Anonymous Multi-Receiver Identity-Based Encryption

Huang, Ling-Ying

31 July 2007

Recently, many multi-receiver identity-based encryption schemes have been proposed in the literature. However, none can protect the privacy of message receivers among these schemes. In this thesis, we present an anonymous multi-receiver identity-based encryption scheme where we adopt Lagrange interpolating polynomial mechanisms to cope with the above problem. Our scheme makes it impossible for an attacker or any other message receiver to derive the identity of a message receiver such that the privacy of every receiver can be guaranteed. Furthermore, the proposed scheme is quite receiver efficient since each of the receivers merely needs to perform constant times (twice in fact) of pairing computation, which is the most time-consuming computation in pairing-based cryptosystems, to decrypt the received message. Furthermore, we prove that our scheme is secure against adaptive chosen plaintext attacks and adaptive chosen ciphertext attacks. Finally, we also prove that the receivers of the scheme can be anonymous.

Multi-Receiver Encryption

Broadcast Encryption

Anonymity

Identity-Based Encryption

Pairings

Distributed Key Generation and Its Applications

Kate, Aniket

25 June 2010

Numerous cryptographic applications require a trusted authority to hold a secret. With a plethora of malicious attacks over the Internet, however, it is difficult to establish and maintain such an authority in online systems. Secret-sharing schemes attempt to solve this problem by distributing the required trust to hold and use the secret over multiple servers; however, they still require a trusted {\em dealer} to choose and share the secret, and have problems related to single points of failure and key escrow. A distributed key generation (DKG) scheme overcomes these hurdles by removing the requirement of a dealer in secret sharing. A (threshold) DKG scheme achieves this using a complete distribution of the trust among a number of servers such that any subset of servers of size greater than a given threshold can reveal or use the shared secret, while any smaller subset cannot. In this thesis, we make contributions to DKG in the computational security setting and describe three applications of it. We first define a constant-size commitment scheme for univariate polynomials over finite fields and use it to reduce the size of broadcasts required for DKG protocols in the synchronous communication model by a linear factor. Further, we observe that the existing (synchronous) DKG protocols do not provide a liveness guarantee over the Internet and design the first DKG protocol for use over the Internet. Observing the necessity of long-term stability, we then present proactive security and group modification protocols for our DKG system. We also demonstrate the practicality of our DKG protocol over the Internet by testing our implementation over PlanetLab. For the applications, we use our DKG protocol to define IND-ID-CCA secure distributed private-key generators (PKGs) for three important identity-based encryption (IBE) schemes: Boneh and Franklin's BF-IBE, Sakai and Kasahara's SK-IBE, and Boneh and Boyen's BB1-IBE. These IBE schemes cover all three important IBE frameworks: full-domain-hash IBEs, exponent-inversion IBEs and commutative-blinding IBEs respectively, and our distributed PKG constructions can easily be modified for other IBE schemes in these frameworks. As the second application, we use our distributed PKG for BF-IBE to define an onion routing circuit construction mechanism in the identity-based setting, which solves the scalability problem in single-pass onion routing circuit construction without hampering forward secrecy. As the final application, we use our DKG implementation to design a threshold signature architecture for quorum-based distributed hash tables and use it to define two robust communication protocols in these peer-to-peer systems.

