Yu Long,Zheng Gong,Kefei Chen,Shengli Liu

2009-01-01

Abstract:This paper proposes an identity-based threshold key escrow scheme. The scheme is secure against identity-based threshold chosen-plaintext attack. It tolerates the passive adversary to access data of corrupted key escrow agency servers and the active adversary that can modify corrupted servers’ keys. The formal proof of security is presented in the random oracle model, assuming the Bilinear Di‐e-Hellman problem is computationally hard.

Ruyuan Zhang,Jiguo Li,Yang Lu,Jinguang Han,Yichen Zhang

DOI: https://doi.org/10.1016/j.ins.2022.03.081

IF: 8.1

2022-07-01

Information Sciences

Abstract:There exists a key escrow issue in ciphertext-policy attribute-based encryption (CP-ABE). The key generator center issues all users' secret keys and can decrypt each ciphertext by calculating the corresponding secret key. Besides, applying CP-ABE in data sharing environment also brings another challenging problem which is users' revocation. To resolve the above issues, we provide a key escrow-free CP-ABE scheme with the user revocation, which withstands collusion attack between malicious users and revoked users. In our scheme, a secret key is calculated utilizing a secure key issuing protocol between key authority (KA) and data user (DU). KA is unable to obtain DU's secret value and generate the complete secret key independently, which solves the key escrow issue. When a user revokes from the system, the secret keys of the unrevoked users require to be updated. We introduce a group manager (GM) to update the unrevoked users' group secret keys and generate a re-encryption key. The re-encryption technology is applied to prevent the revoked users from decrypting ciphertexts. Moreover, the decryption cloud server provider (D-CSP) executes most of decryption operations to decrease computation costs. The performance analysis indicates that our scheme is practical and efficient. The security of the presented scheme is reduced to divisible computable Diffie-Hellman (DCDH) assumption.

computer science, information systems

J. Li,X. Chen,H. Tian,C. Gao

DOI: https://doi.org/10.1504/ijahuc.2014.065156

2014-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Since the notion of attribute-based encryption (ABE) was proposed, it has been found a lot of important applications such as fine-grained access control. However, the issue of key exposure problem in ABE has been solved completely. This problem is formally addressed and formulated in this paper. More specifically, we propose a new key-insulated ABE (KI-ABE) scheme as a solution to the key exposure problem. The definition and security model of KI-ABE is proposed. Then, a KI-ABE scheme is presented, which is provably secure under the proposed model. The scheme is secure in the remaining time periods against an adversary who compromises the insecure device and obtains secret keys for the periods of its choice. Finally, we show that the scheme also supports user delegation, which is critical when one wants to delegate part of attributes (privileges) to others.

Zhen Liu,Duncan S. Wong,Jack Poon

DOI: https://doi.org/10.1145/2897845.2897849

2016-01-01

Abstract:In Identity-Based Encryption (IBE) system, the Private Key Generator (PKG) holds the master secret key and is responsible for generating private keys for the users. This incurs the key-escrow problem, i.e. the PKG can decrypt any user' any ciphertexts without any possible detection. Also, compromising the master secret key will enable an adversary to do anything to the whole system, and having the master secret key be unavailable implies that new users cannot obtain private keys from the PKG, and existing users cannot get their private keys back from the PKG when they lost them. To address the key-escrow problem and protect the master secret key as much as possible with strong security and availability, distributed PKG protocols supporting threshold policy have been adopted in some IBE schemes. In this paper, we propose a distributed PKG protocol that supports the policy to be any monotonic access structures. Also, we propose the first distributed PKG protocol that supports the dynamic changes of the PKGs and the policy, while remaining the master secret key unchanged. The two protocols do not need any third party acting as a trusted dealer to present, and the master secret key should never be generated or resided in any one single site. The protocols are applicable to a generic IBE template, which covers many existing important IBE schemes. When applied to this generic type of IBE schemes, the two distributed PKG protocols do not affect the encryption and decryption algorithms, and only each user knows his own private key.

