Jie Chen,Hoon Wei Lim,San Ling,Le Su,Huaxiong Wang

DOI: https://doi.org/10.48550/arXiv.1210.6441

2012-10-24

Abstract:In Identity-Based Encryption (IBE) systems, key revocation is non-trivial. This is because a user's identity is itself a public key. Moreover, the private key corresponding to the identity needs to be obtained from a trusted key authority through an authenticated and secrecy protected channel. So far, there exist only a very small number of revocable IBE (RIBE) schemes that support non-interactive key revocation, in the sense that the user is not required to interact with the key authority or some kind of trusted hardware to renew her private key without changing her public key (or identity). These schemes are either proven to be only selectively secure or have public parameters which grow linearly in a given security parameter. In this paper, we present two constructions of non-interactive RIBE that satisfy all the following three attractive properties: (i) proven to be adaptively secure under the Symmetric External Diffie-Hellman (SXDH) and the Decisional Linear (DLIN) assumptions; (ii) have constant-size public parameters; and (iii) preserve the anonymity of ciphertexts---a property that has not yet been achieved in all the current schemes.

Cryptography and Security

Seunghwan Park,Dong Hoon Lee,Kwangsu Lee

DOI: https://doi.org/10.48550/arXiv.1610.07948

2016-10-26

Abstract:In identity-based encryption (IBE) systems, an efficient key delegation method to manage a large number of users and an efficient key revocation method to handle the dynamic credentials of users are needed. Revocable hierarchical IBE (RHIBE) can provide these two methods by organizing the identities of users as a hierarchy and broadcasting an update key for non-revoked users per each time period. To provide the key revocation functionality, previous RHIBE schemes use a tree-based revocation scheme. However, this approach has an inherent limitation such that the number of update key elements depends on the number of revoked users. In this paper, we propose two new RHIBE schemes in multilinear maps that use the public-key broadcast encryption scheme instead of using the tree-based revocation scheme to overcome the mentioned limitation. In our first RHIBE scheme, the number of private key elements and update key elements is reduced to $O(\ell)$ and $O(\ell)$ respectively where $\ell$ is the depth of a hierarchical identity. In our second RHIBE scheme, we can further reduce the number of private key elements from $O(\ell)$ to $O(1)$.

Cryptography and Security

Yanli Ren,Min Dong,Zhihua Niu,Xiaoni Du

DOI: https://doi.org/10.1155/2017/4892814

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:It is well known that the computation of bilinear pairing is the most expensive operation in pairing-based cryptography. In this paper, we propose a noninteractive verifiable outsourcing algorithm of bilinear pairing based on two servers in the one-malicious model. The outsourcer need not execute any expensive operation, such as scalar multiplication and modular exponentiation. Moreover, the outsourcer could detect any failure with a probability close to 1 if one of the servers misbehaves. Therefore, the proposed algorithm improves checkability and decreases communication cost compared with the previous ones. Finally, we utilize the proposed algorithm as a subroutine to achieve an anonymous identity-based encryption (AIBE) scheme with outsourced decryption and an identity-based signature (IBS) scheme with outsourced verification.

computer science, information systems,telecommunications

Benoît Libert,Damien Vergnaud

DOI: https://doi.org/10.48550/arXiv.0807.1775

2009-09-09

Abstract:At Crypto'07, Goyal introduced the concept of Accountable Authority Identity-Based Encryption as a convenient tool to reduce the amount of trust in authorities in Identity-Based Encryption. In this model, if the Private Key Generator (PKG) maliciously re-distributes users' decryption keys, it runs the risk of being caught and prosecuted. Goyal proposed two constructions: the first one is efficient but can only trace well-formed decryption keys to their source; the second one allows tracing obfuscated decryption boxes in a model (called weak black-box model) where cheating authorities have no decryption oracle. The latter scheme is unfortunately far less efficient in terms of decryption cost and ciphertext size. In this work, we propose a new construction that combines the efficiency of Goyal's first proposal with a very simple weak black-box tracing mechanism. Our scheme is described in the selective-ID model but readily extends to meet all security properties in the adaptive-ID sense, which is not known to be true for prior black-box schemes.

