The Experts below are selected from a list of 10167 Experts worldwide ranked by ideXlab platform
Birgit Pfitzmann - One of the best experts on this subject based on the ideXlab platform.
-
Symmetric Encryption in a simulatable dolev yao style cryptographic library
IEEE Computer Security Foundations Symposium, 2004Co-Authors: Michael Backes, Birgit PfitzmannAbstract:Recently we showed how to justify a Dolev-Yao type model of cryptography as used in virtually all automated protocol provers under active attacks and in arbitrary protocol environments. The justification was done by defining an ideal system handling Dolev-Yao-style terms and a cryptographic realization with the same user interface, and by showing that the realization is as secure as the ideal system in the sense of reactive simulatability. This definition encompasses arbitrary active attacks and enjoys general composition and property-preservation properties. Security holds in the standard model of cryptography and under standard assumptions of adaptively secure primitives. A major primitive missing in that library so far is Symmetric Encryption. We show why Symmetric Encryption is harder to idealize in a way that allows general composition than existing primitives in this library. We discuss several approaches to overcome these problems. For our favorite approach we provide a detailed provably secure idealization of Symmetric Encryption within the given framework for constructing nested terms.
-
CSFW - Symmetric Encryption in a simulatable Dolev-Yao style cryptographic library
2004Co-Authors: Michael Backes, Birgit PfitzmannAbstract:Recently we showed how to justify a Dolev-Yao type model of cryptography as used in virtually all automated protocol provers under active attacks and in arbitrary protocol environments. The justification was done by defining an ideal system handling Dolev-Yao-style terms and a cryptographic realization with the same user interface, and by showing that the realization is as secure as the ideal system in the sense of reactive simulatability. This definition encompasses arbitrary active attacks and enjoys general composition and property-preservation properties. Security holds in the standard model of cryptography and under standard assumptions of adaptively secure primitives. A major primitive missing in that library so far is Symmetric Encryption. We show why Symmetric Encryption is harder to idealize in a way that allows general composition than existing primitives in this library. We discuss several approaches to overcome these problems. For our favorite approach we provide a detailed provably secure idealization of Symmetric Encryption within the given framework for constructing nested terms.
Fangguo Zhang - One of the best experts on this subject based on the ideXlab platform.
-
Blockchain-based searchable Symmetric Encryption scheme
Computers and Electrical Engineering, 2019Co-Authors: Huige Li, Haibo Tian, Fangguo Zhang, Jiejie HeAbstract:The mechanism for traditional searchable Symmetric Encryption (SSE) is pay-then-use. This situation is not fair to user because the cloud server may return wrong results. Besides, the user needs to verify these results locally. In order to ensure fairness and reduce user's calculations, we combined blockchain with SSE, and proposed a fair SSE scheme based on blockchain. Our scheme can guarantee fairness for both parties. That is, if the user is not honest, he cannot get right results from the server, and at the same time the server cannot get any information related to the plaintexts during this search process. If the server is not honest, except for the service charge, it will be punished automatically. Moreover, the user in our scheme does not need to verify the results locally. The security and performance analyses showed our scheme was semantic secure and feasible.
-
Deniable Searchable Symmetric Encryption
Information Sciences, 2017Co-Authors: Fangguo Zhang, Chun-i FanAbstract:In the recent years, Searchable Symmetric Encryption (SSE) has become one of the hottest topic in cloud-computing area because of its availability and flexibility, and there are a series of SSE schemes were proposed. The adversary considered in these schemes is either honest-but-curious or malicious. However, in the real world, there also exists such adversary who has stronger power. Namely, he/she may coerce some one of the participants to disclose some communication information. The existing SSE algorithms cannot against this adversary under the premise of confidentiality. To solve this problem, in this paper we firstly introduce coercer into SSE scheme. According to the role that the coercer plays, two situations are considered. In the first situation, the adversary is an inside coercer. In the second situation, the adversary is an outside coercer. The inside coercer means the server, while the outside coercer is such person that outside of the data owner, the user and the server. In view of the ability that the coercer has, we firstly construct the deniable SSE model (i.e., Den-SSE). Then we define the property what the Den-SSE should satisfy. By using the Deniable Encryption idea, we propose a scheme that can against the outside coercer, and two scheme that can resist inside coercer. At last, we prove our schemes can meet the property that we define.
