scispace - formally typeset
Search or ask a question
Book ChapterDOI

Adaptively secure efficient lattice (H)IBE in standard model with short public parameters

TL;DR: A scheme to divide an l-bit identity into l′ blocks of l/l′ so that size of the vector $\overrightarrow{V}$ can be reduced from l elements of G to l′ elements ofG is presented.
Abstract: Independent work by Chatterjee and Sarkar [9] and Naccache [16] provided a variant of Waters' IBE to reduce public parameters. The idea is to divide an l-bit identity into l′ blocks of l/l′ so that size of the vector $\overrightarrow{V}$ can be reduced from l elements of G to l′ elements of G. We name this technique as blocking technique. This leads to some associated degradation in security reduction. In this paper our contribution is two fold: First we apply Waters' [21] idea to convert Agrawal et al. [1] selective-ID secure lattice HIBE to adaptive-ID secure HIBE then using blocking technique we reduce the public parameters. Second we present efficient lattice identity based encryption in standard model with smaller public key size which is variant of [1]. Using blocking technique our scheme reduces public key size by a factor of β at the cost of increasing (β−lg (β))2 number of bits in q where q is size of field Zq. There is an interesting trade-off between reducing the public parameter size and increase in the computational cost. For 160-bit identities we show that compared to scheme [1] the public parameter size can be reduced by almost 90% while increasing the computation cost by only 8.71% for appropriate choice of β.
Citations
More filters
Journal Article
TL;DR: This work presents a general methodology and two protocol constructions that result in the first two public-key traitor tracing schemes with constant transmission rate in settings where plaintexts can be calibrated to be sufficientlylarge.
Abstract: An important open problem in the area of Traitor Tracing is designing a scheme with constant expansion of the size of keys (users' keys and the encryption key) and of the size of ciphertexts with respect to the size of the plaintext. This problem is known from the introduction of Traitor Tracing by Chor, Fiat and Naor. We refer to such schemes as traitor tracing with constant transmission rate. Here we present a general methodology and two protocol constructions that result in the first two public-key traitor tracing schemes with constant transmission rate in settings where plaintexts can be calibrated to be sufficiently large. Our starting point is the notion of copyrighted function which was presented by Naccache, Shamir and Stern. We first solve the open problem of discrete-log-based and public-key-based copyrighted function. Then, we observe the simple yet crucial relation between (public-key) copyrighted encryption and (public-key) traitor tracing, which we exploit by introducing a generic design paradigm for designing constant transmission rate traitor tracing schemes based on copyrighted encryption functions. Our first scheme achieves the same expansion efficiency as regular ElGamal encryption. The second scheme introduces only a slightly larger (constant) overhead, however, it additionally achieves efficient black-box traitor tracing (against any pirate construction).

649 citations

Book
01 Jan 2010
TL;DR: Cryptosystems I and II: Cryptography between Wonderland and Underland as discussed by the authors, a simple BGN-type Cryptosystem from LWE, or Bonsai Trees, or how to delegate a Lattice Basis.
Abstract: Cryptosystems I.- On Ideal Lattices and Learning with Errors over Rings.- Fully Homomorphic Encryption over the Integers.- Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups.- Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption.- Obfuscation and Side Channel Security.- Secure Obfuscation for Encrypted Signatures.- Public-Key Encryption in the Bounded-Retrieval Model.- Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases.- 2-Party Protocols.- Partial Fairness in Secure Two-Party Computation.- Secure Message Transmission with Small Public Discussion.- On the Impossibility of Three-Move Blind Signature Schemes.- Efficient Device-Independent Quantum Key Distribution.- Cryptanalysis.- New Generic Algorithms for Hard Knapsacks.- Lattice Enumeration Using Extreme Pruning.- Algebraic Cryptanalysis of McEliece Variants with Compact Keys.- Key Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds.- IACR Distinguished Lecture.- Cryptography between Wonderland and Underland.- Automated Tools and Formal Methods.- Automatic Search for Related-Key Differential Characteristics in Byte-Oriented Block Ciphers: Application to AES, Camellia, Khazad and Others.- Plaintext-Dependent Decryption: A Formal Security Treatment of SSH-CTR.- Computational Soundness, Co-induction, and Encryption Cycles.- Models and Proofs.- Encryption Schemes Secure against Chosen-Ciphertext Selective Opening Attacks.- Cryptographic Agility and Its Relation to Circular Encryption.- Bounded Key-Dependent Message Security.- Multiparty Protocols.- Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography.- Adaptively Secure Broadcast.- Universally Composable Quantum Multi-party Computation.- Cryptosystems II.- A Simple BGN-Type Cryptosystem from LWE.- Bonsai Trees, or How to Delegate a Lattice Basis.- Efficient Lattice (H)IBE in the Standard Model.- Hash and MAC.- Multi-property-preserving Domain Extension Using Polynomial-Based Modes of Operation.- Stam's Collision Resistance Conjecture.- Universal One-Way Hash Functions via Inaccessible Entropy.- Foundational Primitives.- Constant-Round Non-malleable Commitments from Sub-exponential One-Way Functions.- Constructing Verifiable Random Functions with Large Input Spaces.- Adaptive Trapdoor Functions and Chosen-Ciphertext Security.