Cryptography and Security

Kai Zhang,Zirui Guo,Liangliang Wang,Lei Zhang,Lifei Wei

DOI: https://doi.org/10.1016/j.csi.2024.103848

IF: 3.721

2024-08-01

Computer Standards & Interfaces

Abstract:Provable Data Possession (PDP) has gained widespread adoption for ensuring the integrity of data in remote cloud storage, where a data owner can delegate a third party auditor (TPA) to perform data auditing. To eliminate key escrow problem or complicated certificate management in classic solutions, numerous certificateless PDP schemes have been proposed while they failed to achieve efficient user revocation and protect user identity privacy. Therefore, we propose ReCIP, a revocable certificateless PDP scheme with identity privacy, where a TPA can perform public data integrity batch verification for a user while learning no useful knowledge about user identity privacy. Technically, we introduce a new user revocation strategy that directly revokes users’ secret keys, with no correlation to the number of data blocks in place for revocation time cost. To further boost the efficiency of ReCIP, we employ a semi-generic online–offline strategy to obtain an online–offline ReCIP (ReCIPoo) to reduce the time cost of tag generation. Moreover, we conduct a formal security proof of ReCIP, where the security is reduced to simple computational Diffie–Hellman problem and discrete logistic problem. Compared to state-of-the-art solutions, our ReCIPoo achieves comparable computation and communication cost while still achieving user revocation and protecting user identity privacy.

computer science, software engineering, hardware & architecture

Wu Li-qiang,Yang Xiao-yuan,Zhang Min-qing,Wang Xu-an

DOI: https://doi.org/10.1007/s12652-021-02911-9

IF: 3.662

2021-02-16

Journal of Ambient Intelligence and Humanized Computing

Abstract:Identity-based proxy re-encryption (IB-PRE) can convert the ciphertext encrypted under Alice’s identity to Bob’s ciphertext of the same message by a semi-trusted proxy with the proper transformation key. The main purpose of our work is to enhance the security of IB-PRE. For outside attacks, all existing IB-PRE constructions from lattices have only achieved a limited or weak security model called IND-sID-CPA security. Therefore, by embedding re-encryption key generation and re-encryption algorithms appropriately in Agrawal et al.’s identity-based encryption scheme from lattices, we construct an IND-ID-CPA secure IB-PRE scheme over decisional learning with errors (LWE) under the standard model. For inside attacks, we propose a new primitive IB-VPRE by extending the basic IB-PRE scheme with a new functionality called re-encryption verifiability, meaning that a re-encrypted ciphertext receiver or a third party can verify whether the received ciphertext is correctly transformed from an original ciphertext or not, and thus can detect illegal activities of the proxy. We realize re-encryption verifiability using the homomorphic signature technique as a black box, making the resulting scheme non-interactive and quantum-immune after instanced by a lattice-based homomorphic signature scheme.

computer science, information systems,telecommunications, artificial intelligence

Genqing Bian,Rui Zhang,Bilin Shao

DOI: https://doi.org/10.1109/access.2022.3166920

IF: 3.9

2022-01-01

IEEE Access

Abstract:The remote data possession checking mechanism can effectively verify the integrity of outsourced data, which can usually be divided into public verification and private verification. The verifier of public verification can be any cloud user, while private verification can only be the data owner. However, in most practical situations, the data owner expects that only a specific verifier can perform integrity checking tasks and that verifier cannot gain any knowledge about the data. Yan et al. proposed a remote data possession checking scheme with the designated verifier, which can guarantee that only the designated verifier can check data integrity, whereas others cannot do it. However, this scheme relies on public key infrastructure technology and does not consider data privacy protection issues. To overcome these shortcomings, we propose an identity-based remote data possession checking scheme that satisfies the data owner's requirement to specify a unique verifier. Moreover, in this scheme, we use a random integer to blind data integrity proof to protect data privacy and use Merkle hash tree structure to achieve dynamic update of data. At the same time, our scheme can avoid the complex certificate management in public key infrastructure. We proved the safety of our scheme based on the discrete logarithm assumption and the computational Diffie-Hellman assumption. Theoretical analysis and experimental results show that our scheme is feasible and effective in practical applications.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yue Zhang,Jia Yu,Rong Hao,Cong Wang,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2018.2829880