-
Memory leakage-resilient searchable Symmetric Encryption
Future Generation Computer Systems, 2016Co-Authors: Shuguang Dai, Fangguo ZhangAbstract:Along with the popularization and rapid development of cloud-computing, more and more individuals and enterprises choose to store their data in cloud servers. However, in order to protect data privacy and deter illegal accesses, the data owner has to encrypt his data before outsourcing it to the cloud server. In this situation, searchable Encryption, especially searchable Symmetric Encryption (SSE) has become one of the most important techniques in cloud-computing area. In the last few years, researchers have presented many secure and efficient SSE schemes. Like traditional Encryption, the security of all existing SSE schemes are based on the assumption that the data owner holds a secret key that is unknown to the adversary. Unfortunately, in practice, attackers are often able to obtain some or even all of the data owner's secret keys by a great variety of inexpensive and fast side channel attacks. Facing such attacks, all existing SSE schemes are no longer secure. In this paper, we investigate how to construct secure SSE schemes with the presence of memory attack. We firstly propose the formal definition of memory leakage-resilient searchable Symmetric Encryption (MLR-SSE, for short). Based on that, we present one adaptive MLR-SSE scheme and one efficient non-adaptive dynamic MLR-SSE scheme based on physical unclonable functions (PUFs), and formally prove their security in terms of our security definitions. Two Symmetric searchable Encryption protocols against memory leakage are proposed.The mechanism mainly relies on the character of physical unclonable functions.The attacker considered here is a non-volatile memory attacker.
-
verifiable searchable Symmetric Encryption from indistinguishability obfuscation
Computer and Communications Security, 2015Co-Authors: Rong Cheng, Fangguo Zhang, Jingbo Yan, Chaowen Guan, Kui RenAbstract:Searchable Symmetric Encryption (SSE) allows a client to encrypt his data in such a manner that the data can be efficiently searched. SSE has practical application in cloud storage, where a client outsources his encrypted data to a cloud server while maintaining the searchable ability over his data. Most of the current SSE schemes assume that the cloud server is honest-but-curious. However, the cloud may actively cheat on the search process to keep its cost low. In this paper, we focus on the malicious cloud model and propose a new verifiable searchable Symmetric Encryption scheme. Our scheme is built on the secure indistinguishability obfuscation (iO) and can be considered as the first step to apply iO in the SSE field. Moreover, our scheme can be easily extended to multiple functionalities, such as conjunctive and boolean queries. Furthermore, it can be extended to realize a publicly verifiable SSE. Thorough analysis shows that our scheme is secure and achieves a better performance.
-
AsiaCCS - Verifiable Searchable Symmetric Encryption from Indistinguishability Obfuscation
Proceedings of the 10th ACM Symposium on Information Computer and Communications Security, 2015Co-Authors: Rong Cheng, Fangguo Zhang, Jingbo Yan, Chaowen Guan, Kui RenAbstract:Searchable Symmetric Encryption (SSE) allows a client to encrypt his data in such a manner that the data can be efficiently searched. SSE has practical application in cloud storage, where a client outsources his encrypted data to a cloud server while maintaining the searchable ability over his data. Most of the current SSE schemes assume that the cloud server is honest-but-curious. However, the cloud may actively cheat on the search process to keep its cost low. In this paper, we focus on the malicious cloud model and propose a new verifiable searchable Symmetric Encryption scheme. Our scheme is built on the secure indistinguishability obfuscation (iO) and can be considered as the first step to apply iO in the SSE field. Moreover, our scheme can be easily extended to multiple functionalities, such as conjunctive and boolean queries. Furthermore, it can be extended to realize a publicly verifiable SSE. Thorough analysis shows that our scheme is secure and achieves a better performance.
