Showing papers on "Plaintext-aware encryption published in 2005"
10 Feb 2005
TL;DR: A homomorphic public key encryption scheme that allows the public evaluation of ψ given an encryption of the variables x1,...,xn and can evaluate quadratic multi-variate polynomials on ciphertexts provided the resulting value falls within a small set.
Abstract: Let ψ be a 2-DNF formula on boolean variables x1,...,xn ∈ {0,1}. We present a homomorphic public key encryption scheme that allows the public evaluation of ψ given an encryption of the variables x1,...,xn. In other words, given the encryption of the bits x1,...,xn, anyone can create the encryption of ψ(x1,...,xn). More generally, we can evaluate quadratic multi-variate polynomials on ciphertexts provided the resulting value falls within a small set. We present a number of applications of the system:
In a database of size n, the total communication in the basic step of the Kushilevitz-Ostrovsky PIR protocol is reduced from $\sqrt{n}$ to $\sqrt[3]{n}$.
An efficient election system based on homomorphic encryption where voters do not need to include non-interactive zero knowledge proofs that their ballots are valid. The election system is proved secure without random oracles but still efficient.
A protocol for universally verifiable computation.
1,754 citations
22 May 2005
TL;DR: In this article, a Hierarchical Identity Based Encryption (HIBE) scheme is presented, where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, regardless of the hierarchy depth.
Abstract: We present a Hierarchical Identity Based Encryption (HIBE) system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, regardless of the hierarchy depth. Encryption is as efficient as in other HIBE systems. We prove that the scheme is selective-ID secure in the standard model and fully secure in the random oracle model. Our system has a number of applications: it gives very efficient forward secure public key and identity based cryptosystems (with short ciphertexts), it converts the NNL broadcast encryption system into an efficient public key broadcast system, and it provides an efficient mechanism for encrypting to the future. The system also supports limited delegation where users can be given restricted private keys that only allow delegation to bounded depth. The HIBE system can be modified to support sublinear size private keys at the cost of some ciphertext expansion.
985 citations
14 Feb 2005
TL;DR: Canetti, Halevi, and Katz as discussed by the authors improved the efficiency of their construction, and showed two specific instantiations of their resulting scheme which offer the most efficient encryption and, in one case, key generation of any CCA-secure encryption scheme to date.
Abstract: Recently, Canetti, Halevi, and Katz showed a general method for constructing CCA-secure encryption schemes from identity-based encryption schemes in the standard model. We improve the efficiency of their construction, and show two specific instantiations of our resulting scheme which offer the most efficient encryption (and, in one case, key generation) of any CCA-secure encryption scheme to date.
334 citations
Journal Article•
TL;DR: A Hierarchical Identity Based Encryption system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, regardless of the hierarchy depth, which is proved to be as efficient as in other HIBE systems.
Abstract: We present a Hierarchical Identity Based Encryption (HIBE) system where the ciphertext consists of just three group elements and decryption requires only two bilinear map computations, regardless of the hierarchy depth. Encryption is as efficient as in other HIBE systems. We prove that the scheme is selective-ID secure in the standard model and fully secure in the random oracle model. Our system has a number of applications: it gives very efficient forward secure public key and identity based cryptosystems (with short ciphertexts), it converts the NNL broadcast encryption system into an efficient public key broadcast system, and it provides an efficient mechanism for encrypting to the future. The system also supports limited delegation where users can be given restricted private keys that only allow delegation to bounded depth. The HIBE system can be modified to support sublinear size private keys at the cost of some ciphertext expansion.
332 citations
TL;DR: This paper describes an attack which permits to recover the corresponding plaintext from a given ciphertext and points out that also other primitives, a Diffie-Hellman like key agreement scheme and an authentication scheme, designed along the same lines of the cryptosystem are not secure due to the aforementioned attack.
Abstract: Chebyshev polynomials have been recently proposed for designing public-key systems. Indeed, they enjoy some nice chaotic properties, which seem to be suitable for use in Cryptography. Moreover, they satisfy a semi-group property, which makes possible implementing a trapdoor mechanism. In this paper, we study a public-key cryptosystem based on such polynomials, which provides both encryption and digital signature. The cryptosystem works on real numbers and is quite efficient. Unfortunately, from our analysis, it comes up that it is not secure. We describe an attack which permits to recover the corresponding plaintext from a given ciphertext. The same attack can be applied to produce forgeries if the cryptosystem is used for signing messages. Then, we point out that also other primitives, a Diffie-Hellman like key agreement scheme and an authentication scheme, designed along the same lines of the cryptosystem, are not secure due to the aforementioned attack. We close the paper by discussing the issues and the possibilities of constructing public-key cryptosystems on real numbers.
