The Experts below are selected from a list of 6951 Experts worldwide ranked by ideXlab platform
Yasuhiro Ohtaki - One of the best experts on this subject based on the ideXlab platform.
-
uc secure searchable Symmetric Encryption
Financial Cryptography, 2012Co-Authors: Kaoru Kurosawa, Yasuhiro OhtakiAbstract:For searchable Symmetric Encryption schemes (or Symmetric-Key Encryption with Keyword search), the security against passive adversaries (i.e. privacy) has been mainly considered so far. In this paper, we first define its security against active adversaries (i.e. reliability as well as privacy). We next formulate its UC-security. We then prove that the UC-security against non-adaptive adversaries is equivalent to our definition of privacy and reliability. We further present an efficient construction which satisfies our security definition (hence UC-security).
-
Financial Cryptography - UC-Secure Searchable Symmetric Encryption
Financial Cryptography and Data Security, 2012Co-Authors: Kaoru Kurosawa, Yasuhiro OhtakiAbstract:For searchable Symmetric Encryption schemes (or Symmetric-Key Encryption with Keyword search), the security against passive adversaries (i.e. privacy) has been mainly considered so far. In this paper, we first define its security against active adversaries (i.e. reliability as well as privacy). We next formulate its UC-security. We then prove that the UC-security against non-adaptive adversaries is equivalent to our definition of privacy and reliability. We further present an efficient construction which satisfies our security definition (hence UC-security).
Kaoru Kurosawa - One of the best experts on this subject based on the ideXlab platform.
-
uc secure searchable Symmetric Encryption
Financial Cryptography, 2012Co-Authors: Kaoru Kurosawa, Yasuhiro OhtakiAbstract:For searchable Symmetric Encryption schemes (or Symmetric-Key Encryption with Keyword search), the security against passive adversaries (i.e. privacy) has been mainly considered so far. In this paper, we first define its security against active adversaries (i.e. reliability as well as privacy). We next formulate its UC-security. We then prove that the UC-security against non-adaptive adversaries is equivalent to our definition of privacy and reliability. We further present an efficient construction which satisfies our security definition (hence UC-security).
-
Financial Cryptography - UC-Secure Searchable Symmetric Encryption
Financial Cryptography and Data Security, 2012Co-Authors: Kaoru Kurosawa, Yasuhiro OhtakiAbstract:For searchable Symmetric Encryption schemes (or Symmetric-Key Encryption with Keyword search), the security against passive adversaries (i.e. privacy) has been mainly considered so far. In this paper, we first define its security against active adversaries (i.e. reliability as well as privacy). We next formulate its UC-security. We then prove that the UC-security against non-adaptive adversaries is equivalent to our definition of privacy and reliability. We further present an efficient construction which satisfies our security definition (hence UC-security).
-
ACISP - How to remove MAC from DHIES
Information Security and Privacy, 2004Co-Authors: Kaoru Kurosawa, Toshihiko MatsuoAbstract:In this paper, we show that MAC can be eliminated from DHIES if the underlying Symmetric-Key Encryption scheme is secure in the sense of IND-CCA. Further, ElGamal Encryption part of DHIES without MAC is generalized to Half-Recovery (HR) schemes. Dependent-RSA Encryption scheme [12] and Blum-Goldwasser Encryption scheme [6] can be used as an HR scheme, for exmaple. Our construction also offers the first secure public-Key Encryption schemes with no redundancy in the standard model.
Muriel Medard - One of the best experts on this subject based on the ideXlab platform.
-
Hiding Symbols and Functions: New Metrics and Constructions for Information-Theoretic Security
arXiv: Information Theory, 2015Co-Authors: Flavio P Calmon, Mayank Varia, Muriel Medard, Ken R. Duffy, Mark M. Christiansen, Linda ZegerAbstract:We present information-theoretic definitions and results for analyzing Symmetric-Key Encryption schemes beyond the perfect secrecy regime, i.e. when perfect secrecy is not attained. We adopt two lines of analysis, one based on lossless source coding, and another akin to ratedistortion theory. We start by presenting a new information-theoretic metric for security, called ǫ-symbol secrecy, and derive associated fundamental bounds. This metric provides a parameterization of secrecy that spans other information-theoretic metrics for security, such as weak secrecy and perfect secrecy. We then introduce list-source codes (LSCs), which are a general framework for mapping a Key length (entropy) to a list size that an eavesdropper has to resolve in order to recover a secret message. We provide explicit constructions of LSCs, and show that LSCs that achieve high symbol secrecy also achieve a favorable tradeoff between Key length and uncertainty list size. We also demonstrate that, when the source is uniformly distributed, the highest level of symbol secrecy for a fixed Key length can be achieved through a construction based on minimum-distance separable (MDS) codes. Using an analysis related to rate-distortion theory, we then show how symbol secrecy can be used to determine the probability that an eavesdropper correctly reconstructs functions of the original plaintext. More specifically, we present lower bounds for the minimum-mean-squared-error of estimating a target function of the plaintext given that a certain set of functions of the plaintext is known to be hard (or easy) to infer, either by design of the security system or by restrictions imposed on the adversary. We illustrate how these bounds can be applied to characterize security properties of Symmetric-Key Encryption schemes, and, in particular, extend security claims based on symbol secrecy to a functional setting. Finally, we discuss the application of our methods in Key distribution, storage and privacy.