Li Lu,Lei Hu

2006-01-01

Abstract:The growth of the Internet has triggered tremendous opportunities for broadcast service. However, the security issue of the broadcast has not been properly addressed. In this paper, we propose a new multi-recipient public key encryption scheme called ”Pairing-Based Multi-Recipient Encryption” (PBMRE)to achieve a secure broadcast transmission. In PBMRE, a ciphertext encrypted by an encryption key can be decrypted by a number of decryption keys. Therefore, PBMRE can be applied to broadcast sensitive information in a unsafe distributed environment. The proposed scheme is novelly constructed on weil pairing on elliptic curve and the Shamir’s secrets sharing scheme [2]. We also proved that the security strength of our scheme is relative to ”Gap Bilinear Diffie-Hellman Assumption” (Gap-BDH), which is extremely difficult to compromise.

Zhen Liu,Guomin Yang,Duncan S. Wong,Khoa Nguyen,Huaxiong Wang,Xiaorong Ke,Yining Liu

DOI: https://doi.org/10.1109/tdsc.2021.3078463

2018-01-01

Abstract:Since the introduction of Bitcoin in 2008, cryptocurrency has been undergoing a quick and explosive development. At the same time, privacy protection, one of the key merits of cryptocurrency, has attracted much attention by the community. A deterministic wallet algorithm and a stealth address algorithm have been widely adopted in the community, due to their virtues on functionality and privacy protection, which come from a key derivation mechanism that an arbitrary number of derived keys can be generated from a master key. However, these algorithms suffer a vulnerability. In particular, when a minor fault happens (say, one derived key is compromised somehow), the damage is not limited to the leaked derived key only, instead, it spreads to the master key and all derived keys are compromised. In this paper, to provide a formal treatment for the problem, we introduce and formalize a new signature variant, called Key-Insulated and Privacy-Preserving Signature Scheme with Publicly Derived Public Key (PDPKS), which forms a convenient and robust cryptographic tool for offering the virtues of deterministic wallet and stealth address, while eliminating the security vulnerabilities. Specifically, PDPKS allows anyone to derive new signature verification keys for a user, say Alice, based on her long-term public key, while only Alice can derive the signing keys corresponding to those verification keys. In terms of privacy, given a derived verification key and valid signatures with respect to it, an adversary is not able to tell which long-term public key, out of a set of known long-term public keys, is the one from which the verification key was derived. A distinguishing security feature of PDPKS, with the above functionality and privacy features, is that the derived keys are independent/insulated from each other, namely, compromising the signing key associated with a verification key does not allow an adversary to forge a valid signature for another verification key, even if both verification keys are derived from the same long-term public key. We formalize the notion of PDPKS and propose a practical and proven secure construction, which could be a convenient and secure cryptographic tool for building privacy-preserving cryptocurrencies and supporting promising use cases in practice, as it can be used to implement secure stealth addresses, and can be used to implement deterministic wallets and the related appealing use cases, without security concerns.

Chunxiang Xu,Junhui Zhou,Zhiguang Qin

2005-01-01

Abstract:Most recently, Lee B. et al proposed a key issuing protocol for ID-based cryptography to solve the key escrow problem. However in this letter, we show that a malicious key generation center (KGC) can successfully attack the protocol to obtain users' private keys. This means that in the protocol, the key escrow problem isn't really removed.

Wei Wang,Dongli Liu,Zilin Zheng,Peng Xu,Laurence Tianruo Yang

DOI: https://doi.org/10.1109/tifs.2024.3452548

IF: 7.231

2024-09-14

IEEE Transactions on Information Forensics and Security

Abstract:Public key Encryption with Keyword Search (PEKS) has emerged as a solution for the receiver to securely search the sender's encrypted data on the cloud. However, the PEKS scheme is threatened by the Keyword Guessing Attack (KGA), which leaks the receiver's keyword privacy. To resist KGA, researchers have inherited the authentication mechanism into the PEKS system (PAEKS) but also forbid using one trapdoor to search all sender's encrypted data. In this paper, we explore the KGA problem from grouping senders and propose the notion of Identity-based Group Encryption with Keyword Search (IBGEKS), which leverages Identity-based cryptography to securely search encrypted data. Compared with the PAEKS scheme, the IBGEKS scheme can search the sender's ciphertexts within the same group established by the receiver via one receiver's trapdoor. For security, we analyze the KGA problem and propose ciphertexts, identities, and trapdoors indistinguishability for IBGEKS. The evaluation depicts that the IBGEKS has competitive algorithm performance with other SA-PEKS and PAEKS schemes and has superior search performance on the Enron email dataset.