Threshold cyptography

Distributed trust

Distributed key generation

Identity-based encryption

Anonymity

Distributed hash tables

Computer Science

Efficient, provably secure code constructions

Agrawal, Shweta Prem

31 May 2011

The importance of constructing reliable and efficient methods for securing digital information in the modern world cannot be overstated. The urgency of this need is reflected in mainstream media--newspapers and websites are full of news about critical user information, be it credit card numbers, medical data, or social security information, being compromised and used illegitimately. According to news reports, hackers probe government computer networks millions of times a day, about 9 million Americans have their identities stolen each year and cybercrime costs large American businesses 3.8 million dollars a year. More than 1 trillion worth of intellectual property has already been stolen from American businesses. It is this evergrowing problem of securing valuable information that our thesis attempts to address (in part). In this thesis, we study methods to secure information that are fast, convenient and reliable. Our overall contribution has four distinct threads. First, we construct efficient, "expressive" Public Key Encryption systems (specifically, Identity Based Encryption systems) based on the hardness of lattice problems. In Identity Based Encryption (IBE), any arbitrary string such as the user's email address or name can be her public key. IBE systems are powerful and address several problems faced by the deployment of Public Key Encryption. Our constructions are secure in the standard model. Next, we study secure communication over the two-user interference channel with an eavesdropper. We show that using lattice codes helps enhance the secrecy rate of this channel in the presence of an eavesdropper. Thirdly, we analyze the security requirements of network coding. Network Coding is an elegant method of data transmission which not only helps achieve capacity in several networks, but also has a host of other benefits. However, network coding is vulnerable to "pollution attacks" when there are malicious users in the system. We design mechanisms to prevent pollution attacks. In this setting, we provide two constructions -- a homomorphic Message Authentication Code (HMAC) and a Digital Signature, to secure information that is transmitted over such networks. Finally, we study the benefits of using Compressive Sensing for secure communication over the Wyner wiretap channel. Compressive Sensing has seen an explosion of interest in the last few years with its elegant mathematics and plethora of applications. So far however, Compressive Sensing had not found application in the domain of secrecy. Given its inherent assymetry, we ask (and answer in the affirmative) the question of whether it can be deployed to enable secure communication. Our results allow linear encoding and efficient decoding (via LASSO) at the legitimate receiver, along with infeasibility of message recovery (via an information theoretic analysis) at the eavesdropper, regardless of decoding strategy. / text

Cryptography

Computer security

IBE

Encryption

Identity based encryption

Network coding

Compressive sensing

Message authentication codes

Distributed Key Generation and Its Applications

Kate, Aniket

25 June 2010

Numerous cryptographic applications require a trusted authority to hold a secret. With a plethora of malicious attacks over the Internet, however, it is difficult to establish and maintain such an authority in online systems. Secret-sharing schemes attempt to solve this problem by distributing the required trust to hold and use the secret over multiple servers; however, they still require a trusted {\em dealer} to choose and share the secret, and have problems related to single points of failure and key escrow. A distributed key generation (DKG) scheme overcomes these hurdles by removing the requirement of a dealer in secret sharing. A (threshold) DKG scheme achieves this using a complete distribution of the trust among a number of servers such that any subset of servers of size greater than a given threshold can reveal or use the shared secret, while any smaller subset cannot. In this thesis, we make contributions to DKG in the computational security setting and describe three applications of it. We first define a constant-size commitment scheme for univariate polynomials over finite fields and use it to reduce the size of broadcasts required for DKG protocols in the synchronous communication model by a linear factor. Further, we observe that the existing (synchronous) DKG protocols do not provide a liveness guarantee over the Internet and design the first DKG protocol for use over the Internet. Observing the necessity of long-term stability, we then present proactive security and group modification protocols for our DKG system. We also demonstrate the practicality of our DKG protocol over the Internet by testing our implementation over PlanetLab. For the applications, we use our DKG protocol to define IND-ID-CCA secure distributed private-key generators (PKGs) for three important identity-based encryption (IBE) schemes: Boneh and Franklin's BF-IBE, Sakai and Kasahara's SK-IBE, and Boneh and Boyen's BB1-IBE. These IBE schemes cover all three important IBE frameworks: full-domain-hash IBEs, exponent-inversion IBEs and commutative-blinding IBEs respectively, and our distributed PKG constructions can easily be modified for other IBE schemes in these frameworks. As the second application, we use our distributed PKG for BF-IBE to define an onion routing circuit construction mechanism in the identity-based setting, which solves the scalability problem in single-pass onion routing circuit construction without hampering forward secrecy. As the final application, we use our DKG implementation to design a threshold signature architecture for quorum-based distributed hash tables and use it to define two robust communication protocols in these peer-to-peer systems.