Kaoru Kurosawa - One of the best experts on this subject based on the ideXlab platform.
-
Financial Cryptography - Efficient No-dictionary Verifiable Searchable Symmetric Encryption
Financial Cryptography and Data Security, 2017Co-Authors: Wakaha Ogata, Kaoru KurosawaAbstract:In the model of no-dictionary verifiable searchable Symmetric Encryption (SSE) scheme, a client does not need to keep the set of keywords \(\mathcal{W}\) in the search phase, where \(\mathcal{W}\) is called a dictionary. Still a malicious server cannot cheat the client by saying that “your search word w does not exist in the dictionary \(\mathcal{W}\)” when it exists. In the previous such schemes, it takes \(O(\log m)\) time for the server to prove that \(w \not \in \mathcal{W}\), where \(m=|\mathcal{W}|\) is the number of keywords.
-
IWSEC - UC-Secure Dynamic Searchable Symmetric Encryption Scheme
Advances in Information and Computer Security, 2016Co-Authors: Kaoru Kurosawa, Keisuke Sasaki, Kiyohiko Ohta, Kazuki YoneyamaAbstract:In a dynamic searchable Symmetric Encryption (SSE) scheme, a client can add/modify/delete encrypted files. In this paper, we first prove a weak equivalence between the UC security and the stand alone security based on the previous work on static SSE schemes. We next show a more efficient UC secure dynamic SSE scheme than before by replacing the RSA accumulator with XOR-MAC to authenticate the index table.
-
How to Construct UC-Secure Searchable Symmetric Encryption Scheme.
IACR Cryptology ePrint Archive, 2015Co-Authors: Kaoru Kurosawa, Yasuhiro OhtakiAbstract:A searchable Symmetric Encryption (SSE) scheme allows a client to store a set of encrypted files on an untrusted server in such a way that he can efficiently retrieve some of the encrypted files containing (or indexed by) specific keywords keeping the keywords and the files secret. In this paper, we first extend the model of SSE schemes to that of verifiable SSE schemes, and formulate the UC security. We then prove its weak equivalence with privacy and reliability. Finally we show an efficient verifiable SSE scheme which is UC-secure.
-
Financial Cryptography - Garbled Searchable Symmetric Encryption
Financial Cryptography and Data Security, 2014Co-Authors: Kaoru KurosawaAbstract:In a searchable Symmetric Encryption (SSE) scheme, a client can keyword search over Symmetrically-encrypted files which he stored on the server (ideally without leaking any information to the server). In this paper, we show the first multiple keyword search SSE scheme such that even the search formula \(f\) (AND, OR and so on) is kept secret. Our scheme is based on an extended garbled circuit satisfying label-reusable privacy which is introduced in this paper.
-
how to update documents verifiably in searchable Symmetric Encryption
Cryptology and Network Security, 2013Co-Authors: Kaoru Kurosawa, Yasuhiro OhtakiAbstract:In a searchable Symmetric Encryption (SSE) scheme, a client can store encrypted documents to a server in such way that he can later retrieve the encrypted documents which contain a specific keyword, keeping the keyword and the documents secret. In this paper, we show how to update (modify, delete and add) documents in a verifiable way. Namely the client can detect any cheating behavior of malicious servers. We then prove that our scheme is UC-secure in the standard model.
Michael Backes - One of the best experts on this subject based on the ideXlab platform.
