Showing papers on "40-bit encryption published in 2005"
TL;DR: It is shown how optical encryption methods based on double random phase keys are vulnerable to an organized attack of the chosen-ciphertext type and cast doubts on the present security of these techniques.
Abstract: We show how optical encryption methods based on double random phase keys are vulnerable to an organized attack of the chosen-ciphertext type. The decryption key can be easily obtained by an opponent who has repeated access to either the encryption or decryption machines. However, we have also devised a solution that prevents the attack. Our results cast doubts on the present security of these techniques.
540 citations
27 Aug 2005
TL;DR: It has been concluded that the Blowfish is the best performing algorithm among the algorithms chosen for implementation, and their performance is compared by encrypting input files of varying contents and sizes, on different Hardware platforms.
Abstract: The principal goal guiding the design of any encryption algorithm must be security against unauthorized attacks. However, for all practical applications, performance and the cost of implementation are also important concerns. A data encryption algorithm would not be of much use if it is secure enough but slow in performance because it is a common practice to embed encryption algorithms in other applications such as e-commerce, banking, and online transaction processing applications. Embedding of encryption algorithms in other applications also precludes a hardware implementation, and is thus a major cause of degraded overall performance of the system. In this paper, the four of the popular secret key encryption algorithms, i.e., DES, 3DES, AES (Rijndael), and the Blowfish have been implemented, and their performance is compared by encrypting input files of varying contents and sizes, on different Hardware platforms. The algorithms have been implemented in a uniform language, using their standard specifications, to allow a fair comparison of execution speeds. The performance results have been summarized and a conclusion has been presented. Based on the experiments, it has been concluded that the Blowfish is the best performing algorithm among the algorithms chosen for implementation.
366 citations
14 Feb 2005
TL;DR: Canetti, Halevi, and Katz as discussed by the authors improved the efficiency of their construction, and showed two specific instantiations of their resulting scheme which offer the most efficient encryption and, in one case, key generation of any CCA-secure encryption scheme to date.
Abstract: Recently, Canetti, Halevi, and Katz showed a general method for constructing CCA-secure encryption schemes from identity-based encryption schemes in the standard model. We improve the efficiency of their construction, and show two specific instantiations of our resulting scheme which offer the most efficient encryption (and, in one case, key generation) of any CCA-secure encryption scheme to date.
334 citations
Journal Article•
TL;DR: A Hierarchical Identity Based Encryption system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, regardless of the hierarchy depth, which is proved to be as efficient as in other HIBE systems.
Abstract: We present a Hierarchical Identity Based Encryption (HIBE) system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, regardless of the hierarchy depth. Encryption is as efficient as in other HIBE systems. We prove that the scheme is selective-ID secure in the standard model and fully secure in the random oracle model. Our system has a number of applications: it gives very efficient forward secure public key and identity based cryptosystems (with short ciphertexts), it converts the NNL broadcast encryption system into an efficient public key broadcast system, and it provides an efficient mechanism for encrypting to the future. The system also supports limited delegation where users can be given restricted private keys that only allow delegation to bounded depth. The HIBE system can be modified to support sublinear size private keys at the cost of some ciphertext expansion.
332 citations
23 Jan 2005
TL;DR: This paper constructs an efficient “multi-receiver identity-based encryption scheme” that only needs one (or none if precomputed and provided as a public parameter) pairing computation to encrypt a single message for n receivers, in contrast to the simple construction that re-encrypts a message n times using Boneh and Franklin's identity- based encryption scheme.
Abstract: In this paper, we construct an efficient “multi-receiver identity-based encryption scheme”. Our scheme only needs one (or none if precomputed and provided as a public parameter) pairing computation to encrypt a single message for n receivers, in contrast to the simple construction that re-encrypts a message n times using Boneh and Franklin's identity-based encryption scheme, considered previously in the literature. We extend our scheme to give adaptive chosen ciphertext security. We support both schemes with security proofs under precisely defined formal security model. Finally, we discuss how our scheme can lead to a highly efficient public key broadcast encryption scheme based on the “subset-cover” framework.
187 citations
10 Feb 2005
TL;DR: This work formalizes the problem of chosen-ciphertext security for multiple encryption, and gives simple, efficient, and generic constructions of multiple encryption schemes secure against chosen-Ciphertext attacks (based on any component scheme secure against such attacks) in the standard model.