computer science, theory & methods,engineering, electrical & electronic

Marija Mikic,Mihajlo Srbakoski

2024-09-16

Abstract:Protecting the privacy of blockchain transactions is extremely important for users. Stealth address protocols (SAP) allow users to receive assets via stealth addresses that they do not associate with their stealth meta-addresses. SAP can be generated using different cryptographic approaches. DKSAP uses an elliptic curve multiplication and hashing of the resulting shared secret. Another approach is to use a elliptic curve pairing. This paper presents four SA protocols that use elliptic curve pairing as a cryptographic solution. ECPDKSAPs are pairing-based protocols that include viewing key and spending key, while ECPSKSAP is a pairing-based protocol that uses a single key with which spending and the viewing key are derived. We find that ECPDKSAPs give significantly better results than DKSAP with the view tag. The best results are achieved with Protocol 3 (Elliptic Curve Pairing Dual Key Stealth Address Protocol), which is Ethereum-friendly. ECPSKSAP is significantly slower, but it provides an interesting theoretical result as it uses only one private key.

Cryptography and Security

Tao Yang,Liyong Tang,Lingbo Kong,Zhong Chen

DOI: https://doi.org/10.1109/fskd.2012.6233869

2012-01-01

Abstract:Recently, distributed online social networks (OSNs) are developed to address the security and privacy issues in centralized OSNs. Identity based cryptography (IBC) was introduced into distributed OSNs recently for better identity verification and authentication purposes. However, current IBC-based solutions in OSNs could not address the problem of secure private key issuing. In this paper we propose PEKING: a novel Pivacy Enhanced Key IssuiNG scheme for distributed online social networks using IBC. Our scheme adopts key generate center (KGC) and key privacy assistants (PAs) to issue keys to peers securely. In the scheme, PAs can be selected from users' friends. Neither KGC nor PAs can impersonate the users to obtain the private keys. Furthermore, to maintain the security of PAs, we develop a scheme to authenticate PAs using Byzantine fault tolerance protocol. The experimental results show that PEKING performs effectively and efficiently, and is able to support large scale networks.

Haorui Du,Jianhua Chen,Ming Chen,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2336685

2022-10-21

Wireless Communications and Mobile Computing

Abstract:Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver's public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user's search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Anushree Belel,Ratna Dutta,Sourav Mukhopadhyay

DOI: https://doi.org/10.1007/s11042-024-18626-w

IF: 2.577

2024-02-29

Multimedia Tools and Applications

Abstract:With the advancement of technology, Multimedia Social Networks (MSN) have become one of the most promising platforms for managing and sharing multimedia content. The user outsources sensitive content to the Multimedia Social Networks Service Provider (MSNSP). The MSNSP accumulates data in the network, and the user can process and share content like files, audios, and videos with other users through MSN such as YouTube, Vimeo, Flicker, Google Video, Cloud Drive, and so on. Despite receiving wide attention, two main drawbacks regarding MSN platforms are user privacy and data security. Ciphertext-policy attribute-based encryption (CP-ABE) is an appealing cryptographic primitive that plays the principal role for fine-grained access control on encrypted content, thus resolving security and privacy issues smoothly. Recently, there has been a trend to design ABE schemes incorporating a variety of additional properties. In this paper, we have assimilated revocability and key-homomorphic property in ciphertext-policy attribute-based key encapsulation mechanism (CP-ABKEM). Our designs are the first to achieve these additional two properties concurrently in an attribute-based setting. We have provided two instantiations of key-homomorphic revocableCP-ABKEM - one is selective secure against chosen-plaintext attack (CPA) in the standard model under the hardness of the q-decisional bilinear Diffie-Hellman exponent (q-DBDHE) problem, while the other achieves selective CPA security in the random oracle model under the hardness of the n-multilinear decisional Diffie-Hellman (n-MDDH) problem. Furthermore, our first scheme performs better than existing similar schemes in terms of communication overhead and master secret key size. As an advanced version of CP-ABKEM, our proposal is significant and may be utilized for various privacy-preserving protocols.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Yanli Ren,Shuozhong Wang,Xinpeng Zhang

