Ciphertext-Policy Attribute-Based Encryption with Dynamic Membership

Ruan, He-Ming

20 August 2008

Abstract Attribute-Based Encryption (ABE) is a relatively new encryption technology which is similar to multi-receiver encryption but the privacy of ciphertext receivers is protected by a set of attributes such that no one, even the encryptor, knows the identities of the receivers. Although the identities of those receivers remain unknown, the encryptor can ensure that all of the receivers cannot decrypt the ciphertext except for those who match the restrictions on predefined attribute values associated with the ciphertext. However, maintaining the correctness of users¡¦ attributes will take huge cost because the interactions between all users and the key generation center (KGC) are required to renew all of their private keys whenever a user joins, leaves the group, or updates the value of any of his attributes. Since user joining, leaving, and attribute updating may occur frequently in real situations, membership management will become a quite important issue in an ABE system but no existing scheme can perfectly cope with this problem. In this manuscript, we will present an ABE scheme which aims at the issue on dynamic membership management. Our work keeps high flexibility of the constrains on attributes and makes it possible for the procedures of user joining, leaving, and attribute updating to be dynamic, that is, it is not necessary for those users who do not update their attribute statuses to renew their private keys when some user changes his status. Finally, we also formally prove the security of the proposed scheme.

Dynamic Membership

Bilinear pairing

Identity-based cryptosystem

Attribute-based cryptosystem

Inter-Domain Identity-Based Key Agreement Schemes

Hsu, Tuan-hung

07 September 2007

Recently, many identity-based two-party and three-party key agreement schemes were proposed based on pairing cryptosystems. Multi-party (including more than three parties) key agreement protocols, which are called conference key schemes, can be applied to distributed systems and wireless environments such as Ad hoc networks. However, it is not easy to extend two or three-party schemes to multi-party ones with the guarantee of efficiency and security. In addition to the above two properties, inter-domain environments should also be considered in identity-based key agreement systems. However, only few identity-based multi-party conference key agreement schemes in single domain were proposed in the literature and they did not satisfy all of the security attributes such as forward secrecy and withstanding impersonation. In this thesis, we will propose a novel efficient single-domain identity-based multi-party conference key scheme and extend it to an inter-domain version. Finally, we will prove that the proposed schemes satisfy the required security attributes via formal methods.

Conference key agreement

Bilinear pairing

Inter-domain key agreement

Identity-based cryptosystems

Anonymous Multi-Receiver Certificate-Based Encryption

Tsai, Pei-Jen

16 August 2011

In a multi-receiver encryption environment, a sender can randomly choose a set of authorized receivers while distributing messages to them efficiently and securely. Recently, more and more researchers concern the privacy of receivers. They mentioned that an authorized receiver does not want other entities, except the service provider, to be able to derive her/his identity in many applications such as pay-TV. However, most of these protocols either provide no formal security proofs or are inefficient owing to high computation cost. In this thesis, we construct two provably secure and efficient anonymous multi-receiver certificated-based encryption schemes, PMCE and SCMCE, which avoid the key escrow problem while preserving the implicit certification of identity-based setting. The proposed PMCE and SCMCE get rid of pairing computation to encrypt a message and only need one and two pairing computations to decrypt the ciphertext, respectively. Finally, we define the security models and offer formal proofs to all properties including receiver anonymity.

Key Escrow Freeness

Multi-Receiver Encryption

Bilinear Pairing

Certificate-Based Encryption

Anonymity

Attribute-Based Proxy Re-Encryption

Chen, Chun-Hung

30 August 2012

Cloud computing has been developed rapidly in recent years, and offers novel concepts and innovations in computer use. One application of cloud computing is that people can designate a proxy to help them to execute a number of tasks in certain situations instead of undertaking all tasks themselves. With this application, people can benefit from the proxy; however, some information is revealed to the proxy, such as their activities, and private data. That is, the proxy is aware of the actions of people through delegation processes, and proxy re-encryption which is a cryptographic primitive has been proposed to solve this problem. In the proxy re-encryption system, when a user (e.g., Alice) wants to send a ciphertext that is encrypted by her secret key and stored in the cloud to another user (e.g., Bob), she can designate a proxy to transform the ciphertext into a different ciphertext that can be decrypted by Bob¡¦s private key. Based on attribute-based encryption and proxy re-encryption, we propose attribute-based proxy re-encryption with bilinear pairing. Furthermore, in the proposed scheme, third paries cannot decrypt the ciphertext if they do no have matching attributes, regardless of being helped by proxy. Finally, we offer security proofs to demonstrate that the proposed scheme satisfies the essential requirements of attribute-based encryption schemes and proxy re-encryption schemes.