283 citations
TL;DR: Simulation results show that the proposed Cryptosystem requires less time to encrypt the plaintext as compared to the existing chaotic cryptosystems and further produces the ciphertext having flat distribution of same size as theplaintext.
223 citations
23 Jan 2005
TL;DR: This paper constructs an efficient “multi-receiver identity-based encryption scheme” that only needs one (or none if precomputed and provided as a public parameter) pairing computation to encrypt a single message for n receivers, in contrast to the simple construction that re-encrypts a message n times using Boneh and Franklin's identity- based encryption scheme.
Abstract: In this paper, we construct an efficient “multi-receiver identity-based encryption scheme”. Our scheme only needs one (or none if precomputed and provided as a public parameter) pairing computation to encrypt a single message for n receivers, in contrast to the simple construction that re-encrypts a message n times using Boneh and Franklin's identity-based encryption scheme, considered previously in the literature. We extend our scheme to give adaptive chosen ciphertext security. We support both schemes with security proofs under precisely defined formal security model. Finally, we discuss how our scheme can lead to a highly efficient public key broadcast encryption scheme based on the “subset-cover” framework.
187 citations
TL;DR: A successful chosen-plain-text cryptanalytic attack, which is composed of two mutually independent procedures: the cryptanalysis of the diffusion process and the crypt analysis of the spatial permutation process.
170 citations
TL;DR: The security of Fridrich's algorithm against brute-force attack, statistical attack, known-plain text attack and select-plaintext attack is analyzed by investigating the properties of the involved chaotic maps and diffusion functions.
Abstract: The security of Fridrich's algorithm against brute-force attack, statistical attack, known-plaintext attack and select-plaintext attack is analyzed by investigating the properties of the involved chaotic maps and diffusion functions. Based on the given analyses, some means are proposed to strengthen the overall performance of the focused cryptosystem.
168 citations
10 Feb 2005
TL;DR: This work formalizes the problem of chosen-ciphertext security for multiple encryption, and gives simple, efficient, and generic constructions of multiple encryption schemes secure against chosen-Ciphertext attacks (based on any component scheme secure against such attacks) in the standard model.
Abstract: Encryption of data using multiple, independent encryption schemes (“multiple encryption”) has been suggested in a variety of contexts, and can be used, for example, to protect against partial key exposure or cryptanalysis, or to enforce threshold access to data. Most prior work on this subject has focused on the security of multiple encryption against chosen-plaintext attacks, and has shown constructions secure in this sense based on the chosen-plaintext security of the component schemes. Subsequent work has sometimes assumed that these solutions are also secure against chosen-ciphertext attacks when component schemes with stronger security properties are used. Unfortunately, this intuition is false for all existing multiple encryption schemes.
Here, in addition to formalizing the problem of chosen-ciphertext security for multiple encryption, we give simple, efficient, and generic constructions of multiple encryption schemes secure against chosen-ciphertext attacks (based on any component schemes secure against such attacks) in the standard model. We also give a more efficient construction from any (hierarchical) identity-based encryption scheme secure against selective-identity chosen plaintext attacks. Finally, we discuss a wide range of applications for our proposed schemes.
167 citations
Posted Content•
TL;DR: A chosen-ciphertext secure, searchable public key encryption scheme which allows for dynamic re-encryption of ciphertexts, and provides for node-targeted searches based on keywords or other identifiers.
Abstract: We consider the problem of using untrusted components to build correlation-resistant survivable storage systems that protect file replica locations, while allowing nodes to continuously re-distribute files throughout the network. The principal contribution is a chosen-ciphertext secure, searchable public key encryption scheme which allows for dynamic re-encryption of ciphertexts, and provides for node-targeted searches based on keywords or other identifiers. The scheme is provably secure under the SXDH assumption which holds in certain subgroups of elliptic curves, and a closely related assumption that we introduce.