-
on information theoretic metrics for Symmetric Key Encryption and privacy
Allerton Conference on Communication Control and Computing, 2014Co-Authors: Flavio P Calmon, Mayank Varia, Muriel MedardAbstract:Most practical security systems do not achieve perfect secrecy, i.e. the information observed by a computationally unbounded eavesdropper is not independent of the plaintext message. Nevertheless, there may still be properties of the plaintext that the eavesdropper cannot reliably infer. In this paper, we build on previous work by the authors and introduce new bounds that are used to quantify how well an adversary can estimate certain functions of the plaintext in the non-perfect secrecy regime. In particular, we present lower bounds for the minimum-mean-squared-error of estimating a target function of the plaintext given that a certain class of functions of the plaintext is known to be hard (or easy) to infer, either by design of the security system or by restrictions imposed on the adversary. We demonstrate how these bounds can be applied to characterize fundamental security properties of Symmetric-Key Encryption schemes. Our results also shed light on the fundamental privacy-utility tradeoff that exists in privacy-preserving systems.
-
Allerton - On information-theoretic metrics for Symmetric-Key Encryption and privacy
2014 52nd Annual Allerton Conference on Communication Control and Computing (Allerton), 2014Co-Authors: Flavio P Calmon, Mayank Varia, Muriel MedardAbstract:Most practical security systems do not achieve perfect secrecy, i.e. the information observed by a computationally unbounded eavesdropper is not independent of the plaintext message. Nevertheless, there may still be properties of the plaintext that the eavesdropper cannot reliably infer. In this paper, we build on previous work by the authors and introduce new bounds that are used to quantify how well an adversary can estimate certain functions of the plaintext in the non-perfect secrecy regime. In particular, we present lower bounds for the minimum-mean-squared-error of estimating a target function of the plaintext given that a certain class of functions of the plaintext is known to be hard (or easy) to infer, either by design of the security system or by restrictions imposed on the adversary. We demonstrate how these bounds can be applied to characterize fundamental security properties of Symmetric-Key Encryption schemes. Our results also shed light on the fundamental privacy-utility tradeoff that exists in privacy-preserving systems.
Keisuke Tanaka - One of the best experts on this subject based on the ideXlab platform.
-
lower bounds for Key length of k wise almost independent permutations and certain Symmetric Key Encryption schemes
International Workshop on Security, 2016Co-Authors: Akinori Kawachi, Hirotoshi Takebe, Keisuke TanakaAbstract:The k-wise almost independent permutations are one of important primitives for cryptographic schemes and combinatorial constructions. Kaplan, Naor, and Reingold showed a general construction for k-wise almost independent permutations, and Kawachi, Takebe, and Tanaka provided Symmetric-Key Encryption schemes that achieve multi-message approximate secrecy and multi-ciphertext approximate non-malleability based on Kaplan et al.’s construction. In this paper, we show lower bounds of Key length for these constructions. In particular, they are nearly optimal for k-wise almost independent permutations and multi-message approximate secrecy if the approximation parameter is a constant.
-
Symmetric Key Encryption scheme with multi ciphertext non malleability
International Workshop on Security, 2012Co-Authors: Akinori Kawachi, Hirotoshi Takebe, Keisuke TanakaAbstract:A standard notion of non-malleability is that an adversary cannot forge a ciphertext c′ from a single valid ciphertext c for which a plaintext m′ of c′ is meaningfully related to a plaintext m of c. The multi-ciphertext non-malleability is a stronger notion; an adversary is allowed to obtain multiple ciphertexts c 1,c 2,... in order to forge c′. We provide an efficient Symmetric-Key Encryption scheme with an information-theoretic version of the multi-ciphertext non-malleability in this paper by using l-wise almost independent permutations of Kaplan, Naor, and Reingold.