320 citations

Book ChapterDOI
04 Dec 2016
TL;DR: In this paper, Chen et al. proposed a secure IBE scheme based on the hardness of a computational/search problem, rather than a decisional problem such as DDH and DLIN on bilinear maps with sublinear public parameter size.
Abstract: In this paper, we present new adaptively secure identity-based encryption IBE schemes. One of the distinguishing properties of the schemes is that it achieves shorter public parameters than previous schemes. Both of our schemes follow the general framework presented in the recent IBE scheme of Yamada Eurocrypt 2016, employed with novel techniques tailored to meet the underlying algebraic structure to overcome the difficulties arising in our specific setting. Specifically, we obtain the following: - Our first scheme is proven secure under the ring learning with errors RLWE assumption and achieves the best asymptotic space efficiency among existing schemes from the same assumption. The main technical contribution is in our new security proof that exploits the ring structure in a crucial way. Our technique allows us to greatly weaken the underlying hardness assumption e.g., we assume the hardness of RLWE with a fixed polynomial approximation factor whereas Yamada's scheme requires a super-polynomial approximation factor while improving the overall efficiency. - Our second IBE scheme is constructed on bilinear maps and is secure under the 3-computational bilinear Diffie-Hellman exponent assumption. This is the first IBE scheme based on the hardness of a computational/search problem, rather than a decisional problem such as DDH and DLIN on bilinear maps with sub-linear public parameter size.

69 citations

Book ChapterDOI
08 May 2016
TL;DR: An attribute-based encryption scheme for branching programs that simultaneously satisfies the following properties for the first time: the scheme achieves compact secret keys, the security is proven under the LWE assumption with polynomial approximation factors, and the scheme can deal with unbounded length branching programs.
Abstract: In this paper, we present two new adaptively secure identity-based encryption IBE schemes from lattices. The size of the public parameters, ciphertexts, and private keys are $$\tilde{O}n^2 \kappa ^{1/d}$$, $$\tilde{O}n$$, and $$\tilde{O}n$$ respectively. Here, n is the security parameter, $$\kappa $$ is the length of the identity, and $$d\in \mathbb {N}$$ is a flexible constant that can be set arbitrary but will affect the reduction cost. Ignoring the poly-logarithmic factors hidden in the asymptotic notation, our schemes achieve the best efficiency among existing adaptively secure IBE schemes from lattices. In more detail, our first scheme is anonymous, but proven secure under the LWE assumption with approximation factor $$n^{\omega 1}$$. Our second scheme is not anonymous, but proven adaptively secure assuming the LWE assumption for all polynomial approximation factors. As a side result, based on a similar idea, we construct an attribute-based encryption scheme for branching programs that simultaneously satisfies the following properties for the first time: Our scheme achieves compact secret keys, the security is proven under the LWE assumption with polynomial approximation factors, and the scheme can deal with unbounded length branching programs.

47 citations


Cites methods from "Adaptively secure efficient lattice..."

  • ...Another possible approach would be to use a technique from Naccache’s IBE scheme [36], as is done in [44]....

    [...]

Book ChapterDOI
10 Aug 2016
TL;DR: This work focuses on the implementation security issues related to postquantum schemes and their applications in e-commerce, e.g. the supply and demand for identity protection in the e-sports industry.
Abstract: Although postquantum cryptography is of growing practical concern, not many works have been devoted to implementation security issues related to postquantum schemes.

