security, 2009Co-Authors: Benoît Libert, Damien VergnaudAbstract:Group signatures allow users to anonymously sign messages in the name of a group. Membership Revocation has always been a critical issue in such systems. In 2004, Boneh and Shacham formalized the concept of group signatures with verifier-local Revocation where Revocation messages are only sent to signature verifiers (as opposed to both signers and verifiers). This paper presents an efficient verifier-local Revocation group signature (VLR-GS) providing backward unlinkability (i.e. previously issued signatures remain anonymous even after the signer's Revocation) with a security proof in the standard model (i.e. without resorting to the random oracle heuristic).
Alina Oprea - One of the best experts on this subject based on the ideXlab platform.
-
Secure Key-Updating for Lazy Revocation
Lecture Notes in Computer Science, 2006Co-Authors: Michael Backes, Christian Cachin, Alina OpreaAbstract:We consider the problem of efficient key management and user Revocation in cryptographic file systems that allow shared access to files. A performance-efficient solution to user Revocation in such systems is lazy Revocation, a method that delays the re-encryption of a file until the next write to that file. We formalize the notion of key-updating schemes for lazy Revocation, an abstraction to manage cryptographic keys in file systems with lazy Revocation, and give a security definition for such schemes. We give two composition methods that combine two secure key-updating schemes into a new secure scheme that permits a larger number of user Revocations. We prove the security of two slightly modified existing constructions and propose a novel binary tree construction that is also provably secure in our model. Finally, we give a systematic analysis of the computational and communication complexity of the three constructions and show that the novel construction improves the previously known constructions.
-
ESORICS - Secure key-updating for lazy Revocation
Computer Security – ESORICS 2006, 2006Co-Authors: Michael Backes, Christian Cachin, Alina OpreaAbstract:We consider the problem of efficient key management and user Revocation in cryptographic file systems that allow shared access to files. A performance-efficient solution to user Revocation in such systems is lazy Revocation, a method that delays the re-encryption of a file until the next write to that file. We formalize the notion of key-updating schemes for lazy Revocation, an abstraction to manage cryptographic keys in file systems with lazy Revocation, and give a security definition for such schemes. We give two composition methods that combine two secure key-updating schemes into a new secure scheme that permits a larger number of user Revocations. We prove the security of two slightly modified existing constructions and propose a novel binary tree construction that is also provably secure in our model. Finally, we give a systematic analysis of the computational and communication complexity of the three constructions and show that the novel construction improves the previously known constructions.
-
Secure Key-Updating for Lazy Revocation.
IACR Cryptology ePrint Archive, 2005Co-Authors: Michael Backes, Christian Cachin, Alina OpreaAbstract:We consider the problem of efficient key management and user Revocation in cryptographic file systems that allow shared access to files. A performance-efficient solution to user Revocation in such systems is lazy Revocation, a method that delays the re-encryption of a file until the next write to that file. We formalize the notion of key-updating schemes for lazy Revocation, an abstraction to manage cryptographic keys in file systems with lazy Revocation, and give a security definition for such schemes. We give two composition methods that combine two secure key-updating schemes into a new secure scheme that permits a larger number of user Revocations. We prove the security of two slightly modified existing constructions and propose a novel binary tree construction that is also provable secure in our model. Finally, we give a systematic analysis of the computational and communication complexity of the three constructions and show that the novel construction improves the previously known constructions.
Moti Yung - One of the best experts on this subject based on the ideXlab platform.
-
Scalable Group Signatures with Revocation
Advances in Cryptology – EUROCRYPT 2012, 2012Co-Authors: Benoît Libert, Thomas Peters, Moti YungAbstract:Group signatures are a central cryptographic primitive, simultaneously supporting accountability and anonymity. They allow users to anonymously sign messages on behalf of a group they are members of. The recent years saw the appearance of several constructions with security proofs in the standard model (i.e., without appealing to the random oracle heuristic). For a digital signature scheme to be adopted, an efficient Revocation scheme (as in regular PKI) is absolutely necessary. Despite over a decade of extensive research, membership Revocation remains a non-trivial problem in group signatures: all existing solutions are not truly scalable due to either high overhead (e.g., large group public key size), or limiting operational requirement (the need for all users to follow the system’s entire history). In the standard model, the situation is even worse as many existing solutions are not readily adaptable. To fill this gap and tackle this challenge, we describe a new Revocation approach based, perhaps somewhat unexpectedly, on the Naor-Naor-Lotspiech framework which was introduced for a different problem (namely, that of broadcast encryption). Our mechanism yields efficient and scalable revocable group signatures in the standard model. In particular, the size of signatures and the verification cost are independent of the number of Revocations and the maximal cardinality N of the group while other complexities are at most polylogarithmic in N. Moreover, the schemes are history-independent: unrevoked group members do not have to update their keys when a Revocation occurs.