2018-01-01

Abstract:Cloud storage auditing schemes for shared data refer to checking the integrity of cloud data shared by a group of users. User revocation is commonly supported in such schemes, as users may be subject to group membership changes for various reasons. Previously, the computational overhead for user revocation in such schemes is linear with the total number of file blocks possessed by a revoked user. The overhead, however, may become a heavy burden because of the sheer amount of the shared cloud data. Thus, how to reduce the computational overhead caused by user revocations becomes a key research challenge for achieving practical cloud data auditing. In this paper, we propose a novel storage auditing scheme that achieves highly-efficient user revocation independent of the total number of file blocks possessed by the revoked user in the cloud. This is achieved by exploring a novel strategy for key generation and a new private key update technique. Using this strategy and the technique, we realize user revocation by just updating the non-revoked group users' private keys rather than authenticators of the revoked user. The integrity auditing of the revoked user's data can still be correctly performed when the authenticators are not updated. Meanwhile, the proposed scheme is based on identity-base cryptography, which eliminates the complicated certificate management in traditional Public Key Infrastructure (PKI) systems. The security and efficiency of the proposed scheme are validated via both analysis and experimental results.

Xuecheng Ma,Xin Wang,Dongdai Lin

DOI: https://doi.org/10.48550/arXiv.1806.05943

2018-06-15

Abstract:Anonymous Identity-Based Encryption can protect privacy of the receiver. However, there are some situations that we need to recover the identity of the receiver, for example a dispute occurs or the privacy mechanism is abused. In this paper, we propose a new concept, referred to as Anonymous Identity-Based Encryption with Identity Recovery(AIBEIR), which is an anonymous IBE with identity recovery property. There is a party called the Identity Recovery Manager(IRM) who has a secret key to recover the identity from the ciphertext in our scheme. We construct it with an anonymous IBE and a special IBE which we call it testable IBE. In order to ensure the semantic security in the case where the identity recovery manager is an adversary, we define a stronger semantic security model in which the adversary is given the secret key of the identity recovery manager. To our knowledge, we propose the first AIBEIR scheme and prove the security in our defined model.

Cryptography and Security

Zhengyan Ding,Lu Han,Chao Zhang,Xizhao Luo,Bo Qin,Anjia Yang

DOI: https://doi.org/10.1109/jiot.2024.3357725

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Verifying the correctness of outsourcing computation is both cumbersome and expensive, and it also requires third-party verification if auditing or arbitrating is involved. Due to its complexities, users are likely to re-outsource the verification workload to trusted third-party vendors. Multiple outsourcing tasks increase the expense of communications and expose more vulnerabilities. To address this problem, we propose an identity-based strong designated verifier dual signature scheme with constrained-delegatability. The particular innovation lies in two aspects. Firstly, in cases where there are multiple parties involved, users can autonomously designate verifiers. Second, we first present the concept of constrained-delegatability, where a signature cannot be delegated to any other than the cloud service provider. In this scheme, a user can specify a trusted verifier for the dual signature co-signed by both him and the service provider on the outsourcing result. The provider cannot designate anyone else to check the signature. The proposed scheme is provably secure based on elliptic curve bilinear pairing and the hardness assumption of computational diffie-hellman and bilinear diffie-hellman problems. Moreover, our scheme simplifies the outsourcing process and reduces the total computational costs and communication time compared to previously reported ones.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chaowen Guan,Kui Ren,Fangguo Zhang,Florian Kerschbaum,Jia Yu