38 citations

References
More filters
Book ChapterDOI
02 May 2004
TL;DR: This work proposes a simple and efficient construction of a CCA-secure public-key encryption scheme from any CPA-secure identity-based encryption (IBE) scheme, which avoids non-interactive proofs of “well-formedness” which were shown to underlie most previous constructions.
Abstract: We propose a simple and efficient construction of a CCA-secure public-key encryption scheme from any CPA-secure identity-based encryption (IBE) scheme. Our construction requires the underlying IBE scheme to satisfy only a relatively “weak” notion of security which is known to be achievable without random oracles; thus, our results provide a new approach for constructing CCA-secure encryption schemes in the standard model. Our approach is quite different from existing ones; in particular, it avoids non-interactive proofs of “well-formedness” which were shown to underlie most previous constructions. Furthermore, applying our conversion to some recently-proposed IBE schemes results in CCA-secure schemes whose efficiency makes them quite practical.

889 citations

Book ChapterDOI
30 May 2010
TL;DR: This work constructs an efficient identity based encryption system based on the standard learning with errors (LWE) problem and extends this basic technique to an adaptively-secure IBE and a Hierarchical IBE.
Abstract: We construct an efficient identity based encryption system based on the standard learning with errors (LWE) problem. Our security proof holds in the standard model. The key step in the construction is a family of lattices for which there are two distinct trapdoors for finding short vectors. One trapdoor enables the real system to generate short vectors in all lattices in the family. The other trapdoor enables the simulator to generate short vectors for all lattices in the family except for one. We extend this basic technique to an adaptively-secure IBE and a Hierarchical IBE.

840 citations

Posted Content
TL;DR: In this article, the authors proposed a simple and efficient construction of a CCA-secure public-key encryption scheme from any CPA-secure identity-based encryption (IBE) scheme.
Abstract: We propose a simple and efficient construction of a CCA-secure public-key encryption scheme from any CPA-secure identity-based encryption (IBE) scheme. Our construction requires the underlying IBE scheme to satisfy only a relatively “weak” notion of security which is known to be achievable without random oracles; thus, our results provide a new approach for constructing CCA-secure encryption schemes in the standard model. Our approach is quite different from existing ones; in particular, it avoids non-interactive proofs of “well-formedness” which were shown to underlie most previous constructions. Furthermore, applying our conversion to some recently-proposed IBE schemes results in CCA-secure schemes whose efficiency makes them quite practical.

789 citations

BookDOI
01 Jan 2004
TL;DR: A formal statistical framework for block cipher attacks based on this technique is developed and explicit and compact gain formulas for generalized versions of Matsui’s Algorithm 1 and Algorithm 2 are derived.
Abstract: In this paper we study the long standing problem of information extraction from multiple linear approximations. We develop a formal statistical framework for block cipher attacks based on this technique and derive explicit and compact gain formulas for generalized versions of Matsui’s Algorithm 1 and Algorithm 2. The theoretical framework allows both approaches to be treated in a unified way, and predicts significantly improved attack complexities compared to current linear attacks using a single approximation. In order to substantiate the theoretical claims, we benchmarked the attacks against reduced-round versions of DES and observed a clear reduction of the data and time complexities, in almost perfect correspondence with the predictions. The complexities are reduced by several orders of magnitude for Algorithm 1, and the significant improvement in the case of Algorithm 2 suggests that this approach may outperform the currently best attacks on the full DES algorithm.

759 citations

Book ChapterDOI
02 May 2002
TL;DR: The first public-key traitor tracing scheme with constant transmission rate was proposed by Naccac, Shamir, and Stern as mentioned in this paper, which achieves the same expansion efficiency as regular ElGamal encryption.
Abstract: An important open problem in the area of Traitor Tracing is designing a scheme with constant expansion of the size of keys (users' keys and the encryption key) and of the size of ciphertexts with respect to the size of the plaintext. This problem is known from the introduction of Traitor Tracing byChor, Fiat and Naor. We refer to such schemes as traitor tracing with constant transmission rate. Here we present a general methodologyand two protocol constructions that result in the first two public-keytraitor tracing schemes with constant transmission rate in settings where plaintexts can be calibrated to be sufficientlylarge. Our starting point is the notion of "copyrighted function" which was presented byNaccac he, Shamir and Stern. We first solve the open problem of discrete-log-based and public-key-based "copyrighted function." Then, we observe the simple yet crucial relation between (public-key) copyrighted encryption and (public-key) traitor tracing, which we exploit byin troducing a generic design paradigm for designing constant transmission rate traitor tracing schemes based on copyrighted encryption functions. Our first scheme achieves the same expansion efficiency as regular ElGamal encryption. The second scheme introduces only a slightlylarger (constant) overhead, however, it additionallyac hieves efficient black-box traitor tracing (against any pirate construction).

667 citations