Key-Insulated Public Key Cryptosystems

Dodis, Yevgeniy; Katz, Jonathan; Xu, Shouhuai; Yung, Moti

doi:10.1007/3-540-46035-7_5

Cited by 278 publications

(218 citation statements)

References 34 publications

(55 reference statements)

Supporting

Mentioning

218

Contrasting

Order By: Relevance

“…A natural question is whether their ciphertexts can be made to have size independent of q (or, at the very least, o(q)). 4 Indeed, in light of the results of Dodis, Katz, Xu and Yung [DKXY02] and most recently, Goldwasser, Lewko and Wilson [GLW12] in the context of bounded-collusion IBE, one might expect that achieving "short" ciphertexts is actually be possible in general.…”

Section: New Lower Bound: Impossibility For Simulation-based Definitionsmentioning

confidence: 99%

Functional Encryption: New Perspectives and Lower Bounds

Agrawal

Gorbunov

Vaikuntanathan

et al. 2013

Lecture Notes in Computer Science

108

128

View full text Add to dashboard Cite

Functional encryption is an emerging paradigm for public-key encryption that enables finegrained control of access to encrypted data. In this work, we present new perspectives on security definitions for functional encryption, as well as new lower bounds on what can be achieved. Our main contributions are as follows:• We show a lower bound for functional encryption that satisfies a weak (non-adaptive) simulation-based security notion, via pseudo-random functions. This is the first lower bound that exploits unbounded collusions in an essential way.• We put forth and discuss a simulation-based notion of security for functional encryption, with an unbounded simulator (called USIM). We show that this notion interpolates indistinguishability and simulation-based security notions, and has strong correlations to results and barriers in the zero-knowledge and multi-party computation literature.

show abstract

Section: New Lower Bound: Impossibility For Simulation-based Definitionsmentioning

confidence: 99%

Functional Encryption: New Perspectives and Lower Bounds

Agrawal

Gorbunov

Vaikuntanathan

et al. 2013

Lecture Notes in Computer Science

108

128

View full text Add to dashboard Cite

show abstract

“…A second related class of solutions is known as Key Insulated and Intrusion Resilient signatures [11,14]. In a nutshell, this model and ours are incomparable, but we believe that our approach is the more realistic of the two.…”

Section: Related Workmentioning

confidence: 95%

On the Theory and Practice of Personal Digital Signatures

Damgård

Mikkelsen

2009

Public Key Cryptography – PKC 2009

View full text Add to dashboard Cite

Abstract. We take a step towards a more realistic modeling of personal digital signatures, where a human user, his mobile equipment, his PC and a server are all considered as independent players in the protocol, and where only the human user is assumed incorruptible. We then propose a protocol for issuing digital signatures on behalf of the user. This protocol is proactively UC-secure assuming at most one player is corrupted in every operational phase. In more practical terms, this means that one can securely sign using terminals (PC's) that are not necessarily trusted, as long as the mobile unit and the PC are not both corrupted at the same time. In other words, our solution cannot be broken by phising or key-logging via the PC. The protocol allows for mobile units with very small computing power by securely outsourcing computation to the PC and also allows usage of any PC that can communicate properly. Finally, we report on the results of a prototype implementation of our solution.

show abstract

“…But to show this thinking is wrong, we give an exceptional attack (decryption key exposure), wherein an adversary is allowed to obtain a decryption key dk ID * ,T with the condition T ̸ = T * . This setting is based on the similar attitude of key-insulated PKE [16], where it is desired that no information of the plaintext is revealed from a ciphertext even if all (short-term) decryption keys of a "different time period" are exposed. This kind of attack is not covered by the Boldyreva et al security model; that is, the adversary may obtain not a secret key sk ID * but a decryption key dk ID * ,T , and ID * can still be alive in the system in the challenge time period T * ̸ = T .…”

Section: Introductionmentioning

confidence: 99%

Revocable Identity-Based Encryption Revisited: Security Model and Construction

Seo

Emura

2013

Public-Key Cryptography – PKC 2013

117

View full text Add to dashboard Cite

In ACM CCS 2008, Boldyreva et al. proposed an elegant way of achieving an Identity-based Encryption (IBE) with efficient revocation, which we call revocable IBE (RIBE). One of the significant benefit of their construction is scalability, where the overhead of the trusted authority is logarithmically increased in the number of users, whereas that in the Boneh-Franklin naive revocation way is linearly increased. All subsequent RIBE schemes follow the Boldyreva et al. security model and syntax. In this paper, we first revisit the Boldyreva et al. security model, and aim at capturing the exact notion for the security of the naive but non-scalable Boneh-Franklin RIBE scheme. To this end, we consider a realistic threat, which we call decryption key exposure. We also show that all prior RIBE constructions except for the Boneh-Franklin one are vulnerable to decryption key exposure. As the second contribution, we revisit approaches to achieve (efficient and adaptively secure) scalable RIBE schemes, and propose a simple RIBE scheme, which is the first scalable RIBE scheme with decryption key exposure resistance, and is more efficient than previous (adaptively secure) scalable RIBE schemes. In particular, our construction has the shortest ciphertext size and the fastest decryption algorithm even compared with all scalable RIBE schemes without decryption key exposure resistance.

show abstract

Key-Insulated Public Key Cryptosystems

Cited by 278 publications

References 34 publications

Functional Encryption: New Perspectives and Lower Bounds

Functional Encryption: New Perspectives and Lower Bounds

On the Theory and Practice of Personal Digital Signatures

Revocable Identity-Based Encryption Revisited: Security Model and Construction

Contact Info

Product

Resources

About