Jinfei Liu,Li Xiong,Jun Luo

2013-01-01

Abstract:In this paper we illustrate a privacy framework named Indistinguishabley Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party computation. We introduce three representative privacy notions in the literature, Bayes-optimal privacy for privacy preserving data publishing, differential privacy for statistical data release, and privacy w.r.t. semi-honest behavior in the secure multi-party computation setting, and prove they are equivalent. To the best of our knowledge, this is the first work that illustrates the relationships of these privacy definitions and unifies them through one framework.

TIAN Yuan,DENG Lu-yao,ZHANG Hao

2009-01-01

Journal of Communications

Abstract:In applications of public-key encryption schemes, anonymity(key-privacy) as well as security(data-privacy) is useful and widely desired.Recently Canetti-Halevi-Katz proposed a generic and elegant IBE-based construction for(tra-ditional) public-key encryption, whose performance was improved by another construction proposed by Boneh-Katz.To analyze such two constructions' anonymity, two new and generic concepts in IBE scheme,"master-key anonymity"and"relevant master-key anonymity"were proposed and two different sufficient conditions for chosen-ciphertext anonymity were proved for Canetti-Halevi-Katz and Boneh-Katz constructions.

Qian Wang,Zhiwei Xu,Shengzhi Qu

DOI: https://doi.org/10.4304/jsw.6.10.1945-1952

2011-01-01

Journal of Software

Abstract:k-anonymity is an important model in the field of privacy protection and it is an effective method to prevent privacy disclosure in micro-data release. However, it is ineffective for the attribute disclosure by the homogeneity attack. The existing models based on k-anonymity have solved this problem to a certain extent, but they did not distinguish the different values of the sensitive attribute, processed a series of unnecessary generalization and expanded the information loss when they protect the sensitive attribute. Based on k-anonymity, this paper proposed a model based on average leakage probability and probability difference of sensitive attribute value. It is not only an effective method to deal with the problem of attributes disclosure that k-anonymity cannot deal, but also to realize different levels of protection to the various sensitive attribute values. It has reduced the generalization to the data in the most possibility during the procedure and ensures the most effectiveness of quasi-identifier attributes. Greedy generalization algorithm based on the generalization information loss is also proposed in this paper. To choose the generalization attributes, the information loss is considered and the importance of generalization attribute to sensitive attribute is accounted as well. Comparison experiment and performance experiment are made to the proposed model. The experiment results show that the model is feasible.

Chung Ki Li,Guomin Yang,Duncan S. Wong,Xiaotie Deng,Sherman S. M. Chow

2007-01-01

Abstract:In Information Processing Letters 2006, Tan pointed out that the anonymous signcryption scheme proposed by Yang, Wong and Deng (YWD) in ISC 2005 provides neither confidentality nor anonymity. However, no discussion has been made on whether YWD scheme can be made secure. In this paper, we propose a modification of YWD scheme which resolves the security issues of the original scheme without sacrificing its high efficiency and simple design. Indeed, we show that our scheme achieves confidentiality, existential unforgeability and anonymity with more precise reduction bounds. In addition, our scheme further improves the efficiency when compared with YWD, with reduced number of operations for both signcryption and de-signcryption.

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Chung Ki Li,Guomin Yang,Duncan S. Wong,Xiaotie Deng,Sherman S. M. Chow

DOI: https://doi.org/10.1007/978-3-540-73408-6_6

2007-01-01

Abstract:In Information Processing Letters 2006, Tan pointed out that the anonymous signcryption scheme proposed by Yang, Wong and Deng (YWD) in ISC 2005 provides neither confidentality nor anonymity. However, no discussion has been made on whether YWD scheme can be made secure. In this paper, we propose a modification of YWD scheme which resolves the security issues of the original scheme without sacrificing its high efficiency and simple design. Indeed, we show that our scheme achieves confidentiality, existential unforgeability and anonymity with more precise reduction bounds. In addition, our scheme further improves the efficiency when compared with YWD, with reduced number of operations for both signeryption and de-signcryption.

Shiyu Ji,Kun Wan

DOI: https://doi.org/10.48550/arXiv.1703.08269

2017-03-24

Abstract:In this paper we compare the performance of various homomorphic encryption methods on a private search scheme that can achieve $k$-anonymity privacy. To make our benchmarking fair, we use open sourced cryptographic libraries which are written by experts and well scrutinized. We find that Goldwasser-Micali encryption achieves good enough performance for practical use, whereas fully homomorphic encryptions are much slower than partial ones like Goldwasser-Micali and Paillier.