DOI: https://doi.org/10.1007/978-3-319-24174-6_11

2015-01-01

Abstract:Proofs-of-Retrievability enables a client to store his data on a cloud server so that he executes an efficient auditing protocol to check that the server possesses all of his data in the future. During an audit, the server must maintain full knowledge of the client's data to pass, even though only a few blocks of the data need to be accessed. Since the first work by Juels and Kaliski, many PoR schemes have been proposed and some of them can support dynamic updates. However, all the existing works that achieve public verifiability are built upon traditional public-key cryptosystems which imposes a relatively high computational burden on low-power clients (e.g., mobile devices).In this work we explore indistinguishability obfuscation for building a Proof-of-Retrievability scheme that provides public verification while the encryption is based on symmetric key primitives. The resulting scheme offers light-weight storing and proving at the expense of longer verification. This could be useful in apations where outsourcing files is usually done by low-power client and verifications can be done by well equipped machines (e.g., a third party server). We also show that the proposed scheme can support dynamic updates. At last, for better assessing our proposed scheme, we give a performance analysis of our scheme and a comparison with several other existing schemes which demonstrates that our scheme achieves better performance on the data owner side and the server side.

Qiang Li,Dengguo Feng,Liwu Zhang

DOI: https://doi.org/10.1109/GLOCOM.2012.6503225

2012-01-01

Abstract:As a new public key primitive, attribute-based encryption (ABE) is envisioned to be a promising tool for implementing fine-grained access control. When applying ABE schemes to practical applications, revocation mechanism is very necessary for any ABE schemes involving many users. Revocation for ABE schemes is a challenge issue since each attribute is conceivably shared by multiple users. Revocation of any single user would affect others who share his attributes. In this paper, we propose a KP-ABE scheme with fine-grained attribute revocation under the direct revocation model. In our scheme, we can revoke one attribute of a user instead of all attributes issued to him and the user can complete decryption as long as the unrevoked attributes of the user satisfy the access structure. The revocation does not affect any other user's private key. Moreover, our scheme supports an important property for achieving the user accountability to prevent illegal key sharing among colluding users. We show how to construct such a KP-ABE scheme with fine-grained attribute revocation and prove its security under the q-BDHE assumption in the standard model.

Jintong Sun,Fucai Zhou,Qiang Wang,Zi Jiao,Yun Zhang

DOI: https://doi.org/10.1016/j.jisa.2023.103438

IF: 4.96

2023-02-09

Journal of Information Security and Applications

Abstract:Private Set Intersection (PSI) is a fundamental cryptographic protocol with a wide range of application scenarios. It is the method that allows multiple parties who hold private data sets to calculate the intersection of their data without revealing any information other than the intersection to others. Cloud computing reduces computation and data management overhead by outsourcing such computations. However, since the cloud is not trustworthy, cryptographic methods need to be applied to maintain the confidentiality of outsourced datasets, and verifiable computing algorithms need to be used to detect the correctness of outsourced computations. But encryption reduces the availability, which creates challenges for PSI calculations. For the first time, this paper presents a revocable and verifiable private set intersection (RV-PSI) scheme, which provides an efficient verification function and a flexible authorization-revocation mechanism. RV-PSI enables data owners to exercise fine-grained access control over outsourced datasets in PSI computations. Security definitions of RV-PSI and corresponding proofs are provided in this paper. And we implement our scheme and report by performance evaluation results.

computer science, information systems

Junzuo Lai,Robert H. Deng,Shengli Liu,Jian Weng,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-55220-5_5

2015-01-01

Abstract:Security against selective opening attack (SOA) requires that in a multi-user setting, even if an adversary has access to all ciphertexts from users, and adaptively corrupts some fraction of the users by exposing not only their messages but also the random coins, the remaining unopened messages retain their privacy. Recently, Bellare, Waters and Yilek considered SOA-security in the identity-based setting, and presented the first identity-based encryption (IBE) schemes that are proven secure against selective opening chosen plaintext attack (SO-CPA). However, how to achieve SO-CCA security for IBE is still open. In this paper, we introduce a new primitive called extractable IBE and define its IND-ID-CCA security notion. We present a generic construction of SO-CCA secure IBE from an IND-ID-CCA secure extractable IBE with "One-Sided Public Openability"(1SPO), a collision-resistant hash function and a strengthened cross-authentication code. Finally, we propose two concrete constructions of extractable 1SPO-IBE schemes, resulting in the first simulation-based SO-CCA secure IBE schemes without random oracles.

