Automating Fast and Secure Translations from Type-I to Type-III Pairing Schemes

Akinyele, Joseph A.; Garman, Christina; Hohenberger, Susan

doi:10.1145/2810103.2813601

Cited by 25 publications

(17 citation statements)

References 25 publications

(59 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Given several kinds of constraints and a metric implemented into an objective function, it searches for a solution that minimizes the function value subject to the constraints. The idea of encoding computational constraints into an objective function follows from previous works [20,22]. Our novelty is the encoding method that allows one to use Integer Programming that fits well to our optimization problem with various constraints.…”

Section: Our Contributionmentioning

confidence: 99%

“…As vast number of schemes have been built over Type-I groups, e.g, [9][10][11][12][13][14][15], bilinear-type conversion methods that translate schemes designed for Type-I groups into ones that work over Type-III groups have been developed [16][17][18][19][20][21][22]. Recall that cryptographic schemes designed over Type-I groups do not necessarily work over Type-III groups due to the presence of symmetric pairings, e(X, X ).…”

Section: Introductionmentioning

confidence: 99%

“…Automated conversion methods in the literature [20][21][22] are only for small-scale schemes consisting of up to tens of group operations. To follow the secure conversion framework introduced in [21], one needs to convert not only the algorithms in the target scheme but those that appear in security proofs.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Fast and Scalable Bilinear-Type Conversion Method for Large Scale Crypto Schemes

Abe

Hoshino

Ohkubo³

2019

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

Bilinear-type conversion is to translate a cryptographic scheme designed over symmetric bilinear groups into one that works over asymmetric bilinear groups with small overhead regarding the size of objects concerned in the target scheme. In this paper, we address scalability for converting complex cryptographic schemes. Our contribution is threefold. Investigating complexity of bilinear-type conversion. We show that there exists no polynomial-time algorithm for worst-case inputs under standard complexity assumption. It means that bilinear-type conversion in general is an inherently difficult problem. Presenting a new scalable conversion method. Nevertheless, we show that large-scale conversion is indeed possible in practice when the target schemes are built from smaller building blocks with some structure. We present a novel conversion method, called IPConv, that uses 0-1 Integer Programming instantiated with a widely available IP solver. It instantly converts schemes containing more than a thousand of variables and hundreds of pairings. Application to computeraided design. Our conversion method is also useful in modular design of middle to large scale cryptographic applications; first construct over simpler symmetric bilinear groups and run over efficient asymmetric groups. Thus one can avoid complication of manually allocating variables over asymmetric bilinear groups. We demonstrate its usefulness by somewhat counter-intuitive examples where converted DLIN-based Groth-Sahai proofs are more compact than manually built SXDH-based proofs. Though the early purpose of bilinear-type conversion is to save existing schemes from attacks against symmetric bilinear groups, our new scalable conversion method will find more applications beyond the original goal. Indeed, the above computer-aided design can be seen as a step toward automated modular design of cryptographic schemes.

show abstract

Section: Our Contributionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Fast and Scalable Bilinear-Type Conversion Method for Large Scale Crypto Schemes

Abe

Hoshino

Ohkubo³

2019

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

show abstract

“…To further demonstrate our schemes efficiency, we roughly evaluated our scheme's practical performance according to implementation in [1]. We give the performance comparison results for GA07B, LZD+, WCW and Our schemes in Fig.…”

Section: Rkmentioning

confidence: 99%

“…We give the performance comparison results for GA07B, LZD+, WCW and Our schemes in Fig. 6,7 ,8,9,10, 11, 12, according to the efficiency benchmark of SS156 and BN256 groups [1] implemented in the highly efficient RELIC cryptographic toolkit version 0.4 [2](using the GMP library [12] for big number operations and the default configuration options for prime field arithmetic ), measured on a standard workstation, which is 2.4GHz Intel Core i5 processor and 8GB of RAM (1067MHz DDR3) running Mac OS X Lion version 10.7.5. We have neglected some operations such as the computation cost of one-time symmetric encryption, one-time symmetric decryption and one-time checking for the decryption results' validity, one-time signature and verification.…”

Section: Rkmentioning

confidence: 99%

Improved functional proxy re-encryption schemes for secure cloud data sharing

Wang

Yang

et al. 2018

COMSIS J

View full text Add to dashboard Cite

Recently Liang et al. propose an interesting privacy-preserving ciphertext multi-sharing control for big data storage mechanism, which is based on the cryptographic primitive of anonymous multi-hop identity based conditional proxy re-encryption scheme AMH-IBCPRE. They propose a concrete AMH-IBCPRE scheme and conclude their scheme can achieve IND-sCon-sID-CCA secure (indistinguishable secure under selectively conditional selectively identity chosen ciphertext attack). However, our research show their scheme can not be IND-sCon-sID-CCA secure for single-hop and multi-hop data sharing. Also in 2014, Liang et al. propose an interesting deterministic finite automata-based functional proxy reencryption scheme DFA-based FPRE for secure public cloud data sharing, they also conclude their scheme can achieve IND-CCA secure (indistinguishable secure under chosen ciphertext attack), we also show their scheme can not be IND-CCA secure either. For these two proposals, the main reason of insecurity is that part of the re-encryption key has the same structure as the valid ciphertext, thus the adversary can query on the decryption oracle with this part of the re-encryption key to get secret keys, which will break the CCA-security of their scheme. We give an improved AMH-IBCPRE scheme and an improved DFA-based FPRE scheme for cloud data sharing and show the new schemes can resist our attack and be CCA-secure. We also demonstrate our improved AMH-IBCPRE scheme's efficiency compared with other related identity based proxy re-encryption schemes, the results show our scheme is almost the most efficient one.

show abstract