07 Jun 2005
TL;DR: This modification of the Boneh-Franklin IBE is an hybrid construction that is proved to be secure in the random oracle model under a slightly stronger assumption than the original IBE and turns out to be more efficient at decryption than the latter.
Abstract: This paper presents a first example of secure identity based encryption scheme (IBE) without redundancy in the sense of Phan and Pointcheval. This modification of the Boneh-Franklin IBE is an hybrid construction that is proved to be secure (using proof techniques borrowed from those for KEM-DEM constructions) in the random oracle model under a slightly stronger assumption than the original IBE and turns out to be more efficient at decryption than the latter. A second contribution of this work is to show how to shorten ciphertexts in a recently proposed multiple-recipient IBE scheme. Our modification of the latter scheme spares about 1180 bits from a bandwidth point of view as, somewhat surprisingly, redundancies are not needed although all elements of the ciphertext space are not reachable by the encryption mapping. This shows that in public key encryption schemes, redundancies may be useless even when the encryption mapping is not a surjection.
TL;DR: This paper describes an efficient and collusion-resistant thABE scheme featuring dynamically-specifiable threshold values and is proven secure in the random oracle model, and its efficiency and flexibility are compared with Sahai and Waters' ABE scheme.
Abstract: Threshold attribute-based encryption (thABE) is a variant of identity-based encryption which views identities as sets of descriptive attributes. If a thABE ciphertext c is computed for a set ω of attributes, then, to decrypt c, a user must have keys associated with a sufficiently large subset of ω. One application of thABE is biometric-based access control (BBAC). Practical BBAC applications impose the following constraints on the design of thABE schemes: first, a suitable thABE scheme must have an efficient decryption procedure; second, the proposed scheme must prevent colluding users from being able to decrypt ciphertexts which none of them could decrypt; third, the designed scheme must provide a mechanism whereby encryptors can, at encryption time, specify multiples sets of attributes with their corresponding threshold values. To the best of our knowledge, no scheme is known that simultaneously satisfies the aforementioned requirements. This paper describes an efficient and collusion-resistant thABE scheme featuring dynamically-specifiable threshold values. The proposed scheme is proven secure in the random oracle model, and its efficiency and flexibility are compared with Sahai and Waters'thABE scheme.
13 Oct 2005
TL;DR: The security of amplitude encoding for double random phase encryption is found to be resistant to brute-force attacks but vulnerable to chosen and known plaintext attacks.
Abstract: This paper analyzes the security of amplitude encoding for double random phase encryption. We describe several types of attack. The system is found to be resistant to brute-force attacks but vulnerable to chosen and known plaintext attacks.
10 Feb 2005
TL;DR: statistical zero-knowledge protocols for statements of the form “plaintext m corresponds to ciphertext c” and “ciphertext c and c' decrypt to the same value” for the Ajtai-Dwork cryptosystem are shown.
Abstract: Ajtai and Dwork proposed a public-key encryption scheme in 1996 which they proved secure under the assumption that the unique shortest vector problem is hard in the worst case. This cryptosystem and its extension by Regev are the only one known for which security can be proved under a worst case assumption, and as such present a particularly interesting case to study.
In this paper, we show statistical zero-knowledge protocols for statements of the form “plaintext m corresponds to ciphertext c” and “ciphertext c and c' decrypt to the same value” for the Ajtai-Dwork cryptosystem. We then show a interactive zero-knowledge proof of plaintext knowledge (PPK) for the Ajtai-Dwork cryptosystem, based directly on the security of the cryptosystem rather than resorting to general interactive zero-knowledge constructions. The witness for these proofs is the randomness used in the encryption.
23 May 2005
TL;DR: Simulation results for color images show that the proposed image encryption method works well as the expectation, and satisfies the properties of confusion and diffusion due to the CA substitution.
Abstract: This paper presents a new method for image encryption. Its encryption scheme is based on permutation of the pixels of the image and replacement of the pixel values. The permutation is done by scan patterns generated by the SCAN methodology. The pixel values are replaced using a progressive cellular automata (CA) substitution. The proposed image encryption method satisfies the properties of confusion and diffusion due to the CA substitution. The characteristics of the proposed image encryption method are lossless, symmetric private key encryption, very large number of security keys (number of possible of security keys is large than 10/sup 9536/), key-dependent permutation, and key-dependent pixel value replacement. Simulation results for color images show that the proposed image encryption method works well as our expectation.