Proxy Re-Encryption

Attribute-based encryption

Bilinear pairing

Cryptographic primitive

Cloud computing

Efektivní schémata digitálních podpisů / Efficient Digital Signature Schemes

Varga, Ondrej

January 2011

Digital signatures, which take the properties of classical signatures, are used to secure the actual content of documents, which can be modified during transmission over an insecure channel. The problems of security and protection of communicating participants are solved by cryptographic techniques. Identity verification, message integrity, credibility, the ownership of documents, and the secure transmission of information over an unsecured channel, are all dealt with in secure communications - Public Key Infrastructure, which uses digital signatures. Nowadays digital signatures are often used to secure data in communication over an unsecured channel. The aim of the following master’s thesis is to familiarize readers with the necessary technological aspects of digital signatures, as well as their advantages and disadvantages. By the time digital signatures are being used they will have to be improved and modified to be secure against more sophisticated attacks. In this paper, proposals of new efficient digital signature schemes and their comparison with current ones are described. Also are examined their implications for computationally weak devices, or deployment in low speed channel transmission systems. After an explanation of cryptography and a description of its basic subjects, digital signatures are introduced. The first chapter describes the possible formatting and architecture of the digital signature. The second part of this master’s thesis is about current digital signature schemes and their properties. Chapter 3 describes some proposals of new efficient digital signature schemes and their comparison to those currently in use. In the practical part, the implementations (in the environment .NET in C#) of two effective digital signature schemes as part of a client-server application are presented and described (Chapter 4). In the last chapter the comparison and analysis of the implemented signature schemes are provided.

Kryptografické protokoly s ochranou soukromí pro zabezpečení heterogenních sítí / Privacy Preserving Cryptographic Protocols for Secure Heterogeneous Networks

Malina, Lukáš

January 2014

Disertační práce se zabývá kryptografickými protokoly poskytující ochranu soukromí, které jsou určeny pro zabezpečení komunikačních a informačních systémů tvořících heterogenní sítě. Práce se zaměřuje především na možnosti využití nekonvenčních kryptografických prostředků, které poskytují rozšířené bezpečnostní požadavky, jako je například ochrana soukromí uživatelů komunikačního systému. V práci je stanovena výpočetní náročnost kryptografických a matematických primitiv na různých zařízeních, které se podílí na zabezpečení heterogenní sítě. Hlavní cíle práce se zaměřují na návrh pokročilých kryptografických protokolů poskytujících ochranu soukromí. V práci jsou navrženy celkově tři protokoly, které využívají skupinových podpisů založených na bilineárním párování pro zajištění ochrany soukromí uživatelů. Tyto navržené protokoly zajišťují ochranu soukromí a nepopiratelnost po celou dobu datové komunikace spolu s autentizací a integritou přenášených zpráv. Pro navýšení výkonnosti navržených protokolů je využito optimalizačních technik, např. dávkového ověřování, tak aby protokoly byly praktické i pro heterogenní sítě.

"Proposta de esquemas de criptografia e de assinatura sob modelo de criptografia de chave pública sem certificado" / "Proposal for encryption and signature schemes under certificateless public key cryptography model"