DOI: https://doi.org/10.6138/jit.2011.12.4.13

2011-01-01

Abstract:The problem of key-exposure is an important issue in modern society due to the growing use of mobile devices. Weng et al. proposed an identity-based parallel key-insulated encryption (IBPKIE) scheme to solve the key-exposure problem in an identity-based cryptosystem. The scheme has long public parameters and a loose security reduction. Ren et al. presented a new IBPKIE scheme which had constant size public parameters and a tight reduction, and then extended it to a hierarchical IBPKIE (HIBPKIE) scheme. However, Wang et al. analyzed two schemes of Ren et al. and showed that they are not secure against chosen-plaintext attack. In this paper, we propose an improved IBPKIE scheme which achieves IND-ID-KI-CPA security without random oracles. Moreover, our scheme has short public parameters and a tight reduction. We then present an HIBPKIE scheme which achieves IND-sID-KI-CPA security without random oracles. In this scheme, the ciphertext size is independent of the level of the hierarchy in the HIBPKIE scheme.

ZHANG Qiu-yu,WANG Rui-fang,YU Dong-mei,ZHANG Qi-kun

2007-01-01

Journal of Computer Applications

Abstract:An ID based key management scheme based on the bilinear property of Weil pairing defend on elliptic curve was proposed.The scheme used Key Generation Center(KGC) and Key Gene Combination Center(KGCC) to accomplish key management and generation.To avoid security problems caused by single independent key management,KGCC used seeded public key and private key mapping technology to mitigate the load of storage and improve the security of system.The analysis shows that this scheme is more efficient,lightweight,secure and stronger in anti-attack than traditional scheme.

Jian-Wu Zheng,Jing Zhao,Xin-Ping Guan

DOI: https://doi.org/10.14257/ijsia.2016.10.6.21

2016-01-01

International Journal of Security and Its Applications

Abstract:In traditional hierarchical identity based cryptosystems (HIBC), non-leaf entities as level PKGs are usually capable of deriving private keys for their descendants with use of their private keys, non-leaf entities can therefore act (decrypt or sign) on the behalf of their arbitrary descendants. This is called key escrow problem of HIBC. In order to resolve key escrow problem, a new technique - Identifier Discrimination is proposed in this paper for composing private keys for entities in hierarchy. With the technique, an identity selective secure HIBE scheme is constructed under Decisional Bilinear Diffie-Helleman (DBDH) assumption in standard security model, in which any identity is incapable of deriving private keys for any of its descendants with use of its private key, and the privilege of generating private keys for each individual descendant is delegated by the root PKG through authorization, that we call Authorization Delegation. Moreover, a new hierarchical identity based signature (HIBS) scheme is constructed from our HIBE construction, by applying Naor transformation of an identity-based signature (IBS) out of an IBE. Because of the inability of deriving its descendants' private keys with use its private key, an entity therefore cannot sign messages on behalf of any of its descendants, thus guaranteeing that authenticity and non-repudiation properties are achieved in our HIBS system.

Setareh Sharifian,Reihaneh Safavi-Naini

DOI: https://doi.org/10.48550/arXiv.2102.02243

2021-02-03

Cryptography and Security

Abstract:A hybrid encryption scheme is a public-key encryption system that consists of a public-key part called the key encapsulation mechanism (KEM), and a (symmetric) secret-key part called data encapsulation mechanism (DEM): the public-key part is used to generate a shared secret key between two parties, and the symmetric key part is used to encrypt the message using the generated key. Hybrid encryption schemes are widely used for secure communication over the Internet. In this paper, we initiate the study of hybrid encryption in preprocessing model which assumes access to initial correlated variables by all parties (including the eavesdropper). We define information-theoretic KEM (iKEM) that, together with a (computationally) secure DEM, results in a hybrid encryption scheme in preprocessing model. We define the security of each building block, and prove a composition theorem that guarantees (computational) qe-chosen plaintext (CPA) security of the hybrid encryption system if the iKEM and the DEM satisfy qe-chosen encapculation attack and one-time security, respectively. We show that iKEM can be realized by a one-way SKA (OW-SKA) protocol with a revised security definition. Using an OW-SKA that satisfies this revised definition of security effectively allows the secret key that is generated by the OW-SKA to be used with a one-time symmetric key encryption system such as XORing a pseudorandom string with the message, and provide qe-CPA security for the hybrid encryption system.We discuss our results and directions for future work.