-
Symmetric Encryption in a simulatable dolev yao style cryptographic library
IEEE Computer Security Foundations Symposium, 2004Co-Authors: Michael Backes, Birgit PfitzmannAbstract:Recently we showed how to justify a Dolev-Yao type model of cryptography as used in virtually all automated protocol provers under active attacks and in arbitrary protocol environments. The justification was done by defining an ideal system handling Dolev-Yao-style terms and a cryptographic realization with the same user interface, and by showing that the realization is as secure as the ideal system in the sense of reactive simulatability. This definition encompasses arbitrary active attacks and enjoys general composition and property-preservation properties. Security holds in the standard model of cryptography and under standard assumptions of adaptively secure primitives. A major primitive missing in that library so far is Symmetric Encryption. We show why Symmetric Encryption is harder to idealize in a way that allows general composition than existing primitives in this library. We discuss several approaches to overcome these problems. For our favorite approach we provide a detailed provably secure idealization of Symmetric Encryption within the given framework for constructing nested terms.
-
CSFW - Symmetric Encryption in a simulatable Dolev-Yao style cryptographic library
2004Co-Authors: Michael Backes, Birgit PfitzmannAbstract:Recently we showed how to justify a Dolev-Yao type model of cryptography as used in virtually all automated protocol provers under active attacks and in arbitrary protocol environments. The justification was done by defining an ideal system handling Dolev-Yao-style terms and a cryptographic realization with the same user interface, and by showing that the realization is as secure as the ideal system in the sense of reactive simulatability. This definition encompasses arbitrary active attacks and enjoys general composition and property-preservation properties. Security holds in the standard model of cryptography and under standard assumptions of adaptively secure primitives. A major primitive missing in that library so far is Symmetric Encryption. We show why Symmetric Encryption is harder to idealize in a way that allows general composition than existing primitives in this library. We discuss several approaches to overcome these problems. For our favorite approach we provide a detailed provably secure idealization of Symmetric Encryption within the given framework for constructing nested terms.
Matthieu Rivain - One of the best experts on this subject based on the ideXlab platform.
-
Selected Areas in Cryptography - White-Box Security Notions for Symmetric Encryption Schemes
Selected Areas in Cryptography -- SAC 2013, 2014Co-Authors: Cecile Delerablee, Tancrede Lepoint, Pascal Paillier, Matthieu RivainAbstract:White-box cryptography has attracted a growing interest from researchers in the last decade. Several white-box implementations of standard block-ciphers DES, AES have been proposed but they have all been broken. On the other hand, neither evidence of existence nor proofs of impossibility have been provided for this particular setting. This might be in part because it is still quite unclear what white-box cryptography really aims to achieve and which security properties are expected from white-box programs in applications. This paper builds a first step towards a practical answer to this question by translating folklore intuitions behind white-box cryptography into concrete security notions. Specifically, we introduce the notion of white-box compiler that turns a Symmetric Encryption scheme into randomized white-box programs, and we capture several desired security properties such as one-wayness, incompressibility and traceability for white-box programs. We also give concrete examples of white-box compilers that already achieve some of these notions. Overall, our results open new perspectives on the design of white-box programs that securely implement Symmetric Encryption.
-
white box security notions for Symmetric Encryption schemes
Selected Areas in Cryptography, 2013Co-Authors: Cecile Delerablee, Tancrede Lepoint, Pascal Paillier, Matthieu RivainAbstract:White-box cryptography has attracted a growing interest from researchers in the last decade. Several white-box implementations of standard block-ciphers DES, AES have been proposed but they have all been broken. On the other hand, neither evidence of existence nor proofs of impossibility have been provided for this particular setting. This might be in part because it is still quite unclear what white-box cryptography really aims to achieve and which security properties are expected from white-box programs in applications. This paper builds a first step towards a practical answer to this question by translating folklore intuitions behind white-box cryptography into concrete security notions. Specifically, we introduce the notion of white-box compiler that turns a Symmetric Encryption scheme into randomized white-box programs, and we capture several desired security properties such as one-wayness, incompressibility and traceability for white-box programs. We also give concrete examples of white-box compilers that already achieve some of these notions. Overall, our results open new perspectives on the design of white-box programs that securely implement Symmetric Encryption.
