Efficient Distributed Tag-Based Encryption and Its Application to Group Signatures with Efficient Distributed Traceability

Ghadafi, Essam

doi:10.1007/978-3-319-16295-9_18

Cited by 22 publications

(19 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In distributed tag-based encryption [4,15], the (tag-based) ciphertexts can only be decrypted if all n decryption servers compute their decryption shares correctly. In the threshold variant, at least κ out of n decryption servers must compute their decryption shares correctly for the decryption to succeed.…”

Section: Robust Non-interactive Distributed/threshold Tag-based Encrymentioning

confidence: 99%

“…Besides the original scheme given in [15], we also use a second variant of the scheme in [15] (shown in Fig. 6) where we transpose the groups in which the public key and the ciphertext lie.…”

Section: Robust Non-interactive Distributed/threshold Tag-based Encrymentioning

confidence: 99%

“…6. The transposed 1-out-of-1 variant of the distributed tag-based encryption scheme from [15] Overview of the construction. Unlike previous constructions, e.g.…”

Section: Our Generic Constructionmentioning

confidence: 99%

See 2 more Smart Citations

Stronger Security Notions for Decentralized Traceable Attribute-Based Signatures and More Efficient Constructions

Ghadafi

2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. In this work, we revisit the notion of Decentralized Traceable Attribute-Based Signatures (DTABS) introduced by El Kaafarani et al. (CT-RSA 2014) and improve the state-of-the-art in three dimensions: Firstly, we provide a new stronger security model which circumvents some shortcomings in existing models. Our model minimizes the trust placed in attribute authorities and hence provides, among other things, a stronger definition for non-frameability. In addition, unlike previous models, our model captures the notion of tracing soundness which is important for many applications of the primitive, and which ensures that even if all parties in the system are fully corrupt, no one but the actual signer can claim authorship of the signature. Secondly, we provide a generic construction that is secure w.r.t. our strong security model and show two example instantiations in the standard model which are more efficient than existing constructions (secure under weaker security definitions). Finally, unlike existing constructions, we dispense with the need for the expensive zero-knowledge proofs required for proving tracing correctness by the tracing authority. As a result, tracing a signature in our constructions is significantly more efficient than existing constructions, both in terms of the size of the tracing proof and the computational cost required to generate and verify it. For instance, verifying tracing correctness in our constructions requires only 4 pairings compared to 34 pairings in the most efficient existing construction.

show abstract

Section: Robust Non-interactive Distributed/threshold Tag-based Encrymentioning

confidence: 99%

Section: Robust Non-interactive Distributed/threshold Tag-based Encrymentioning

confidence: 99%

See 1 more Smart Citation

Stronger Security Notions for Decentralized Traceable Attribute-Based Signatures and More Efficient Constructions

Ghadafi

2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Instead, we can distribute the powers of the tracing agent. In a group signature scheme with a distributed tracing agent, several agents need to cooperate before the identity of the signer can be recovered [9]. As long as a decent subset of the tracing agents is trusted, the anonymity of the user's identities is guaranteed.…”

Section: Decision Primitivesmentioning

confidence: 99%

Revocable Privacy: Principles, Use Cases, and Technologies

Lueks¹,

Everts

Hoepman³

2016

Privacy Technologies and Policy

View full text Add to dashboard Cite

Abstract. Security and privacy often seem to be at odds with one another. In this paper, we revisit the design principle of revocable privacy which guides the creation of systems that offer anonymity for people who do not violate a predefined rule, but can still have consequences for people who do violate the rule. We first improve the definition of revocable privacy by considering different types of sensors for users' actions and different types of consequences of violating the rules (for example blocking). Second, we explore some use cases that can benefit from a revocable privacy approach. For each of these, we derive the underlying abstract rule that users should follow. Finally, we describe existing techniques that can implement some of these abstract rules. These descriptions not only illustrate what can already be accomplished using revocable privacy, they also reveal directions for future research.

show abstract

“…After the introduction [14], different variants of GS schemes were proposed (collision-resistant GS scheme [19], sign-and-encrypt-and-prove based GS [20], traceable signatures [15,34,35], GS with verifier local revocation [16], GS from blind signatures [36], traceable signatures in standard model [37], group signatures in standard model [38], GS with controllable linkability [39,40], GS with distributed traceability [41], GS with dynamic accumulators [42]). Kiayias et al (traceable signatures [15]) first introduced internal tracing algorithms (trapdoors) to efficiently trace and revoke the anonymity of misbehaving members.…”

Section: Revocation In Group Signaturesmentioning

confidence: 99%

Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation

Rahaman

Cheng

Yao

et al. 2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Group signature schemes enable anonymous-yetaccountable communications. Such a capability is extremely useful for applications, such as smartphone-based crowdsensing and citizen science. However, the performance of modern group signature schemes is still inadequate to manage large dynamic groups. In this paper, we design the first provably secure verifier-local revocation (VLR) -based group signature scheme that supports sublinear revocation, named Sublinear Revocation with Backward unlinkability and Exculpability (SRBE). To achieve this performance gain, SRBE introduces time bound pseudonyms for the signer. By introducing lowcost short-lived pseudonyms with sublinear revocation checking, SRBE drastically improves the efficiency of the groupsignature primitive. The backward-unlinkable anonymity of SRBE guarantees that even after the revocation of a signer, her previously generated signatures remain unlinkable across epochs. This behavior favors the dynamic nature of real-world crowdsensing settings. We prove its security and discuss parameters that influence its scalability. Using SRBE, we also implement a prototype named GROUPSENSE for anonymousyet-accountable crowdsensing, where our experimental findings confirm GROUPSENSE's scalability. We point out the open problems remaining in this space.

show abstract

Efficient Distributed Tag-Based Encryption and Its Application to Group Signatures with Efficient Distributed Traceability

Cited by 22 publications

References 49 publications

Stronger Security Notions for Decentralized Traceable Attribute-Based Signatures and More Efficient Constructions

Stronger Security Notions for Decentralized Traceable Attribute-Based Signatures and More Efficient Constructions

Revocable Privacy: Principles, Use Cases, and Technologies

Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation

Contact Info

Product

Resources

About