06 Nov 2005
TL;DR: In this paper, a Partial RDF Encryption (PRE) method is proposed in which sensitive data in an RDF-graph is encrypted for a set of recipients while all non-sensitive data remain publicly readable.
Abstract: In this paper a method for Partial RDF Encryption (PRE) is proposed in which sensitive data in an RDF-graph is encrypted for a set of recipients while all non-sensitive data remain publicly readable. The result is an RDF-compliant self-describing graph containing encrypted data, encryption metadata, and plaintext data. For the representation of encrypted data and encryption metadata, the XML-Encryption and XML-Signature recommendations are used. The proposed method allows for fine-grained encryption of arbitrary subjects, predicates, objects and subgraphs of an RDF-graph. An XML vocabulary for specifying encryption policies is introduced.
27 Dec 2005
TL;DR: A new fast public key cryptosystem is proposed, which is based on two dissimilar number-theoretic hard problems, namely the simultaneous Diophantine approximation problem and integer factorisation problem, that is efficient with respect to encryption and decryption.
Abstract: A new fast public key cryptosystem is proposed, which is based on two dissimilar number-theoretic hard problems, namely the simultaneous Diophantine approximation problem and integer factorisation problem. The adversary has to solve the two hard problems simultaneously to recover the plaintext according to their knowledge about the public keys and the cipher-text. Therefore, the scheme is expected to gain a high level of security. The newly-designed public key cryptosystem is efficient with respect to encryption and decryption. The encryption of this system is about three times faster than that of RSA, and the decryption is six times faster than that of RSA. The cipher-text expansion of the system is about 8:3.
Posted Content•
TL;DR: This paper shows that the proposed certificateless public-key encryption scheme proposed by Al-Riyami and Paterson is vulnerable to adaptive chosen ciphertext attacks, and presents a countermeasure to overcome such a security flaw.
Abstract: Certificateless public-key cryptosystem is a recently proposed attractive paradigm using public key cryptosystem, which avoids the key escrow inherent in identity-based public-key cryptosystems, and does not need certificates to generate trust in public keys. Recently, Al-Riyami and Paterson proposed a new certificateless public-key encryption scheme [2, 3] and proved its security in the random oracle model. This paper shows that their scheme is vulnerable to adaptive chosen ciphertext attacks, and presents a countermeasure to overcome such a security flaw.
TL;DR: A novel public key encryption scheme semantically secure in the standard model under the intractability assumption of a subgroup membership problem related to the factorization problem is presented.
Abstract: We present a novel public key encryption scheme semantically secure in the standard model under the intractability assumption of a subgroup membership problem related to the factorization problem.
10 Feb 2005
TL;DR: This paper shows that KEM semantically secure against adaptively chosen ciphertext attacks (IND-CCA2) and DEM semanticallySecure against adaptive chosen plaintext/ciphertext attacks(IND-P2-C2) along with secure signatures and ideal certification authority are sufficient to realize a universally composable (UC) secure channel.
Abstract: For ISO standards on public-key encryption, Shoup introduced the framework of KEM (Key Encapsulation Mechanism), and DEM (Data Encapsulation Mechanism), for formalizing and realizing one-directional hybrid encryption; KEM is a formalization of asymmetric encryption specified for key distribution, and DEM is a formalization of symmetric encryption. This paper investigates a more general hybrid protocol, secure channel, using KEM and DEM, such that KEM is used for distribution of a session key and DEM, along with the session key, is used for multiple bi-directional encrypted transactions in a session. This paper shows that KEM semantically secure against adaptively chosen ciphertext attacks (IND-CCA2) and DEM semantically secure against adaptively chosen plaintext/ciphertext attacks (IND-P2-C2) along with secure signatures and ideal certification authority are sufficient to realize a universally composable (UC) secure channel. To obtain the main result, this paper also shows several equivalence results: UC KEM, IND-CCA2 KEM and NM-CCA2 (non-malleable against CCA2) KEM are equivalent, and UC DEM, IND-P2-C2 DEM and NM-P2-C2 DEM are equivalent.