-
IWSEC - Symmetric-Key Encryption Scheme with Multi-ciphertext Non-malleability
Advances in Information and Computer Security, 2012Co-Authors: Akinori Kawachi, Hirotoshi Takebe, Keisuke TanakaAbstract:A standard notion of non-malleability is that an adversary cannot forge a ciphertext c′ from a single valid ciphertext c for which a plaintext m′ of c′ is meaningfully related to a plaintext m of c. The multi-ciphertext non-malleability is a stronger notion; an adversary is allowed to obtain multiple ciphertexts c 1,c 2,... in order to forge c′. We provide an efficient Symmetric-Key Encryption scheme with an information-theoretic version of the multi-ciphertext non-malleability in this paper by using l-wise almost independent permutations of Kaplan, Naor, and Reingold.
Flavio P Calmon - One of the best experts on this subject based on the ideXlab platform.
-
Hiding Symbols and Functions: New Metrics and Constructions for Information-Theoretic Security
arXiv: Information Theory, 2015Co-Authors: Flavio P Calmon, Mayank Varia, Muriel Medard, Ken R. Duffy, Mark M. Christiansen, Linda ZegerAbstract:We present information-theoretic definitions and results for analyzing Symmetric-Key Encryption schemes beyond the perfect secrecy regime, i.e. when perfect secrecy is not attained. We adopt two lines of analysis, one based on lossless source coding, and another akin to ratedistortion theory. We start by presenting a new information-theoretic metric for security, called ǫ-symbol secrecy, and derive associated fundamental bounds. This metric provides a parameterization of secrecy that spans other information-theoretic metrics for security, such as weak secrecy and perfect secrecy. We then introduce list-source codes (LSCs), which are a general framework for mapping a Key length (entropy) to a list size that an eavesdropper has to resolve in order to recover a secret message. We provide explicit constructions of LSCs, and show that LSCs that achieve high symbol secrecy also achieve a favorable tradeoff between Key length and uncertainty list size. We also demonstrate that, when the source is uniformly distributed, the highest level of symbol secrecy for a fixed Key length can be achieved through a construction based on minimum-distance separable (MDS) codes. Using an analysis related to rate-distortion theory, we then show how symbol secrecy can be used to determine the probability that an eavesdropper correctly reconstructs functions of the original plaintext. More specifically, we present lower bounds for the minimum-mean-squared-error of estimating a target function of the plaintext given that a certain set of functions of the plaintext is known to be hard (or easy) to infer, either by design of the security system or by restrictions imposed on the adversary. We illustrate how these bounds can be applied to characterize security properties of Symmetric-Key Encryption schemes, and, in particular, extend security claims based on symbol secrecy to a functional setting. Finally, we discuss the application of our methods in Key distribution, storage and privacy.
-
on information theoretic metrics for Symmetric Key Encryption and privacy
Allerton Conference on Communication Control and Computing, 2014Co-Authors: Flavio P Calmon, Mayank Varia, Muriel MedardAbstract:Most practical security systems do not achieve perfect secrecy, i.e. the information observed by a computationally unbounded eavesdropper is not independent of the plaintext message. Nevertheless, there may still be properties of the plaintext that the eavesdropper cannot reliably infer. In this paper, we build on previous work by the authors and introduce new bounds that are used to quantify how well an adversary can estimate certain functions of the plaintext in the non-perfect secrecy regime. In particular, we present lower bounds for the minimum-mean-squared-error of estimating a target function of the plaintext given that a certain class of functions of the plaintext is known to be hard (or easy) to infer, either by design of the security system or by restrictions imposed on the adversary. We demonstrate how these bounds can be applied to characterize fundamental security properties of Symmetric-Key Encryption schemes. Our results also shed light on the fundamental privacy-utility tradeoff that exists in privacy-preserving systems.
-
Allerton - On information-theoretic metrics for Symmetric-Key Encryption and privacy
2014 52nd Annual Allerton Conference on Communication Control and Computing (Allerton), 2014Co-Authors: Flavio P Calmon, Mayank Varia, Muriel MedardAbstract:Most practical security systems do not achieve perfect secrecy, i.e. the information observed by a computationally unbounded eavesdropper is not independent of the plaintext message. Nevertheless, there may still be properties of the plaintext that the eavesdropper cannot reliably infer. In this paper, we build on previous work by the authors and introduce new bounds that are used to quantify how well an adversary can estimate certain functions of the plaintext in the non-perfect secrecy regime. In particular, we present lower bounds for the minimum-mean-squared-error of estimating a target function of the plaintext given that a certain class of functions of the plaintext is known to be hard (or easy) to infer, either by design of the security system or by restrictions imposed on the adversary. We demonstrate how these bounds can be applied to characterize fundamental security properties of Symmetric-Key Encryption schemes. Our results also shed light on the fundamental privacy-utility tradeoff that exists in privacy-preserving systems.