Abstract: Encryption of data using multiple, independent encryption schemes (“multiple encryption”) has been suggested in a variety of contexts, and can be used, for example, to protect against partial key exposure or cryptanalysis, or to enforce threshold access to data. Most prior work on this subject has focused on the security of multiple encryption against chosen-plaintext attacks, and has shown constructions secure in this sense based on the chosen-plaintext security of the component schemes. Subsequent work has sometimes assumed that these solutions are also secure against chosen-ciphertext attacks when component schemes with stronger security properties are used. Unfortunately, this intuition is false for all existing multiple encryption schemes.
Here, in addition to formalizing the problem of chosen-ciphertext security for multiple encryption, we give simple, efficient, and generic constructions of multiple encryption schemes secure against chosen-ciphertext attacks (based on any component schemes secure against such attacks) in the standard model. We also give a more efficient construction from any (hierarchical) identity-based encryption scheme secure against selective-identity chosen plaintext attacks. Finally, we discuss a wide range of applications for our proposed schemes.
167 citations
TL;DR: In this article, an efficient IBE scheme that employs a simple version of the Sakai-Kasahara scheme and the Fujisaki-Okamoto transformation is presented, referred to as SK-IBE.
Abstract: Identity-based encryption (IBE) is a special asymmetric encryption method where a public encryption key can be an arbitrary identifier and the corresponding private decryption key is created by binding the identifier with a system's master secret. In 2003 Sakai and Kasahara proposed a new IBE scheme, which has the potential to improve performance. However, to our best knowledge, the security of their scheme has not been properly investigated. This work is intended to build confidence in the security of the Sakai-Kasahara IBE scheme. In this paper, we first present an efficient IBE scheme that employs a simple version of the Sakai-Kasahara scheme and the Fujisaki-Okamoto transformation, which we refer to as SK-IBE. We then prove that SK-IBE has chosen ciphertext security in the random oracle model based on a reasonably well-explored hardness assumption.
134 citations
Patent•
30 May 2005TL;DR: The Structure Preserving Database Encryption (SPDE) as discussed by the authors is a database encryption method and method, which allows to convert a conventional database index into a secure one, so that the time complexity of all queries is maintained.
Abstract: A database encryption system and method, the Structure Preserving Database Encryption (SPDE), is presented. In the SPDE method, each database cell is encrypted with its unique position. The SPDE method permits to convert a conventional database index into a secure one, so that the time complexity of all queries is maintained. No one with access to the encrypted database can learn anything about its content without the encryption key. Also a secure index for an encrypted database is provided. Furthermore, secure database indexing system and method are described, providing protection against information leakage and unauthorized modifications by using encryption, dummy values and pooling, and supporting discretionary access control in a multi-user environment.
110 citations
01 May 2005
TL;DR: A novel technique to hide the latency overhead of decrypting counter mode encrypted memory by predicting the sequence number and pre-computing the encryption pad that is called one-time-pad or OTP, which incurs very little area overhead.
Abstract: Encrypting data in unprotected memory has gained much interest lately for digital rights protection and security reasons. Counter Mode is a well-known encryption scheme. It is a symmetric-key encryption scheme based on any block cipher, e.g. AES. The schemeýs encryption algorithm uses a block cipher, a secret key and a counter (or a sequence number) to generate an encryption pad which is XORed with the data stored in memory. Like other memory encryption schemes, this method suffers from the inherent latency of decrypting encrypted data when loading them into the on-chip cache. One solution that parallelizes data fetching and encryption pad generation requires the sequence numbers of evicted cache lines to be cached on-chip. On-chip sequence number caching can be successful in reducing the latency at the cost of a large area overhead. In this paper, we present a novel technique to hide the latency overhead of decrypting counter mode encrypted memory by predicting the sequence number and pre-computing the encryption pad that we call one-time-pad or OTP. In contrast to the prior techniques of sequence number caching, our mechanism solves the latency issue by using idle decryption engine cycles to speculatively predict and pre-compute OTPs before the corresponding sequence number is loaded. This technique incurs very little area overhead. In addition, a novel adaptive OTP prediction technique is also presented to further improve our regular OTP prediction and precomputation mechanism. This adaptive scheme is not only able to predict encryption pads associated with static and infrequently updated cache lines but also those frequently updated ones as well. Experimental results using SPEC2000 benchmark show an 82% prediction rate. Moreover, we also explore several optimization techniques for improving the prediction accuracy. Two specific techniques, Two-level prediction and Context-based prediction are presented and evaluated. For the two-level prediction, the prediction rate was improved from 82% to 96%. With the context-based prediction, the prediction rate approaches 99%. Context-based OTP prediction outperforms a very large 512KB sequence number cache for many memory-bound SPEC programs. IPC results show an overall 15% to 40% performance improvement using our prediction and precomputation, and another 7% improvement when context-based prediction techniques is used.
