Information Security Practice and Experience 

About: Information Security Practice and Experience is an academic conference. The conference publishes majorly in the area(s): Encryption & Computer science. Over the lifetime, 441 publications have been published by the conference receiving 4324 citations.

Private query on encrypted data in multi-user settings

Abstract: Searchable encryption schemes allow users to perform keyword based searches on an encrypted database. Almost all existing such schemes only consider the scenario where a single user acts as both the data owner and the querier. However, most databases in practice do not just serve one user; instead, they support search and write operations by multiple users. In this paper, we systematically study searchable encryption in a practical multi-user setting. Our results include a set of security notions for multi-user searchable encryption as well as a construction which is provably secure under the newly introduced security notions.

Short linkable ring signatures for e-voting, e-cash and attestation

Abstract: A ring signature scheme can be viewed as a group signature scheme with no anonymity revocation and with simple group setup. A linkable ring signature (LRS) scheme additionally allows anyone to determine if two ring signatures have been signed by the same group member. Recently, Dodis et al. [18] gave a short (constant-sized) ring signature scheme. We extend it to the first short LRS scheme, and reduce its security to a new hardness assumption, the Link Decisional RSA (LD-RSA) Assumption. We also extend [18]'s other schemes to a generic LRS scheme and a generic linkable group signature scheme. We discuss three applications of our schemes. Kiayias and Yung [22] constructed the first e-voting scheme which simultaneously achieves efficient tallying, public verifiability, and write-in capability for a typical voter distribution under which only a small portion writes in. We construct an e-voting scheme based on our short LRS scheme which achieves the same even for all worst-case voter distribution. Direct Anonymous Attestation (DAA) [6] is essentially a ring signature scheme with certain linking properties that can be naturally implemented using LRS schemes. The construction of an offline anonymous e-cash scheme using LRS schemes is also discussed.

Fully secure cipertext-policy hiding CP-ABE

Abstract: In ciphertext-policy attributed-based encryption (CP-ABE), each ciphertext is labeled by the encryptor with an access structure (also called ciphertext policy) and each private key is associated with a set of attributes. A user should be able to decrypt a ciphertext if and only if his private key attributes satisfy the access structure. The traditional security property of CP-ABE is plaintext privacy, which ciphertexts reveal no information about the underlying plaintext. At ACNS'08, Nishide, Yoneyama and Ohta introduced the notion of ciphertext-policy hiding CP-ABE. In addition to protecting the privacy of plaintexts, ciphertext-policy hiding CP-ABE also protects the description of the access structures associated with ciphertexts. They observed that ciphertext-policy hiding CP-ABE can be constructed from attribute-hiding inner-product predicate encryption (PE), and presented two constructions of ciphertext-policy hiding CP-ABE supporting restricted access structures, which can be expressed as AND gates on multi-valued attributes with wildcards. However, their schemes were only proven selectively secure. In this paper, we first describe the construction of ciphertext-policy hiding CP-ABE from attribute-hiding inner-product PE formally. Then, we propose a concrete construction of ciphertext-policy hiding CP-ABE supporting the same access structure as that of Nishide, Yoneyama and Ohta, but our scheme is proven fully secure.

A Ciphertext-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length

Abstract: An Attribute-Based Encryption (ABE) is an encryption scheme, where users with some attributes can decrypt ciphertexts associated with these attributes. However, the length of the ciphertext depends on the number of attributes in previous ABE schemes. In this paper, we propose a new Ciphertext-Policy Attribute-Based Encryption (CP-ABE) with constant ciphertext length. Moreover, the number of pairing computations is also constant.

Realizing fine-grained and flexible access control to outsourced data with attribute-based cryptosystems

Abstract: We consider the problem of constructing a secure cloud storage service to which users outsource sensitive data for sharing with others where, in particular, the service provider is not completely trusted by the customer. Cloud storage service denotes an architectural shift toward thin clients and conveniently centralized provision of both computing and storage resources. When utilizing cloud storage for secure data sharing, one of the main motivating problems of this architecture is providing thin clients with both strong data confidentiality and flexible fine-grained access control without imposing additional cost on them (clients). To achieve this goal, we propose a novel data sharing protocol by combining and exploiting two of the latest attribute based cryptographic techniques, attribute-based encryption (ABE) and attribute-based signature (ABS). Furthermore, we also give a detailed comparison of our scheme with several latest existing schemes.