Universal Re-encryption for Mixnets

Golle, Philippe; Jakobsson, Markus; Juels, Ari; Syverson, Paul

doi:10.1007/978-3-540-24660-2_14

Cited by 279 publications

(208 citation statements)

References 20 publications

Supporting

Mentioning

207

Contrasting

Unclassified

Order By: Relevance

“…We randomize a key by computing C(1; r * r ) for a random r (this can be computed using ⊗ by square-and-multiply). Encryption corresponds to computing C(m; r + s) by multiplying a freshly randomized public key C(1; r + s) with the ciphertext C(m; 0), i.e., the message encrypted with randomness zero-see also [11].…”

Section: Instantiationmentioning

confidence: 99%

Accountable Metadata-Hiding Escrow: A Group Signature Case Study

Kohlweiss

Miers

2015

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract:A common approach to demands for lawful access to encrypted data is to allow a trusted third party (TTP) to gain access to private data. However, there is no way to verify that this trust is well placed as the TTP may open all messages indiscriminately. Moreover, existing approaches do not scale well when, in addition to the content of the conversation, one wishes to hide one's identity. Given the importance of metadata this is a major problem. We propose a new approach in which users can retroactively verify cryptographically whether they were wiretapped. As a case study, we propose a new signature scheme that can act as an accountable replacement for group signatures, accountable forward and backward tracing signatures.

show abstract

Section: Instantiationmentioning

confidence: 99%

Accountable Metadata-Hiding Escrow: A Group Signature Case Study

Kohlweiss

Miers

2015

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

show abstract

“…Another notion with a similar name is universal re-encryption [GJJS04], in which the ciphertexts are re-randomized, but the underlying public keys are not changed as in PRE.…”

Section: Related Notionsmentioning

confidence: 99%

Efficient Unidirectional Proxy Re-Encryption

Chow

Weng

Yang

et al. 2010

Lecture Notes in Computer Science

147

View full text Add to dashboard Cite

Abstract. Proxy re-encryption (PRE) allows a semi-trusted proxy to convert a ciphertext originally intended for Alice into one encrypting the same plaintext for Bob. The proxy only needs a re-encryption key given by Alice, and cannot learn anything about the plaintext encrypted. This adds flexibility in various applications, such as confidential email, digital right management and distributed storage. In this paper, we study unidirectional PRE, which the re-encryption key only enables delegation in one direction but not the opposite. In PKC 2009, Shao and Cao proposed a unidirectional PRE assuming the random oracle. However, we show that it is vulnerable to chosen-ciphertext attack (CCA). We then propose an efficient unidirectional PRE scheme (without resorting to pairings). We gain high efficiency and CCA-security using the "token-controlled encryption" technique, under the computational Diffie-Hellman assumption, in the random oracle model and a relaxed but reasonable definition.

show abstract

“…There have been many papers which are hash-based [2,4,3,5,7,9,14,15,17], pseudonym-based [1,12], zero knowledge-based [16] using PUF(Physical Unclonable Function), and tree-based protocol [8] using pseudonym generator that attempts to address the security concerns raised as using RFID tags, but it is believed that there is no perfect protocol that avoids all of the threats with reasonably low cost until now. Hash Lock Scheme [14](denoted by "HLS") is based on one-way hash function; HLS is traceable.…”

Section: Previous Workmentioning

confidence: 99%

“…Ohkubo et al protocol [9](denoted by "OSK") is untraceable, but unscalable. Wong et al [6] and Tuyls et al protocol [16] can be traceable; and also, pseudonym-based protocols [1,12] can be traceable after A collects all of the pseudonyms.…”

Section: Previous Workmentioning

confidence: 99%

A Scalable and Untraceable Authentication Protocol for RFID

Seo

Lee

Kim

2006

Emerging Directions in Embedded and Ubiquitous Computing

View full text Add to dashboard Cite

Abstract. RFID (Radio Frequency Identification) is recently becoming popular, promising and widespread. In contrast, RFID tags can bring about traceability that causes user privacy and reduces scalability of RFID. Guaranteeing untraceability and scalability at the same time is so critical in order to deploy RFID widely since user privacy should be guaranteed. A large number of RFID protocols were designed in the open literature, but any known protocols do not satisfy untraceability and scalability at the same time to the best of our knowledge. In this paper, we suggest a RFID authentication protocol that guarantees untraceability and scalability together; needless to say preventing several known attacks: replay, spoofing, desyncronization, and cloning by eavesdropping. Our protocol supports ownership transfer and considers multitag-reader environment; a reader receives messages from the tags what a reader wants in our protocol. In addition, we address the reason why the item privacy is important, and a way to keep it securely.

show abstract

Universal Re-encryption for Mixnets

Cited by 279 publications

References 20 publications

Accountable Metadata-Hiding Escrow: A Group Signature Case Study

Accountable Metadata-Hiding Escrow: A Group Signature Case Study

Efficient Unidirectional Proxy Re-Encryption

A Scalable and Untraceable Authentication Protocol for RFID

Contact Info

Product

Resources

About