109 citations
TL;DR: An ID-based broadcast encryption scheme is proposed, by which a center can distribute keys over a network, so that each member of a privileged subset of users can compute a specified key.
Abstract: A broadcast encryption scheme enables a center to distribute keys and/or broadcast a message in a secure way over an insecure channel to an arbitrary subset of privileged recipients. In this paper, an ID-based broadcast encryption scheme is proposed, by which a center can distribute keys over a network, so that each member of a privileged subset of users can compute a specified key. Then a conventional private-key cryptosystem, such as DES, can be used to encrypt the subsequent broadcast with the distributed key. Because a key distribution can be done in an encrypted broadcast without any key pre-distribution, re-keying protocols for group membership operations can be simplified, a center can use the ID-based broadcast encryption scheme again to distribute a new and random session key. The ID-based broadcast encryption scheme from bilinear pairings is based on a variant of the Boneh-Franklin identity based encryption scheme.
107 citations
Posted Content•
TL;DR: A chosen-ciphertext secure, searchable public key encryption scheme which allows for dynamic re-encryption of ciphertexts, and provides for node-targeted searches based on keywords or other identifiers.
Abstract: We consider the problem of using untrusted components to build correlation-resistant survivable storage systems that protect file replica locations, while allowing nodes to continuously re-distribute files throughout the network. The principal contribution is a chosen-ciphertext secure, searchable public key encryption scheme which allows for dynamic re-encryption of ciphertexts, and provides for node-targeted searches based on keywords or other identifiers. The scheme is provably secure under the SXDH assumption which holds in certain subgroups of elliptic curves, and a closely related assumption that we introduce.
14 Nov 2005
TL;DR: It is shown that a more useful measure of encryption strength is the complexity to reduce distortion, instead of recovering the encryption key, and that attacks that require complexity much lower than exhaustive enumeration of encrypted/key bits can successfully yield good quality content.
Abstract: Partial encryption (PE) of compressed multimedia can greatly reduce the computational complexity by encrypting only a fraction of the data bits. It can also easily provide users with low-quality versions, while maintaining the high-quality version inaccessible to unauthorized users. However, it is necessary to realistically evaluate its security strength. Some of the cryptanalysis done for these techniques ignored important characteristics of the multimedia files, and used overly optimistic assumptions. We demonstrate potential weaknesses of such techniques studying attacks that exploit the information provided by non-encrypted bits, and the availability of side information (e.g., from analog signals). We show that a more useful measure of encryption strength is the complexity to reduce distortion, instead of recovering the encryption key. We consider attacks on PE that avoid error propagation (standard-compliant PE), and PE that try to exploit that property for security. In both cases we show that attacks that require complexity much lower than exhaustive enumeration of encrypted/key bits can successfully yield good quality content. Experimental results are shown for images, but the conclusions can be extended to partial encryption of video and other types of media.
TL;DR: High-rate randomized data-encryption through optical fibers using the inherent quantum-measurement noise of coherent states of light is demonstrated using a 10 Gbit/s data-bearing, in-line amplified 200-km-long line.
Abstract: We demonstrate high-rate randomized data-encryption through optical fibers using the inherent quantum-measurement noise of coherent states of light. Specifically, we demonstrate $650\phantom{\rule{0.3em}{0ex}}\mathrm{Mbit}∕\mathrm{s}$ data encryption through a $10\phantom{\rule{0.3em}{0ex}}\mathrm{Gbit}∕\mathrm{s}$ data-bearing, in-line amplified 200-km-long line. In our protocol, legitimate users (who share a short secret key) communicate using an $M$-ry signal set while an attacker (who does not share the secret key) is forced to contend with the fundamental and irreducible quantum-measurement noise of coherent states. Implementations of our protocol using both polarization-encoded signal sets as well as polarization-insensitive phase-keyed signal sets are experimentally and theoretically evaluated. Different from the performance criteria for the cryptographic objective of key generation (quantum key-generation), one possible set of performance criteria for the cryptographic objective of data encryption is established and carefully considered.
11 Jul 2005
TL;DR: The first practical identity based encryption (IBE) scheme was proposed by Boneh and Franklin in [BF03] as discussed by the authors, but the authors pointed out that there is a flawed step in the security reduction exhibited by the authors.