Threshold cyptography

Distributed trust

Distributed key generation

Identity-based encryption

Anonymity

Distributed hash tables

Computer Science

Application of Fuzzy Logic in Identity-Based Cryptography / Bulanık Mantığın Kimlik Tabanlı Kriptografide Kullanımı

Odyurt, Uraz

January 2014

This work explains the fundamental definitions required to define and create Fuzzy Identity-Based Encryption schemes as an error-tolerant version of Identity-Based Encryption schemes, along with three different examples of such creations. These examples are Sahai-Waters' FIBE, Baek et al.'s EFIBE-I and EFIBE-II. The required Set-up, Key Generation, Encryption and Decryption algorithms for each scheme are formalized and the proofs of security using the Selective-ID model are introduced. Subtle differences between the three schemes are discussed, including their computational efficiency comparison. The writing is intended as a self-sufficient resource for readers, containing the schemes and background definitions.

Cryptography

Fuzzy logic

Identity-Based Encryption (IBE)

Fuzzy Identity-Based Encryption (FIBE)

Selective-ID model

Encryption scheme

Kriptografi

Bulanık mantık

Kimlik Tabanlı Şifreleme

Bulanık Kimlik Tabanlı Şifreleme

Seçici-ID modeli

Şifreleme şeması

Mathematics

Matematik

Design And Implementation Of A Secure And Searchable Audit Logging System

Incebacak, Davut

01 May 2007

Logs are append-only time-stamped records to represent events in computers or network devices. Today, in many real-world networking applications, logging is a central service however it is a big challenge to satisfy the conflicting requirements when the security of log records is of concern. On one hand, being kept on mostly untrusted hosts, the logs should be preserved against unauthorized modifications and privacy breaches. On the other, serving as the primary evidence for digital crimes, logs are often needed for analysis by investigators. In this thesis, motivated by these requirements we define a model which integrates forward integrity techniques with search capabilities of encrypted logs. We also implement this model with advanced cryptographic primitives such as Identity Based Encryption. Our model, in one side, provides secure delegation of search capabilities to authorized users while protecting information privacy, on the other, these search capabilities set boundaries of a user&rsquo / s search operation. By this way user can not access logs which are not related with his case. Also, in this dissertation, we propose an improvement to Schneier and Kelsey&rsquo / s idea of forward integrity mechanism.

Identity-based cryptography / Cryptographie de l'identité

Germouty, Paul

12 September 2018

Dans cette thèse nous étudions les possibilités que les chiffrements basés sur l’identité offrent quand ils sont utilisés dans un but différent qu’un simple chiffrement. Nous avons pu généraliser différents types de chiffrement basés sur l’identité en une nouvelle primitive nommé Downgradable Identity-based Encryption (DIBE). Nous avons trouvé un moyen générique de transformer de simple IBE en des IBE en blanc, dans le cas où l’IBE est affine nous rendons le coût de communication très faible (de linéaire à logarithmique). Ces deux primitives ont donné lieux à différentes applications : les chiffrements basés sur les attributs pour la première et le transfère inconscient pour la deuxième. Une autre application est l’utilisation d’IBE hiérarchiques pour créer des signatures à vérifieur désigné basées sur l’identité. Ensuite nous avons regardé le transfère inconscient seul et avons réussi à le généraliser en un nouveau protocole nommé Oblivious Language-based Envelope. Finalement, nous avons construit une transformation d’un protocole à un autre, d’un échange authentifié de clés par mot de passe nous avons construit un transfère inconscient. En prenant une instanciation particulière nous obtenons un protocole plus efficace que tous les précédents pour le même niveau de sécurité. La primitive chiffrement basé sur l’identité est notre outil principal pour réaliser nos constructions. Nous avons donc besoin d’une instanciation efficace de cette primitive. Nous avons utilisé celle de Blazy Kiltz et Pan à CRYPTO’14 qui est très efficace mais possède aussi une structure particulière dite affine. / During this Thesis we investigated the possibilities that Identity-based Encryption offers when used out of their original purpose. We managed to generalize a whole class of different identity-based encryption schemes into Downgradable Identity-based Encryptions. We found a generic way to construct Blind Identity-based Encryptions. These two works leads both to applications that are not a priori linked with IBE: Attribute-based Encryption from Downgradable IBE and Oblivious Transfer for Blind IBE, in the case of Affine IBE we manage to reduce the communication cost from a linear to logarithmic. As application we also find a way to use Hierarchical IBE to construct a special type of signature called Identity-based Designated Verifier Signature. We continue the research out of the context of IBE's application with Oblivious Transfer. We manage to generalize the concept of Oblivious Transfer into a new protocol called Oblivious Language-based Envelope encompassing many kind of protocols. Finally, in the image of the whole Thesis we construct Oblivious Transfer with a very different primitive called Password Authenticated Key Exchange. Surprisingly, with some optimizations this last transformation leads to a very efficient Oblivious Transfer Protocol. The Identity-based Encryption is our main basis of work, thus efficient instantiations of this primitive were the key of our own efficiency, thus we used the instanciation from the paper of Blazy et als at crypto 2014 which is efficient, tight secure and affine.

