Fully, (Almost) Tightly Secure IBE and Dual System Groups

Chen, Jie; Wee, Hoeteck

doi:10.1007/978-3-642-40084-1_25

Cited by 154 publications

(166 citation statements)

References 33 publications

Supporting

Mentioning

145

Contrasting

Order By: Relevance

“…Almost all group-based MACs recently considered in [12], as well as the MAC derived from the randomized Naor-Reingold PRF [25] implicitly given in [8] are affine.…”

Section: This Workmentioning

confidence: 99%

“…To instantiate our transformations, we consider two specific affine MACs. Our first construction, MAC NR [D k ], is a generalization of the MAC derived from the affine Naor-Reingold PRF [8] to any D k -MDDH Assumption. (Unfortunately, the MAC based on the original deterministic Naor-Reingold PRF [25] is not affine.)…”

Section: From Affine Macs To (H)ibementioning

confidence: 99%

“…The construction from [30] has the disadvantage of a non-tight security reduction, i.e., the security reduction reducing security of the L-level HIBE to the hardness of the underlying assumption loses at least a factor of Q L , where Q is the maximal number of user secret key queries. Modern HIBE schemes [29,8] only lose a factor Q, independent of L. The first tightly secure IBE was recently proposed by Chen and Wee [8] but designing a L-level HIBE for L > 1 and a tight (i.e., independent of Q) security reduction to a standard assumption remains an open problem.…”

Section: Introductionmentioning

confidence: 99%

“…Until today no generic construction of a (H)IBE from any "simple" low-level cryptographic primitive is known. However, the recent IBE scheme by Chen and Wee [8] uses a specific randomized PRF at the core of their construction, but its usage is non-modular.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

(Hierarchical) Identity-Based Encryption from Affine Message Authentication

Blazy

Kiltz

Pan

2014

Lecture Notes in Computer Science

118

102

View full text Add to dashboard Cite

We provide a generic transformation from any affine message authentication code (MAC) to an identity-based encryption (IBE) scheme over pairing groups of prime order. If the MAC satisfies a security notion related to unforgeability against chosen-message attacks and, for example, the kLinear assumption holds, then the resulting IBE scheme is adaptively secure. Our security reduction is tightness preserving, i.e., if the MAC has a tight security reduction so has the IBE scheme. Furthermore, the transformation also extends to hierarchical identity-based encryption (HIBE). We also show how to construct affine MACs with a tight security reduction to standard assumptions. This, among other things, provides a tightly secure IBE in the standard model.

show abstract

“…Almost all group-based MACs recently considered in [12], as well as the MAC derived from the randomized Naor-Reingold PRF [25] implicitly given in [8] are affine.…”

Section: This Workmentioning

confidence: 99%

Section: From Affine Macs To (H)ibementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

(Hierarchical) Identity-Based Encryption from Affine Message Authentication

Blazy

Kiltz

Pan

2014

Lecture Notes in Computer Science

118

102

View full text Add to dashboard Cite

show abstract

“…On the other hand, we do have ABE schemes based on a "computational" dual system argument, such as those in [32,34,9,3,27], many of which are more efficient and do avoid the lower bounds in this work. Informally, underlying the "computational" dual system argument is a computational analogue of CDS, where the privacy requirement is computational rather than information-theoretic.…”

Section: Implications For Dual System Abementioning

confidence: 99%

Communication Complexity of Conditional Disclosure of Secrets and Attribute-Based Encryption

Gay

Kerenidis

Wee

2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. We initiate a systematic treatment of the communication complexity of conditional disclosure of secrets (CDS), where two parties want to disclose a secret to a third party if and only if their respective inputs satisfy some predicate. We present a general upper bound and the first non-trivial lower bounds for conditional disclosure of secrets. Moreover, we achieve tight lower bounds for many interesting setting of parameters for CDS with linear reconstruction, the latter being a requirement in the application to attribute-based encryption. In particular, our lower bounds explain the trade-off between ciphertext and secret key sizes of several existing attribute-based encryption schemes based on the dual system methodology.

show abstract

Offline/online attribute‐based encryption with verifiable outsourced decryption

Liu

Jiang

Wang

et al. 2016

Concurrency and Computation

View full text Add to dashboard Cite

Summary In this big data era, service providers tend to put the data in a third‐party cloud system. Social networking websites are typical examples. To protect the security and privacy of the data, data should be stored in encrypted form. This brings forth new challenges: how to allow different users to access only the authorized part of the data without decryption of the data. Attribute‐based encryption (ABE) offers fine‐grained access control policy over encrypted data such that users can decrypt successfully only if their attributes satisfy the policy. However, one drawback of ABE is that the computational cost grows linearly with the complexity of ciphertext policy or the number of attributes. The situation becomes worse for mobile devices with limited computing resources. To solve this problem, we adopt the offline/online technique combining with the verifiable outsourced computation technique to propose a new ciphertext‐policy ABE scheme using bilinear groups in prime order, supporting the offline/online key generation and encryption, as well as the verifiable outsourced decryption. As a result, most computations of key generation and encryption can be executed offline, and the majority of computational workload in decryption can be outsourced to third parties. The scheme is selectively chosen‐plaintext attack‐secure in the standard model. We also provide the proof of verifiability on outsourced decryption. The simulation results show that our proposed scheme can effectively reduce the computational cost imposed on resource‐constrained devices. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Fully, (Almost) Tightly Secure IBE and Dual System Groups

Cited by 154 publications

References 33 publications

(Hierarchical) Identity-Based Encryption from Affine Message Authentication

(Hierarchical) Identity-Based Encryption from Affine Message Authentication

Communication Complexity of Conditional Disclosure of Secrets and Attribute-Based Encryption

Offline/online attribute‐based encryption with verifiable outsourced decryption

Contact Info

Product

Resources

About