Goya, Denise Hideko

28 June 2006

Sob o modelo de criptografia de chave pública baseada em identidades (ID-PKC), a própria identidade dos usuários é usada como chave pública, de modo a dispensar a necessidade de uma infra-estrutura de chaves públicas (ICP), na qual o gerenciamento de certificados digitais é complexo. Por outro lado, sistemas nesse modelo requerem uma entidade capaz de gerar chaves secretas. Essa entidade é conhecida por PKG (Private Key Generator); ela possui uma chave-mestra e mantém custódia das chaves secretas geradas a partir dessa chave-mestra. Naturalmente, a custódia de chaves é indesejável em muitas aplicações. O conceito de Criptografia de Chave Pública sem Certificado, ou Certificateless Public Key Cryptography (CL-PKC), foi proposto para que a custódia de chaves fosse eliminada, mantendo, porém, as características de interesse: a não necessidade de uma ICP e a eliminação de certificados digitais. CL-PKC deixa de ser um sistema baseado em identidades, pois é introduzida uma chave pública, gerada a partir de uma informação secreta do usuário. Nesta dissertação, apresentamos a construção de dois esquemas, um CL-PKE e um CL-PKS, baseados em emparelhamentos bilineares sobre curvas elípticas. Ambas propostas: (1) eliminam custódia de chaves; (2) dispensam certificados digitais; (3) são mais eficientes, sob certos aspectos, que esquemas anteriormente publicados; (4) e são seguros contra ataques adaptativos de texto cifrado escolhido (em CL-PKE) e contra ataques adaptativos de mensagem escolhida (em CL-PKS), sob o modelo de oráculos aleatórios. / Under the model of Identity Based Cryptography (ID-PKC), the public key can be the user's identity, therefore it does not require a Public Key Infrastructure (PKI) with its complex management of Digital Certificates. On the other hand, this system requires a Private Key Generator (PKG), a trusted authority who is in possession of a master key and can generate any of the private keys. In this way, PKG can exercise the so-called key escrow, which is undesirable in many applications. The concept of Certificateless Public Key Cryptography (CL-PKC) was proposed in order to remove the key escrow characteristic of IBC, while it does not require PKI neither Digital Certificates to certify the public keys. CL-PKC is no more an IBC because public keys are introduced, to bind the identities with its secret keys. In this thesis we construct two schemes, one CL-PKE and one CL-PKS, based on bilinear pairing functions which: (1) does not allow key escrow by the PKG; (2) does not require Digital Certificates; (3) is more efficient, in some aspects, than previously published CL-PKE and CL-PKS schemes; (4) and is secure in the sense that it is strong against adaptive chosen ciphertext attacks (in CL-PKE) and adaptive chosen message attacks (in CL-PKS), under Random Oracle Model.

assinatura digital

bilinear pairing

certificateless public key cryptography

CL-PKC

CL-PKC

custódia de chaves

digital signature

emparelhamento bilinear

IBE

ICP

ID-PKC

key escrow

security

segurança

Autenticação e comunicação segura em dispositivos móveis de poder computacional restrito / Authentication and secure communication in mobile devices with restricted computational power

Araujo, Rafael Will Macedo de

31 October 2013

Protocolos de autenticação e de estabelecimento de chaves são peças fundamentais em implementações de segurança para comunicação de dispositivos eletrônicos. Em aplicações que envolvam dispositivos com poder computacional restrito (tais como smartphones ou tablets) comunicando-se com um servidor, é primordial a escolha de protocolos eficientes e que necessitem de uma infraestrutura mais simples. Neste trabalho selecionamos e implementamos protocolos de acordo de chave seguros nos modelos de criptografia de chave pública baseado em identidade (ID-based) e sem certificado (Certificateless) em plataformas com processadores ARM. Comparamos tempos de execução, utilização de memória e uso do canal de comunicação. / Protocols for authentication and key establishment are fundamental parts in security implementations for electronic devices communication. In applications involving devices with limited computational power (such as smartphones and tablets) communicating with a server, the choice of efficient protocols that require a simpler infrastructure is essential. In this work we select and implement secure key agreement protocols in ID-based and Certificateless public key cryptography models on ARM processor platforms. We also compare running times, memory and network usage.

Bilinear pairing

Certificateless cryptography

Criptografia baseada em identidade

Criptografia sem certificado

Criptografia sobre curva elíptica

Dispositivos móveis

Elliptic curve cryptography

Emparelhamento bilinear

ID-based cryptography

Key agreement protocol

Mobile devices

Protocolo de acordo de chave

"Proposta de esquemas de criptografia e de assinatura sob modelo de criptografia de chave pública sem certificado" / "Proposal for encryption and signature schemes under certificateless public key cryptography model"