Chiffrement basé sur l'identité

SPHF

Cryptographie

Transfère oublieux

Signature

Identity-based encryption

NIZK proof

SPHF

Cryptography

Oblivious Transfer

Signature

005.824

Gaussian sampling in lattice-based cryptography / Le Gaussian sampling dans la cryptographie sur les réseaux euclidiens

Prest, Thomas

08 December 2015

Bien que relativement récente, la cryptographie à base de réseaux euclidiens s’est distinguée sur de nombreux points, que ce soit par la richesse des constructions qu’elle permet, par sa résistance supposée à l’avènement des ordinateursquantiques ou par la rapidité dont elle fait preuve lorsqu’instanciée sur certaines classes de réseaux. Un des outils les plus puissants de la cryptographie sur les réseaux est le Gaussian sampling. À très haut niveau, il permet de prouver qu’on connaît une base particulière d’un réseau, et ce sans dévoiler la moindre information sur cette base. Il permet de réaliser une grande variété de cryptosystèmes. De manière quelque peu surprenante, on dispose de peu d’instanciations pratiques de ces schémas cryptographiques, et les algorithmes permettant d’effectuer du Gaussian sampling sont peu étudiés. Le but de cette thèse est de combler le fossé qui existe entre la théorie et la pratique du Gaussian sampling. Dans un premier temps, nous étudions et améliorons les algorithmes existants, à la fois par une analyse statistique et une approche géométrique. Puis nous exploitons les structures sous-tendant de nombreuses classes de réseaux, ce qui nous permet d’appliquer à un algorithme de Gaussian sampling les idées de la transformée de Fourier rapide, passant ainsi d’une complexité quadratique à quasilinéaire. Enfin, nous utilisons le Gaussian sampling en pratique et instancions un schéma de signature et un schéma de chiffrement basé sur l’identité. Le premierfournit des signatures qui sont les plus compactes obtenues avec les réseaux à l’heure actuelle, et le deuxième permet de chiffrer et de déchiffrer à une vitesse près de mille fois supérieure à celle obtenue en utilisant un schéma à base de couplages sur les courbes elliptiques. / Although rather recent, lattice-based cryptography has stood out on numerous points, be it by the variety of constructions that it allows, by its expected resistance to quantum computers, of by its efficiency when instantiated on some classes of lattices. One of the most powerful tools of lattice-based cryptography is Gaussian sampling. At a high level, it allows to prove the knowledge of a particular lattice basis without disclosing any information about this basis. It allows to realize a wide array of cryptosystems. Somewhat surprisingly, few practical instantiations of such schemes are realized, and the algorithms which perform Gaussian sampling are seldom studied. The goal of this thesis is to fill the gap between the theory and practice of Gaussian sampling. First, we study and improve the existing algorithms, byboth a statistical analysis and a geometrical approach. We then exploit the structures underlying many classes of lattices and apply the ideas of the fast Fourier transform to a Gaussian sampler, allowing us to reach a quasilinearcomplexity instead of quadratic. Finally, we use Gaussian sampling in practice to instantiate a signature scheme and an identity-based encryption scheme. The first one yields signatures that are the most compact currently obtained in lattice-based cryptography, and the second one allows encryption and decryption that are about one thousand times faster than those obtained with a pairing-based counterpart on elliptic curves.