Cryptography and Security

Zhengan Huang,Junzuo Lai,Shuai Han,Lin Lyu,Jian Weng

DOI: https://doi.org/10.1007/978-3-031-22969-5_15

2022-01-01

Abstract:Anonymity of public key encryption (PKE) requires that, in a multi-user scenario, the PKE ciphertexts do not leak information about which public keys are used to generate them. Corruptions are common threats in the multi-user scenario but anonymity of PKE under corruptions is less studied in the literature. In TCC 2020, Benhamouda et al. first provide a formal characterization for anonymity of PKE under a specific type of corruption. However, no known PKE scheme is proved to meet their characterization. To the best of our knowledge, all the PKE application scenarios which require anonymity also require confidentiality. However, in the work by Benhamouda et al., different types of corruptions for anonymity and confidentiality are considered, which can cause security pitfalls. What's worse, we are not aware of any PKE scheme which can provide both anonymity and confidentiality under the same types of corruptions. In this work, we introduce a new security notion for PKE called ANON-RSOk&C security, capturing anonymity under corruptions. We also introduce SIM-RSOk&C security which captures confidentiality under the same types of corruptions. We provide a generic framework of constructing PKE scheme which can achieve the above two security goals simultaneously based on a new primitive called key and message non-committing encryption (KM-NCE). Then we give a general construction of KM-NCE utilizing a variant of hash proof system (HPS) called Key-Openable HPS. We also provide Key-Openable HPS instantiations based on the matrix decisional Diffie-Hellman assumption. Therefore, we can obtain various concrete PKE instantiations achieving the two security goals in the standard model with compact ciphertexts. Furthermore, for some PKE instantiation, its security reduction is tight.

Guomin Yang,Duncan S. Wong,Xiaotie Deng

DOI: https://doi.org/10.1007/11556992_16

2005-01-01

Abstract:In PKC'04, a signcryption scheme with key privacy was proposed by Libert and Quisquater. Along with the scheme, some security models were defined with regard to the signcryption versions of confidentiality, existential unforgeability and ciphertext anonymity (or key privacy). The security of their scheme was also claimed under these models. In this paper, we show that their scheme cannot achieve the claimed security by demonstrating an insider attack which shows that their scheme is not semantically secure against chosen ciphertext attack (not even secure against chosen plaintext attack) or ciphertext anonymous. We further propose a revised version of their signcryption scheme and show its security under the assumption that the gap Diffie-Hellman problem is hard. Our revised scheme supports parallel processing that can help reduce the computation time of both signcryption and de-signcryption operations.

Guomin Yang,Duncan S. Wong,Xiaotie Deng,Huaxiong Wang

DOI: https://doi.org/10.1007/11745853_23

2006-01-01

Abstract:Digital signature is one of the most important primitives in public key cryptography. It provides authenticity, integrity and non- repudiation to many kinds of applications. On signer privacy however, it is generally unclear or suspicious of whether a signature scheme itself can guarantee the anonymity of the signer. In this paper, we give some armative answers to it. We formally define the signer anonymity for digital signature and propose some schemes of this type. We show that a signer anonymous signature scheme can be very useful by proposing a new anonymous key exchange protocol which allows a client Alice to establish a session key with a server Bob securely while keeping her iden- tity secret from eavesdroppers. In the protocol, the anonymity of Alice is already maintained when Alice sends her signature to Bob in clear, and no additional encapsulation or mechanism is needed for the signa- ture. We also propose a method of using anonymous signature to solve the collusion problem between organizers and reviewers of an anonymous paper review system.