Abstract: The first practical identity based encryption (IBE) scheme was proposed by Boneh and Franklin in [BF03] In this work we point out that there is a flawed step in the security reduction exhibited by the authors Fortunately, it is possible to fix it without changing the scheme or the underlying assumption
In the second place, we introduce a variant of the seminal IBE scheme which allows a more efficient security reduction This variant is simpler, and has more compact ciphertexts than Boneh-Franklin’s proposal, while keeping the computational cost
Finally, we observe that the flawed step pointed out here is present in several works, and that our techniques can be applied to obtain tighter reductions for previous relevant schemes
Patent•
01 Apr 2005TL;DR: In this article, a method and apparatus for enabling the use of multiple digital rights management scenarios (DRM) is presented, where unencrypted data representing digital content is examined to identify at least segments of content for DRM encryption.
Abstract: A method and apparatus for enabling use of multiple digital rights management scenarios (DRM). Unencrypted data representing digital content is examined to identify at least segments of content for DRM encryption. The identified segments of content are duplicated and then encrypted using a first encryption method associated with a first DRM to produce first encrypted segments. Duplicates are encrypted using a second encryption method associated with a second DRM to produce second encrypted segments. At least a portion of segments not selected for DRM encryption are encrypted using a coverage encryption method. The coverage encryption key is encrypted by each of a third and fourth encryption methods associated with the first and second DRMs respectively. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.
Journal Article•
TL;DR: The evolution and the existed problems of authenticated encryption schemes are discussed and the scheme is very suitable for the key agreement application, because a key is a small amount of a message.
Abstract: Nyberg and Ruppel first proposed a signature scheme with message recovery based on DSA in 1993, and the authenticated encryption scheme is a special application of their scheme. Afterward, there are many papers proposed about the authenticated encryption schemes. The signature scheme can reduce the transmitted cost, because the message has been contained in the signature of the message and the signer does not necessary to send the receiver the message and the signature. The scheme is very suitable for the key agreement application, because a key is a small amount of a message. In order to comprehend and interpret the authenticated encryption schemes overall, we discuss the evolution and the existed problems of authenticated encryption schemes.
Proceedings Article•
01 Jan 2005
TL;DR: This paper presents an efficient and lightweight implementation of public-key cryptography algorithms relying on elliptic curves, running on Atmels popular 8Bit ATMEGA128 microcontroller, the heart of the MICA2 platform.
Abstract: One of the huge problems for security in sensor networks is the lack of resources. Based on microcontroller architectures with severe limited computing abilities, strong public-key cryptography is commonly seen as infeasible on sensor devices. In contrast to this prejudice this paper presents an efficient and lightweight implementation of public-key cryptography algorithms relying on elliptic curves. The code is running on Atmels popular 8Bit ATMEGA128 microcontroller, the heart of the MICA2 platform.
Patent•
19 Dec 2005TL;DR: In this article, a collection system of a device adds contributions to homomorphically encrypted data and forwards the requests to another device, when the device receives a reply to the request, it uncombines its contribution to the homomorphic encryption of the data.
Abstract: A method and system for collecting data from devices using a homomorphic encryption of the data is provided. A collection system of a device adds contributions to homomorphically encrypted data and forwards the requests to another device. When the device receives a reply to the request, it uncombines its contribution to the homomorphic encryption of the data. The device then forwards the reply to the previous device. The initiator device ultimately removes its contribution to the encryption and identifies the data.
10 Feb 2005
TL;DR: In this paper, the authors proposed an adaptively secure, completely non-interactive encryption scheme that allows arbitrarily many parties to use a single encryption key to securely encrypt arbitrarily many messages to a given receiver who maintains only a single short decryption key.
Abstract: Adaptively-secure encryption schemes ensure secrecy even in the presence of an adversary who can corrupt parties in an adaptive manner based on public keys, ciphertexts, and secret data of already-corrupted parties. Ideally, an adaptively-secure encryption scheme should, like standard public-key encryption, allow arbitrarily-many parties to use a single encryption key to securely encrypt arbitrarily-many messages to a given receiver who maintains only a single short decryption key. However, it is known that these requirements are impossible to achieve: no non-interactive encryption scheme that supports encryption of an unbounded number of messages and uses a single, unchanging decryption key can be adaptively secure. Impossibility holds even if secure data erasure is possible.
We show that this limitation can be overcome by updating the decryption key over time and making some mild assumptions about the frequency of communication between parties. Using this approach, we construct adaptively-secure, completely non-interactive encryption schemes supporting secure encryption of arbitrarily-many messages from arbitrarily-many senders. Our schemes additionally provide forward security and security against chosen-ciphertext attacks.