Cryptographie à clé publique

Réseaux euclidiens

Signatures numériques

Chiffrement basé sur l'identité

Cryptographie post-quantique

Cryptographie basée sur les réseaux

Gaussian sampling

Algorithmes

Public-key cryptography

Lattices

Digital signatures

Identity-based encryption

Post-quantum cryptography

Lattice-based cryptography

005.8

Boneh-Boyen Signatures and the Strong Diffie-Hellman Problem

Yoshida, Kayo

January 2009

The Boneh-Boyen signature scheme is a short signature scheme which is provably secure in the standard model under the q-Strong Diffie-Hellman (SDH) assumption. The primary objective of this thesis is to examine the relationship between the Boneh-Boyen signature scheme and SDH. The secondary objective is to survey surrounding topics such as the generic group model, related signature schemes, intractability assumptions, and the relationship to identity-based encryption (IBE) schemes. Along these lines, we analyze the plausibility of the SDH assumption using the generic bilinear group model. We present the security proofs for the Boneh-Boyen signature scheme, with the addition of a small improvement in one of the probability bounds. Our main contribution is to give the reduction in the reverse direction; that is, to show that if the SDH problem can be solved then the Boneh-Boyen signature scheme can be forged. This contribution represents the first known proof of equivalence between the SDH problem and Boneh-Boyen signatures. We also discuss the algorithm of Cheon for solving the SDH problem. We analyze the implications of Cheon's algorithm for the security of the Boneh-Boyen signature scheme, accompanied by a brief discussion on how to counter the attack.

cryptography

digital signatures

signature scheme

Diffie-Hellman

Strong Diffie-Hellman

SDH

Boneh-Boyen signatures

Pollard rho

Pollard lambda

baby-step giant-step

assumptions

short signatures

random oracle

generic group

BLS

Waters

Okamoto

identity-based encryption

IBE

Cheon's algorithm

partial fraction

security

existential forgery

Combinatorics and Optimization

Boneh-Boyen Signatures and the Strong Diffie-Hellman Problem

Yoshida, Kayo

January 2009

The Boneh-Boyen signature scheme is a short signature scheme which is provably secure in the standard model under the q-Strong Diffie-Hellman (SDH) assumption. The primary objective of this thesis is to examine the relationship between the Boneh-Boyen signature scheme and SDH. The secondary objective is to survey surrounding topics such as the generic group model, related signature schemes, intractability assumptions, and the relationship to identity-based encryption (IBE) schemes. Along these lines, we analyze the plausibility of the SDH assumption using the generic bilinear group model. We present the security proofs for the Boneh-Boyen signature scheme, with the addition of a small improvement in one of the probability bounds. Our main contribution is to give the reduction in the reverse direction; that is, to show that if the SDH problem can be solved then the Boneh-Boyen signature scheme can be forged. This contribution represents the first known proof of equivalence between the SDH problem and Boneh-Boyen signatures. We also discuss the algorithm of Cheon for solving the SDH problem. We analyze the implications of Cheon's algorithm for the security of the Boneh-Boyen signature scheme, accompanied by a brief discussion on how to counter the attack.

cryptography

digital signatures

signature scheme

Diffie-Hellman

Strong Diffie-Hellman

SDH

Boneh-Boyen signatures

Pollard rho

Pollard lambda

baby-step giant-step

assumptions

short signatures

random oracle

generic group

BLS

Waters

Okamoto

identity-based encryption

IBE

Cheon's algorithm

partial fraction

security

existential forgery

Combinatorics and Optimization