Hao-Miao Yang,Chun-Xiang Xu,Hong-Tian Zhao

DOI: https://doi.org/10.1109/IMCCC.2011.227

2011-01-01

Abstract:The notion of Public Key Encryption with Keyword Search (PEKS), which enables one to search encrypted data in public key setting, was firstly suggested by Boneh et al. in 2004. So far most of presented PEKS schemes were constructed based on bilinear pairing. However, PEKS schemes based on pairing are susceptible to off-line keyword guessing attacks. In ICCSA 2006, Khader proposed a PEKS scheme not using pairing. In this paper, we show that Khader' scheme do not satisfy the consistency which is necessary for a PEKS scheme to fulfill its functionality. Then, we propose a variant of Khader scheme which is not only computationally consistent but also greatly improves efficiency.

Liang Ni,GongLiang Chen,JianHua Li,YanYan Hao

DOI: https://doi.org/10.1007/s11432-011-4520-4

IF: 3.218

2012-01-01

Computers & Mathematics with Applications

Abstract:Escrowable identity-based authenticated key agreement(AKA) protocols are desirable under certain circumstances especially in certain closed groups applications.In this paper,we focus on two-party identitybased AKA schemes in the escrow mode,and present a strongly secure escrowable identity-based AKA protocol which captures all basic desirable security properties including perfect forward secrecy,ephemeral secrets reveal resistance and so on.The protocol is provably secure in the extended Canetti-Krawczyk model,and its security can be reduced to the standard computational bilinear Diffie-Hellman assumption in the random oracle model.Assuming no adversary can obtain the master private key for the escrow mode,our scheme is secure as long as each party has at least one uncompromised secret.Also,we present two strongly secure variants of the protocol,which are computationally more efficient than the original scheme.

Xiuxia Tian,Ling Huang,Tony Wu,Xiaoling Wang,Aoying Zhou

DOI: https://doi.org/10.1109/icde.2016.7498383

2016-05-01

Abstract:Outsourcing keys (including passwords and data encryption keys) to professional password managers (honest-but-curious service providers) is attracting more and more attention from the researchers and users in the era of cloud computing. However, existing solutions in traditional data outsourcing scenario are unable to simultaneously meet the following three security requirements for keys outsourcing: 1)Confidentiality and privacy of keys; 2)Search privacy on identity attributes tied to keys; 3)Owner controllable authorization over his/her shared keys. In this paper, we propose CloudKeyBank, the first unified key management framework that addresses all the three goals above. To implement CloudKeyBank efficiently, we propose a new cryptographic primitive named Searchable Conditional Proxy Re-Encryption (SC-PRE) which combines the techniques of Hidden Vector Encryption (HVE) and Proxy Re-Encryption (PRE) seamlessly.

Shucheng Yu,Kui Ren,Wenjing Lou,Jin Li

DOI: https://doi.org/10.1007/978-3-642-05284-2_18

2009-01-01

Abstract:Key-Policy Attribute-Based Encryption (KP-ABE) is a promising cryptographic primitive which enables fine-grained access control over sensitive data. However, key abuse attacks in KP-ABE may impede its wide application especially in copyright-sensitive systems. To defend against this kind of attacks, this paper proposes a novel KP-ABE scheme which is able to disclose any illegal key distributor's ID when key abuse is detected. In our scheme, each bit of user ID is defined as an attribute and the user secret key is associated with his unique ID. The tracing algorithm fulfills its task by tricking the pirate device into decrypting the ciphertext associated with the corresponding bits of his ID. Our proposed scheme has the salient property of black box tracing, i.e., it traces back to the illegal key distributor's ID only by observing the pirate device's outputs on certain inputs. In addition, it does not require the pirate device's secret keys to be well-formed as compared to some previous work. Our proposed scheme is provably secure under the Decisional Bilinear Diffie-Hellman (DBDH) assumption and the Decisional Linear (DL) assumption.