Patent•
29 Jul 2005
TL;DR: In this article, a system for encrypting a data encryption key includes a key encryption key generator configured to receive a public portion of a label, the label including an asymmetric key pair of the public portion and a private portion.
Abstract: A system for encrypting a data encryption key includes a key encryption key generator configured to receive a public portion of a label, the label including an asymmetric key pair of the public portion and a private portion, the key encryption key generator being further configured to process the public portion of the label to obtain a key encryption key, and a data encryption key encoder configured to receive the key encryption key from the key encryption key generator and to receive a data encryption key from a random number generator, the encoder being further configured to encrypt the data encryption key using the key encryption key to produce an encrypted data encryption key and to provide the encrypted data encryption key to an encryption device.
Patent•
15 Jul 2005
TL;DR: In this article, an asymmetric encryption key is generated from the asymmetric decryption key using a one-way function, and the key is used to encrypt a symmetric key.
Abstract: A device uses a user authentication factor to generate an asymmetric decryption key for use in cryptography. An asymmetric encryption key is generated from the asymmetric decryption key using a one-way function, and the asymmetric encryption key is used to encrypt a symmetric key.
Patent•
08 Jan 2005
TL;DR: In this paper, Bloom filters were used with Pohlighe-hellman encryption to convert queries that were encrypted with the key of a querier to queries that are encrypted with a key of the encrypted database without knowing the actual keys.
Abstract: Encryption with keys that form an Abelian group are used in combination with a semi-trusted party that converts queries that are encrypted with the key of a querier to queries that are encrypted with the key of the encrypted database, without knowing the actual keys. In an illustrative embodiment, encryption is done with Bloom filters that employ Pohlig-Hellman encryption. Since the querier's key is not divulged, neither the semi-trusted party nor the publisher of the database can see the original queries. Provision can be made for fourth party “warrant servers”, as well as “censorship sets” that limit the data to be shared.
13 Nov 2005
TL;DR: In this paper, a selective encryption scheme is constructed on Advanced Video Coding that keeps secure against brute-force attack, replacement attack or known-plaintext attack, combines encryption process with compression process with low cost, and keeps the file format unchanged with some direct operations supported.
Abstract: Advanced Video Coding is recently announced and widely used, although the according protection means have not been developed thoroughly. In this paper, a selective encryption scheme is constructed on Advanced Video Coding. During AVC encoding, such sensitive data as intra-prediction mode, residue data, inter-prediction mode and motion vector are partially encrypted. This encryption scheme keeps secure against brute-force attack, replacement attack or known-plaintext attack, combines encryption process with compression process with low cost, and keeps the file format unchanged with some direct operations (such as displaying, time seeking, copying, cutting, etc.) supported. These properties make it suitable for secure video transmission.
Patent•
04 Feb 2005TL;DR: In this article, a system and method of creating and managing encryption keys in a data processing device generates subsequent encryption keys by combining the existing encryption key with an existing password and seed value.
Abstract: A system and method of creating and managing encryption keys in a data processing device generates subsequent encryption keys by combining the existing encryption key with an existing password and seed value. In the preferred embodiment, the initial encryption key is embedded during manufacture and is unknown to the user and manufacturer, thus ensuring that all subsequent encryption keys are derived from an unknown value. When a subsequent encryption key is generated, all data encrypted using the existing encryption key is decrypted using the existing encryption key and re-encrypted using the subsequent encryption key before the existing encryption key is overwritten. In a further aspect, during encryption/decryption the encryption key is combined with the sector address of the data to be encrypted/decrypted in order to generate a unique key for each sector of data to be encrypted/decrypted.
08 Mar 2005
TL;DR: It is found that RC2 encrypts faster and uses less energyithan XTEA, followed by AES, which seems to be more energy efficient because of differences in speed rather than differences in power consumption levels while encrypting.
Abstract: Encryption algorithms can be used to help secure wireless communications, but securing data also consumes resources. The goal of this research is to provide users or system developers of personal digital assistants and applications with the associated time and energy costs of using specific encryption algorithms. Fouriblock ciphers (RC2, Blowfish, XTEA, and AES) were considered. The experiments included encryption and decryption tasks with different cipher and file size combinations. The resource impact of the block ciphers were evaluated using the latency, throughput, energy-latency product, and throughput/energy ratio metrics. We found that RC2 encrypts faster and uses less energyithan XTEA, followed by AES. The Blowfish cipher is a fast encryption algorithm, but the size of the plaintext affects its encryption speed and energy consumption. Faster algorithms seem to be more energy efficient because of differences in speed rather than differences in power consumption levels while encrypting.
