Keita Emura scite author profile

In ACM CCS 2008, Boldyreva et al. proposed an elegant way of achieving an Identity-based Encryption (IBE) with efficient revocation, which we call revocable IBE (RIBE). One of the significant benefit of their construction is scalability, where the overhead of the trusted authority is logarithmically increased in the number of users, whereas that in the Boneh-Franklin naive revocation way is linearly increased. All subsequent RIBE schemes follow the Boldyreva et al. security model and syntax. In this paper, we first revisit the Boldyreva et al. security model, and aim at capturing the exact notion for the security of the naive but non-scalable Boneh-Franklin RIBE scheme. To this end, we consider a realistic threat, which we call decryption key exposure. We also show that all prior RIBE constructions except for the Boneh-Franklin one are vulnerable to decryption key exposure. As the second contribution, we revisit approaches to achieve (efficient and adaptively secure) scalable RIBE schemes, and propose a simple RIBE scheme, which is the first scalable RIBE scheme with decryption key exposure resistance, and is more efficient than previous (adaptively secure) scalable RIBE schemes. In particular, our construction has the shortest ciphertext size and the fastest decryption algorithm even compared with all scalable RIBE schemes without decryption key exposure resistance.

show abstract

Dynamic attribute-based signcryption without random oracles

Emura

Miyaji

Rahman

2012

IJACT

View full text Add to dashboard Cite

A Ciphertext-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length

et al. 2009

View full text Add to dashboard Cite

Group Signatures with Message-Dependent Opening

Sakai

Emura

Hanaoka

et al. 2013

View full text Add to dashboard Cite

On the Security of Dynamic Group Signatures: Preventing Signature Hijacking

Sakai

Schuldt

Emura

et al. 2012

View full text Add to dashboard Cite

We identify a potential weakness in the standard security model for dynamic group signatures which appears to have been overlooked previously. More specifically, we highlight that even if a scheme provably meets the security requirements of the model, a malicious group member can potentially claim ownership of a group signature produced by an honest group member by forging a proof of ownership. This property leads to a number of vulnerabilities in scenarios in which dynamic group signatures are likely to be used. We furthermore show that the dynamic group signature scheme by Groth (ASIACRYPT 2007) does not provide protection against this type of malicious behavior.To address this, we introduce the notion of opening soundness for group signatures which essentially requires that it is infeasible to produce a proof of ownership of a valid group signature for any user except the original signer. We then show a relatively simple modification of the scheme by Groth which allows us to prove opening soundness for the modified scheme without introducing any additional assumptions.We believe that opening soundness is an important and natural security requirement for group signatures, and hope that future schemes will adopt this type of security.

show abstract

Revocable Identity-Based Cryptosystem Revisited: Security Models and Constructions

Seo

Emura

2014

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Efficient Delegation of Key Generation and Revocation Functionalities in Identity-Based Encryption

Seo

Emura

2013

View full text Add to dashboard Cite

In the public key cryptosystems, revocation functionality is required when a secret key is corrupted by hacking or the period of a contract expires. In the public key infrastructure setting, numerous solutions have been proposed, and in the Identity Based Encryption (IBE) setting, a recent series of papers proposed revocable IBE schemes. Delegation of key generation is also an important functionality in cryptography from a practical standpoint since it allows reduction of excessive workload for a single key generation authority. Although efficient solutions for either revocation or delegation of key generation in IBE systems have been proposed, an important open problem is efficiently delegating both the key generation and revocation functionalities in IBE systems. Libert and Vergnaud, for instance, left this as an open problem in their CT-RSA 2009 paper. In this paper, we propose the first solution for this problem. We prove the selective-ID security of our proposal under the Decisional Bilinear Diffie-Hellman assumption in the standard model.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Keita Emura

A ciphertext-policy attribute-based encryption scheme with constant ciphertext length

Revocable Identity-Based Encryption Revisited: Security Model and Construction

Dynamic attribute-based signcryption without random oracles

A Ciphertext-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length

Group Signatures with Message-Dependent Opening

On the Security of Dynamic Group Signatures: Preventing Signature Hijacking

Revocable Identity-Based Cryptosystem Revisited: Security Models and Constructions

Efficient Delegation of Key Generation and Revocation Functionalities in Identity-Based Encryption

Contact Info

Product

Resources

About