Public-Key Encryption with Non-Interactive Opening: New Constructions and Stronger Definitions

Galindo, David; Libert, Benôıt; Fischlin, Marc; Fuchsbauer, Georg; Lehmann, Anja; Manulis, Mark; Schröder, Dominique

doi:10.1007/978-3-642-12678-9_20

Cited by 24 publications

(25 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We note that the used approach to the verification of a decryption result is essentially the same as that used by Galindo et al [17] in the context of public key encryption with non-interactive opening (PKENO). Furthermore, we note that in [17], the application of PKENO schemes to group signature is briefly discussed as a mechanism for simplifying the construction of an opening.…”

Section: The Modified Groth Schemementioning

confidence: 99%

“…Furthermore, we note that in [17], the application of PKENO schemes to group signature is briefly discussed as a mechanism for simplifying the construction of an opening. Here, we will show that this approach is able to ensure the opening soundness of group signature schemes.…”

Section: The Modified Groth Schemementioning

confidence: 99%

“…Furthermore, the authors would like to thank Benoît Libert for pointing out the similarity between the idea for obtaining opening soundness in the Groth scheme, and techniques of [17].…”

Section: Acknowledgmentmentioning

confidence: 99%

See 2 more Smart Citations

On the Security of Dynamic Group Signatures: Preventing Signature Hijacking

Sakai

Schuldt

Emura

et al. 2012

Public Key Cryptography – PKC 2012

View full text Add to dashboard Cite

We identify a potential weakness in the standard security model for dynamic group signatures which appears to have been overlooked previously. More specifically, we highlight that even if a scheme provably meets the security requirements of the model, a malicious group member can potentially claim ownership of a group signature produced by an honest group member by forging a proof of ownership. This property leads to a number of vulnerabilities in scenarios in which dynamic group signatures are likely to be used. We furthermore show that the dynamic group signature scheme by Groth (ASIACRYPT 2007) does not provide protection against this type of malicious behavior.To address this, we introduce the notion of opening soundness for group signatures which essentially requires that it is infeasible to produce a proof of ownership of a valid group signature for any user except the original signer. We then show a relatively simple modification of the scheme by Groth which allows us to prove opening soundness for the modified scheme without introducing any additional assumptions.We believe that opening soundness is an important and natural security requirement for group signatures, and hope that future schemes will adopt this type of security.

show abstract

Section: The Modified Groth Schemementioning

confidence: 99%

Section: The Modified Groth Schemementioning

confidence: 99%

See 1 more Smart Citation

On the Security of Dynamic Group Signatures: Preventing Signature Hijacking

Sakai

Schuldt

Emura

et al. 2012

Public Key Cryptography – PKC 2012

View full text Add to dashboard Cite

show abstract

“…The notion of security is such that the state of the adversary returned by those simulators is statistically indistinguishable from the state of the adversary in the real-life model. A different kind of scheme for proof of knowledge named Public Key Encryption with Non-interactive Openning (PKENO) in standard model [4][5][6]11] has been proposed, which is more efficient than the known NIZK proofs in standard model. For proving the knowledge, a verifier needs to know the (ciphertext, proof, plaintext)-tuple.…”

Section: Threshold Two-party Computationmentioning

confidence: 99%

Efficient Privacy-Preserving Data Mining in Malicious Model

Emura

Miyaji

Rahman

2010

Advanced Data Mining and Applications

View full text Add to dashboard Cite

Abstract. In many distributed data mining settings, disclosure of the original data sets is not acceptable due to privacy concerns. To address such concerns, privacy-preserving data mining has been an active research area in recent years. While confidentiality is a key issue, scalability is also an important aspect to assess the performance of a privacypreserving data mining algorithms for practical applications. With this in mind, Kantarcioglu et al. proposed secure dot product and secure setintersection protocols for privacy-preserving data mining in malicious adversarial model using zero knowledge proofs, since the assumption of semi-honest adversary is unrealistic in some settings. Both the computation and communication complexities are linear with the number of data items in the protocols proposed by Kantarcioglu et al. In this paper, we build efficient and secure dot product and set-intersection protocols in malicious model. In our work, the complexity of computation and communication for proof of knowledge is always constant (independent of the number of data items), while the complexity of computation and communication for the encrypted messages remains the same as in Kantarcioglu et al.'s work (linear with the number of data items). Furthermore, we provide the security model in Universal Composability framework.

show abstract

“…In order to have efficient tracing, we ask that DT BE is non-interactive and robust. As was noted by [31], such a propety simplifies tracing even in traditional group signatures with a single tracing manager. Finally, we require a collision-resistant hash function H : {0, 1} * → T DT BE .…”

Section: Our Generic Constructionmentioning

confidence: 99%

Efficient Distributed Tag-Based Encryption and Its Application to Group Signatures with Efficient Distributed Traceability

Ghadafi

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this work, we first formalize the notion of dynamic group signatures with distributed traceability, where the capability to trace signatures is distributed among n managers without requiring any interaction. This ensures that only the participation of all tracing managers permits tracing a signature, which reduces the trust placed in a single tracing manager. The threshold variant follows easily from our definitions and constructions. Our model offers strong security requirements. Our second contribution is a generic construction for the notion which has a concurrent join protocol, meets strong security requirements, and offers efficient traceability, i.e. without requiring tracing managers to produce expensive zero-knowledge proofs for tracing correctness. To dispense with the expensive zero-knowledge proofs required in the tracing, we deploy a distributed tag-based encryption with public verifiability. Finally, we provide some concrete instantiations, which, to the best of our knowledge, are the first efficient provably secure realizations in the standard model simultaneously offering all the aforementioned properties. To realize our constructions efficiently, we construct an efficient distributed (and threshold) tag-based encryption scheme that works in the efficient Type-III asymmetric bilinear groups. Our distributed tag-based encryption scheme yields short ciphertexts (only 1280 bits at 128-bit security), and is secure under an existing variant of the standard decisional linear assumption. Our tag-based encryption scheme is of independent interest and is useful for many applications beyond the scope of this paper. As a special case of our distributed tag-based encryption scheme, we get an efficient tag-based encryption scheme in Type-III asymmetric bilinear groups that is secure in the standard model.

show abstract

Public-Key Encryption with Non-Interactive Opening: New Constructions and Stronger Definitions

Cited by 24 publications

References 32 publications

On the Security of Dynamic Group Signatures: Preventing Signature Hijacking

On the Security of Dynamic Group Signatures: Preventing Signature Hijacking

Efficient Privacy-Preserving Data Mining in Malicious Model

Efficient Distributed Tag-Based Encryption and Its Application to Group Signatures with Efficient Distributed Traceability

Contact Info

Product

Resources

About