Huang Neng

2024-10-23

Abstract:Privacy computing involves the extensive exchange and processing of encrypted data. For the parties involved in these interactions, how to determine the consistency of exchanged data without accessing the original data, ensuring tamper resistance, non-repudiation, quality traceability, indexing, and retrieval during the use of encrypted data, which is a key topic of achieving "Data Availability versus Visibility". This paper proposes a new type of homomorphism: Feature Homomorphism, and based on this feature, introduces a cryptographic scheme for data verification under ciphertext-only conditions. The proposed scheme involves designing a group of algorithms that meet the requirements outlined in this paper, including encryption/decryption algorithms and Feature Homomorphic Algorithm. This group of algorithms not only allows for the encryption and decryption of data but also ensures that the plaintext and its corresponding ciphertext, encrypted using the specified encryption algorithm, satisfy the following property: the eigenvalue of the plaintext obtained using the Feature Homomorphic Algorithm is equal to the eigenvalue of the ciphertext obtained using the same algorithm. With this group of algorithms, it is possible to verify data consistency directly by comparing the eigenvalues of the plaintext and ciphertext without accessing the original data (i.e., under ciphertext-only conditions). This can be used for tamper resistance, non-repudiation, and quality traceability. Additionally, the eigenvalue can serve as a ciphertext index, enabling searchable encryption. This scheme completes a piece of the puzzle in homomorphic encryption. Keywords: Privacy Computing, Data Consistency, Searchable Encryption, Zero-Knowledge Proof, Feature Homomorphism

Cryptography and Security

Yuxin Deng

DOI: https://doi.org/10.1016/j.entcs.2005.05.047

2007-01-01

Electronic Notes in Theoretical Computer Science

Abstract:Anonymity means that the identity of the user performing a certain action is maintained secret. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically. In this paper we propose a notion of weak probabilistic anonymity, where weak refers to the fact that some amount of probabilistic information may be revealed by the protocol. This information can be used by an observer to infer the likeliness that the action has been performed by a certain user. The aim of this work is to study the degree of anonymity that the protocol can still ensure, despite the leakage of information. We illustrate our ideas by using the example of the dining cryptographers with biased coins. We consider both the cases of nondeterministic and probabilistic users. Correspondingly, we propose two notions of weak anonymity and we investigate their respective dependencies on the biased factor of the coins.

Yanli Ren,Shuozhong Wang,Xinpeng Zhang,Zhenxing Qian

DOI: https://doi.org/10.1109/mines.2010.96

2010-01-01

Abstract:Anonymous identity-based encryption systems can be used to protect users’ privacy and construct Public key Encryption with Keyword Search (PEKS) schemes where the ciphertext does not leak the identity of the recipient. Currently, there is no anonymous IBE scheme that is fully secure under simple assumptions without random oracles. In this paper, we propose an anonymous IBE scheme using the approach of Dual System Encryption. The scheme is fully secure without random oracles based on decisional bilinear Diffie-Hellman (BDH) and linear assumptions, and the security reduction is tight. These two assumptions are simple and our scheme is more secure than the previous anonymous IBE schemes.

Yuh-Min Tseng,Tung-Tso Tsai,Sen-Shan Huang,Ting-Chieh Ho

DOI: https://doi.org/10.1109/access.2024.3368442

IF: 3.9

2024-03-02

IEEE Access

Abstract:By side-channel attacks, a fraction part of secret keys used in cryptographic schemes could be leaked to adversaries. Recently, adversaries have realized practical side-channel attacks so that these existing cryptographic schemes could be broken. Indeed, researchers have invested and proposed a good approach to withstand such attacks, called as leakage-resilient cryptography. Very recently, several leakage-resilient anonymous multi-receiver encryption (LR-AMRE) schemes based on various public-key systems were also proposed. However, these LR-AMRE schemes are not suitable for a heterogeneous public-key environment under which an authorized receiver group includes heterogeneous receivers under various PKS settings and these receivers have various types of secret/public key pairs. In this article, we propose the leakage-resilient anonymous heterogeneous multi-receiver hybrid encryption (LR-AHMR-HE) scheme for the heterogeneous public-key system settings. A new framework and associated adversary games of the LR-AHMR-HE scheme are defined. In the adversary games, adversaries are admitted to continuously intercept a fraction part of secret keys. Under the adversary games, formal security proofs are provided to show that the proposed scheme is secure against two types of adversaries (illegitimate user and malicious authority). Comparisons with several related previous schemes are demonstrated to present the merits of our scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yu Chen,Zongyang Zhang,Dongdai Lin,Zhenfu Cao