Denise Hideko Goya

28 June 2006

Sob o modelo de criptografia de chave pública baseada em identidades (ID-PKC), a própria identidade dos usuários é usada como chave pública, de modo a dispensar a necessidade de uma infra-estrutura de chaves públicas (ICP), na qual o gerenciamento de certificados digitais é complexo. Por outro lado, sistemas nesse modelo requerem uma entidade capaz de gerar chaves secretas. Essa entidade é conhecida por PKG (Private Key Generator); ela possui uma chave-mestra e mantém custódia das chaves secretas geradas a partir dessa chave-mestra. Naturalmente, a custódia de chaves é indesejável em muitas aplicações. O conceito de Criptografia de Chave Pública sem Certificado, ou Certificateless Public Key Cryptography (CL-PKC), foi proposto para que a custódia de chaves fosse eliminada, mantendo, porém, as características de interesse: a não necessidade de uma ICP e a eliminação de certificados digitais. CL-PKC deixa de ser um sistema baseado em identidades, pois é introduzida uma chave pública, gerada a partir de uma informação secreta do usuário. Nesta dissertação, apresentamos a construção de dois esquemas, um CL-PKE e um CL-PKS, baseados em emparelhamentos bilineares sobre curvas elípticas. Ambas propostas: (1) eliminam custódia de chaves; (2) dispensam certificados digitais; (3) são mais eficientes, sob certos aspectos, que esquemas anteriormente publicados; (4) e são seguros contra ataques adaptativos de texto cifrado escolhido (em CL-PKE) e contra ataques adaptativos de mensagem escolhida (em CL-PKS), sob o modelo de oráculos aleatórios. / Under the model of Identity Based Cryptography (ID-PKC), the public key can be the user's identity, therefore it does not require a Public Key Infrastructure (PKI) with its complex management of Digital Certificates. On the other hand, this system requires a Private Key Generator (PKG), a trusted authority who is in possession of a master key and can generate any of the private keys. In this way, PKG can exercise the so-called key escrow, which is undesirable in many applications. The concept of Certificateless Public Key Cryptography (CL-PKC) was proposed in order to remove the key escrow characteristic of IBC, while it does not require PKI neither Digital Certificates to certify the public keys. CL-PKC is no more an IBC because public keys are introduced, to bind the identities with its secret keys. In this thesis we construct two schemes, one CL-PKE and one CL-PKS, based on bilinear pairing functions which: (1) does not allow key escrow by the PKG; (2) does not require Digital Certificates; (3) is more efficient, in some aspects, than previously published CL-PKE and CL-PKS schemes; (4) and is secure in the sense that it is strong against adaptive chosen ciphertext attacks (in CL-PKE) and adaptive chosen message attacks (in CL-PKS), under Random Oracle Model.

assinatura digital

CL-PKC

custódia de chaves

emparelhamento bilinear

ICP

segurança

bilinear pairing

certificateless public key cryptography

CL-PKC

digital signature

IBE

ID-PKC

key escrow

security

可訊息回復之免憑證簽章機制之研究 / Certificateless signatures with message recovery

詹省三, Chan, Sheng San

Unknown Date

在傳統的簽章機制中，我們需要一個具有公信力的第三方 (Trusted Third Party, TTP) 來核發數位憑證，以驗證公開金鑰確實屬於簽章者所擁有，為了減少TTP的負擔，於是就有學者提出了免憑證簽章 (Certificateless Signature) 機制。另一方面，具有訊息回復 (Message Recovery) 功能的數位簽章是指原始訊息不需要與簽章一起傳送給接收者以簡化訊息及簽章在傳送時的長度。 本論文中我們提出了一個具有訊息回復功能的免憑證簽章機制，和一般簽章方式相比，我們的方法不僅具有免憑證簽章的優點，訊息回復功能也減少了訊息和簽章的總長度，提昇了訊息的傳送效率 (Communication Cost)，在效能方面也有不錯的表現，因此非常適用於以頻寬為主要考量的公司組織以及對短訊息作簽章的應用，最後我們也有對我們的簽章方法做完整的安全性證明。 / In traditional digital signature systems, a trusted third party (TTP) is required in order to issue a digital certificate. The certificate is to assure that the public key actually belongs to the person of the signature. In order to reduce the burden of TTP, some scholars proposed the Certificateless Signatures. On the other hand, a digital signature with message recovery is a signature that the message itself is not required to be transmitted together with the signature. It has the advantage of small data size of communication. In this paper, a certificateless signature with message recovery is proposed. It inherits both the advantages of certificateless signatures and signatures providing message recovery. The performance of our scheme is compared with other schemes which shows that our scheme is quite efficient and the security of the scheme is finally proved in the random oracle model.

密碼學

數位簽章

訊息回復

免憑證簽章

雙線性配對

Cryptography

Digital signature

Message recovery

Certificateless signature

Bilinear pairing