Patent•
IBM1
TL;DR: In this paper, a high level of security for access to recorded information is provided by a method which includes provisioning of a trusted/protected communication linkage such as a tamper-resistant or tamper evident enclosure, a physical close coupling between information source and encryption processor and/or obfuscated code or end-to-end network encryption and encryption, possibly symmetrical, of the information to be recorded by a preferably random session key or segment key.
Abstract: A high level of security for access to recorded information is provided by a method which includes provisioning of a trusted/protected communication linkage such as a tamper-resistant or tamper evident enclosure, a physical close coupling between information source and encryption processor and/or obfuscated code or end-to-end network encryption and encryption, possibly symmetrical, of the information to be recorded by a preferably random session key or segment key. The session key or segment key may then be encrypted, preferably asymmetrically, by a secure key which may be shared or access thereto shared in accordance with any desired security policy. Use of a public key or public key/private key infrastructure also provides for authentication of the recorded information.
Patent•
31 Jan 2005TL;DR: In this paper, an encryption device performs elliptic curve encryption using a secret key, which includes an operation unit for performing scalar multiplication of a point on an ellipsis and a determiner unit for determining, in accordance with a bit sequence of a given value (d) and with a random value (RNG), an address of one of the plurality of data storage areas that is to be coupled to the operation means.
Abstract: An encryption device performs elliptic curve encryption using a secret key. The encryption device includes an operation unit for performing scalar multiplication of a point on an elliptic curve a storage unit having a plurality of data storing areas and a determiner unit for determining, in accordance with a bit sequence of a given value (d) and with a random value (RNG), an address of one of the plurality of data storage areas that is to be coupled to the operation means for each scalar multiplication.
Journal Article•
TL;DR: In this article, a selective encryption scheme is constructed on Advanced Video Coding, which keeps secure against brute-force attack, replacement attack or known-plaintext attack, combines encryption process with compression process with low cost, and keeps the file format unchanged with some direct operations.
Abstract: Advanced Video Coding is recently announced and widely used, although the according protection means have not been developed thoroughly. In this paper, a selective encryption scheme is constructed on Advanced Video Coding. During AVC encoding, such sensitive data as intra-prediction mode, residue data, inter-prediction mode and motion vector are partially encrypted. This encryption scheme keeps secure against brute-force attack, replacement attack or known-plaintext attack, combines encryption process with compression process with low cost, and keeps the file format unchanged with some direct operations (such as displaying, time seeking, copying, cutting, etc.) supported. These properties make it suitable for secure video transmission.
07 Jun 2005
TL;DR: This modification of the Boneh-Franklin IBE is an hybrid construction that is proved to be secure in the random oracle model under a slightly stronger assumption than the original IBE and turns out to be more efficient at decryption than the latter.
Abstract: This paper presents a first example of secure identity based encryption scheme (IBE) without redundancy in the sense of Phan and Pointcheval. This modification of the Boneh-Franklin IBE is an hybrid construction that is proved to be secure (using proof techniques borrowed from those for KEM-DEM constructions) in the random oracle model under a slightly stronger assumption than the original IBE and turns out to be more efficient at decryption than the latter. A second contribution of this work is to show how to shorten ciphertexts in a recently proposed multiple-recipient IBE scheme. Our modification of the latter scheme spares about 1180 bits from a bandwidth point of view as, somewhat surprisingly, redundancies are not needed although all elements of the ciphertext space are not reachable by the encryption mapping. This shows that in public key encryption schemes, redundancies may be useless even when the encryption mapping is not a surjection.
Patent•
27 Jun 2005TL;DR: In this paper, a QKD-based network is described, which includes a key management layer that generates an application registration record that includes a list of multiple applications that use the quantum encryption keys.
Abstract: Key manager systems and methods for a QKD-based network are disclosed. The system includes a QKD layer that generates quantum encryption keys, a persistent storage layer that stores the quantum encryption keys, and a key management layer. The key management layer generates an application registration record that includes a list of multiple applications that use the quantum encryption keys. The key management layer also generates a corresponding key storage layer. The multiple applications reside in an applications layer. The applications in each node remove keys from the key storage layer so that each node can encrypt/decrypt data using quantum encryption keys. The methods also include secure QKD system boot-up and authentication that facilitate implementing a commercial QKD system in real-world environments.