DOI: https://doi.org/10.1002/sec.827

2016-01-01

Abstract:In this work, we generalize the paradigm of the hash proof system HPS proposed by Cramer and Shoup EUROCRYPT 2002. In the center of our generalization, we lift a subset membership problem to a distribution-distinguishing problem. Our generalized HPS clarifies and encompasses all the known public-key encryption PKE schemes that essentially implement the idea of an HPS. Moreover, besides the existing smoothness property, we introduce an additional property named anonymity for HPS. As a natural application, we consider anonymity for PKE in the presence of key leakage and provide a generic construction of leakage-resilient anonymous PKE from an anonymous HPS. We then extend our generalization to the identity-based setting. Concretely, we generalize the paradigm of the identity-based HPS IB-HPS proposed by Bonehet al. FOCS 2007 and Alwenet al. EUROCRYPT 2010 and introduce anonymity for it. As an interesting application of the anonymous IB-HPS, we consider security for PKE with keyword search PEKS in the presence of token leakage and provide a generic construction of leakage-resilient secure PEKS from leakage-resilient anonymous identity-based encryption, which in turn is based on anonymous IB-HPS. Copyright © 2013 John Wiley & Sons, Ltd.

Zude Li,Xiaojun Ye

DOI: https://doi.org/10.4018/jisp.2008100101

2008-01-01

International Journal of Information Security and Privacy

Abstract:This article introduces a formal study on access-unrestricted data anonymity. It includes four aspects: (1) analyzes the impacts of anonymity on data usability; (2) quantitatively measures privacy disclosure risks in practical environment; (3) discusses the factors resulting in privacy disclosure; and (4) proposes the improved anonymity solutions within typical k-anonymity model, which can effectively prevent privacy disclosure that is related with the published data properties, anonymity principles, and anonymization rules. With the experiments, the authors have proven the existence of these potential privacy inference violations as well as the enhanced privacy effect by the new anti-inference policies for access-unrestricted data publication.

Xiaojun Ye,Yawei Zhang,Ming Liu

DOI: https://doi.org/10.1109/WAIM.2008.22

2008-01-01

Abstract:One important privacy principle is that an individual has the freedom to decide his/her own privacy preferences, which should be taken into account when data holders release their privacy preserving micro data. Nevertheless, current related k-anonymity model research focuses on protecting individual private information by using pre-defined constraint parameters specified by data holders. This paper introduces a personalized (α, k) model by introducing a vector for describing individual personalized privacy requirements corresponding to each value in the domain of sensitive attributes by data respondents, and propose an efficiency anonymization algorithm which combines the top down specialization for quasi-identifier anonymization and the local recoding technique for the sensitive attribute generalization based on its attribute taxonomy tree. Experimental results show that this approach can meet better personalized privacy requirements and keep the information loss low.

Jing Jia,Kenta Saito,Hiroaki Nishi

2023-10-19

Abstract:Smart cities, which can monitor the real world and provide smart services in a variety of fields, have improved people's living standards as urbanization has accelerated. However, there are security and privacy concerns because smart city applications collect large amounts of privacy-sensitive information from people and their social circles. Anonymization, which generalizes data and reduces data uniqueness is an important step in preserving the privacy of sensitive information. However, anonymization methods frequently require large datasets and rely on untrusted third parties to collect and manage data, particularly in a cloud environment. In this case, private data leakage remains a critical issue, discouraging users from sharing their data and impeding the advancement of smart city services. This problem can be solved if the computational entity can perform the anonymization process without obtaining the original plain text. This study proposed a hierarchical k-anonymization framework using homomorphic encryption and secret sharing composed of two types of domains. Different computing methods are selected flexibly, and two domains are connected hierarchically to obtain higher-level anonymization results in an efficient manner. The experimental results show that connecting two domains can accelerate the anonymization process, indicating that the proposed secure hierarchical architecture is practical and efficient.

Cryptography and Security

Pengtao Liu,Chengyu Hu,Shanqing Guo,Yilei Wang

DOI: https://doi.org/10.1109/waina.2015.27

2017-01-01

International Journal of High Performance Computing and Networking

Abstract:Memory attacks, inspired by recent realistic physical attacks, have broken many cryptographic schemes which were considered secure. In this paper, we consider the memory leakage resilience in anonymous identity-based encryption schemes. We construct a leakage-resilient anonymous identity based encryption scheme based on dual system encryption. Inspired by Lewko et al.'s techniques, our scheme is built in composite order groups which have four prime order subgroups and blind the public parameters and cipher texts using the random elements of same subgroup to achieve the anonymity. Moreover, we analyze the security of our scheme in the full adaptive-ID model rather than the selective-ID model.