Qianqian Xing,Baosheng Wang,Xiaofeng Wang,Jing Tao

DOI: https://doi.org/10.1371/journal.pone.0195204

IF: 3.7

2018-04-12

PLoS ONE

Abstract:Revocation functionality and hierarchy key delegation are two necessary and crucial requirements to identity-based cryptosystems. Revocable hierarchical identity-based encryption (RHIBE) has attracted a lot of attention in recent years, many RHIBE schemes have been proposed but shown to be either insecure or bounded where they have to fix the maximum hierarchical depth of RHIBE at setup. In this paper, we propose a new unbounded RHIBE scheme with decryption key exposure resilience and with short public system parameters, and prove our RHIBE scheme to be adaptively secure. Our system model is scalable inherently to accommodate more levels of user adaptively with no adding workload or restarting the system. By carefully designing the hybrid games, we overcome the subtle obstacle in applying the dual system encryption methodology for the unbounded and revocable HIBE. To the best of our knowledge, this is the first construction of adaptively secure unbounded RHIBE scheme.

Junzuo Lai,Robert H. Deng,Yunlei Zhao,Jian Weng

DOI: https://doi.org/10.1007/978-3-642-36095-4_21

2013-01-01

Abstract:At Crypto'07, Goyal introduced the notion of accountable authority identity-based encryption (A-IBE) in order to mitigate the inherent key escrow problem in identity-based encryption, and proposed two concrete constructions. In an A-IBE system, if the private key generator (PKG) distributes a decryption key or produces an unauthorized decryption box for a user maliciously, it runs the risk of being caught and sued in the court of law with the help of a tracing algorithm. Subsequent efforts focused on constructions of A-IBE schemes with enhanced security. In these A-IBE constructions, the tracing algorithm needs to take a user's decryption key as input. If the user lost his key or is deliberately uncooperative in court, then we cannot implicate the PKG or the user. An interesting open problem left by Goyal et al. at CCS'08 is to consider the possibility of tracing a decryption box using only a public tracing key, or with the assistance of a tracing authority. In this paper, we address this problem positively. We first extend the original model of A-IBE to accommodate public traceability, and then propose an A-IBE scheme in the new model. To the best of our knowledge, the proposed scheme is the first A-IBE with public traceability.

Faguo Wu,Wang Yao,Xiao Zhang,Zhiming Zheng

DOI: https://doi.org/10.1007/s11042-018-6330-9

IF: 2.577

2018-01-01

Multimedia Tools and Applications

Abstract:Identity-based signature schemes enable any pair of users to communicate securely and to verify each other’s identity without exchanging private or public keys, without keeping key directories, and without using the services of a third party. Such paradigms are very suitable for an emerging scenario of Multimedia Social Networks (MSNs), in which there are a large number of users, dynamic interaction and huge content sharing. A revocable identity-based signature(RIBS) scheme, proposed by Tsai et al., provides a revocation mechanism for controlling user’s access dynamically. To capture a realistic and efficient scenario, In 2017, XiaoYing Jia et al. introduced an additional important component, called Cloud Revocation Server(CRS), where most of the computations needed during key-updates are of loaded to the CRS. With the surprising development of quantum computation technology in recent years, IBS schemes mentioned above, based on conventional number theory problem, would become vulnerable. Recently, lattice-based cryptography schemes were proved to be secure against quantum attacks. Although such efficient RIBS scheme based on Computational Diffle-Hellam Problem(CDH) assumption has been proposed, all the lattice-based RIBS do not achieve this realistic and efficient property. In this paper, we propose the first lattice-based RIBS with outsourced Cloud Service Provider(CSP). In our scheme, a user’s private key is composed of both an partial private key and a time update key. The time update key is periodically updated by CSP and is transmitted over a public channel. Based on the hardness assumption of Short Integer Solution (SIS), we demonstrate that the proposed lattice-based RIBS scheme with outsourced revocation in cloud computing provides existential unforgeability against adaptive chosen-message attacks in the random oracle. As compared to the existing IBS schemes over lattices, our RIBS scheme has better performance in terms of energy consumption, signature size, signing key size, and the revocation mechanism with public channels. As the underlying lattice problem is intractable even for quantum computers, our scheme would work well in the quantum age.

Siyue Dong,Zhen Zhao,Baocang Wang,Wen Gao,Shanshan Zhang

DOI: https://doi.org/10.3390/electronics13071256

IF: 2.9

2024-03-29

Electronics

Abstract:Public key encryption with equality test (PKEET) is a cryptographic primitive that enables a tester to determine whether two ciphertexts encrypted with same or different public keys have been generated from the same message without decryption. Previous studies extended PKEET to public key encryption with designated-position fuzzy equality test (PKE-DFET), enabling testers to verify whether plaintexts corresponding to two ciphertexts are equal while ignoring specific bits at designated positions. In this work, we have filled the research gap in the identity-based encryption (IBE) cryptosystems for this primitive. Furthermore, although our authorization method is the all-or-nothing (AoN) type, it overcomes the shortcomings present in the majority of AoN-type authorization schemes. In our scheme, equality tests can only be performed between a ciphertext and a given plaintext. Specifically, even if a tester acquires multiple AoN-type authorizations, it cannot conduct unpermitted equality tests between users. This significantly reduces the risk of user privacy leaks when handling sensitive information in certain scenarios, while still retaining the flexible and simple characteristics of AoN-type authorizations. We use the Chinese national cryptography standard SM9-IBE algorithm to provide the concrete construction of our scheme, enhancing the usability and security of our scheme, while making deployment more convenient. Finally, we prove that our scheme achieves F-OW-ID-CCA security when the adversary has the trapdoor of the challenge ciphertext, and achieves IND-ID-CCA security when the adversary does not have the trapdoor of the challenge ciphertext.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yanli Ren,Ning Ding,Xinpeng Zhang,Haining Lu,Dawu Gu

DOI: https://doi.org/10.1145/2897845.2897881

2016-01-01

Abstract:The problem of securely outsourcing computation has received widespread attention due to the development of cloud computing and mobile devices. In this paper, we first propose a secure verifiable outsourcing algorithm of single modular exponentiation based on the one-malicious model of two untrusted servers. The outsourcer could detect any failure with probability 1 if one of the servers misbehaves. We also present the other verifiable outsourcing algorithm for multiple modular exponentiations based on the same model. Compared with the state-of-the-art algorithms, the proposed algorithms improve both checkability and efficiency for the outsourcer. Finally, we utilize the proposed algorithms as two subroutines to achieve outsource-secure polynomial evaluation and ciphertext-policy attributed-based encryption (CP-ABE) scheme with verifiable outsourced encryption and decryption.

Xin Wang,Shimin Li,Rui Xue

DOI: https://doi.org/10.1007/978-3-030-26834-3_16

2019-01-01

Abstract:Identity-based encryption (IBE) is an attractive primitive in modern cryptography. Cocks first gave an elegant construction of IBE under Quadratic Residuosity (QR) assumption. Unfortunately, its security works only in the Random Oracle (RO) model. In this work, we aim at providing Cock's scheme with provable security in the standard model. Specifically, we modify Cocks' scheme by explicitly instantiating the hash function using indistinguishability obfuscation in two different ways which yield two variants of Cocks' scheme. Their security are promised under well-defined selective-ID and adaptive-ID model respectively. As an additional contribution, we adapt the same method into the Boneh, LaVigne, Sabin (BLS) e(th) residuosity based IBE cryptosystem and obtain an adaptive chosen-ID secure scheme under Modified e(th) Residuosity (MER) assumption.