Patent•
21 Dec 2005TL;DR: In this article, the authors proposed a method of encrypting a sequence using a sequence of forward and reverse encryption keys, each associated with a respective encryption period (T i ) and each reverse encryption key being generated recursively by applying a reverse one way function (F R i−1 ) to the reverse key associated with the subsequent encryption period.
Abstract: A device and method of encrypting a sequence. The method ( 300 ) encrypts data (D i ) over a sequence of encryption periods (T i ) by generating ( 315 ) a sequence of forward encryption keys (GK f i ) each associated with a respective encryption period (T i ). Each forward encryption key is generated recursively by applying a forward one way function (F F i−1 ) to the forward encryption key (GK F i−1 ) associated with the preceding encryption period (T i−1 ). Next the method ( 300 ) generates ( 320 ) a sequence of reverse encryption keys (GK R i ), each associated with a respective encryption period (T i ), each reverse encryption key being generated recursively by applying a reverse one way function (F R i−1 ) to the reverse encryption key (GK R i+1 ) associated with the subsequent encryption period (T i+1 ). Encrypting ( 325 ) the data (D i ) for each encryption period (T i ) with a respective forward encryption key (GK F i ) and a respective reverse encryption key (GK F i ) is then performed.
23 May 2005
TL;DR: The proposed scalable encryption method makes the encrypted images have multi-level encryption and reduces the computational complexity of encryption, since different encryption algorithms can be simultaneously used in its procedure.
Abstract: A new method for encryption of JPEG2000 images, which is referred to as 'scalable encryption', is proposed in this paper. The scalable encryption method makes the encrypted images have multi-level encryption and reduces the computational complexity of encryption, since different encryption algorithms can be simultaneously used in its procedure. Moreover, the encrypted images produced by the proposed method have complete compliance with JPEG2000, so that a standard JPEG2000 decoder can decode the encrypted images and the useful functionalities of the JPEG2000 codestream are preserved after the encryption. For example, the proposed method enables that content holders have no need of preparing two or more encrypted images for various users who are provided different access rights. In addition to this, the time for the encryption can be controlled by selection of adequate encryption algorithms for faster processing.
02 Nov 2005
TL;DR: A novel cryptosystem based on reversible second-order cellular automata, featured by its large key space and high speed due to cellular Automata’s parallel information processing property, which could be implemented in hardware efficiently.
Abstract: In this paper, we present a novel cryptosystem based on reversible second-order cellular automata. The cryptosystem is featured by its large key space and high speed due to cellular automata’s parallel information processing property. Moreover, the encryption and decryption devices share the identical module, which preserves the merit of local connection of cellular automata in both encryption and decryption devices. So the scheme could be implemented in hardware efficiently. We also apply such system in message and image encryption.
01 Aug 2005
TL;DR: In this paper, a cryptosystem based on a clipped Hopfield neural network (CHNN) was proposed for encryption of digital images and videos, which is fast and suitable for hardware implementation.
Abstract: A cryptosystem based on a clipped Hopfield neural network (CHNN) was recently proposed primarily for encryption of digital images and videos. The system is fast and suitable for hardware implementation. The present paper investigates the security aspects of the CHNN-based cryptosystem, and the following weaknesses are pointed out: 1) the cryptosystem is not sufficiently secure against the ciphertext-only attacks due to the weak randomness properties of the generated keystream, and 2) the cryptosystem is insecure against known/chosen-plaintext attacks and only one known plaintext-ciphertext pair is enough to completely break all ciphertexts of the same or smaller size obtained using the same encryption keys. The security of CHNN-based cryptosystem cannot be improved unless the basic model is fundamentally changed.
Journal Article•
TL;DR: A variant of RSA algorithm to which the idea of knapsack encryption technique and RSA algorithm are combined is presented, which is stronger than the pure RSA, because it not only lessens the characteristic of safty of RSA which RSA will be broken through factoring n, but also can validate the user’s credit throughout encrypting so as to resist the man-in-the-middle attack.
Abstract: RSA is the first quite perfect Public Key Algorithm,and one possible approach which an adversary can employ to solving the RSA problem is to first factor n, and then computeφ and d.Through analysing RSA encryption technique and knapsack encryption technique,we present a variant of RSA algorithm to which the idea of knapsack encryption technique and RSA algorithm are combined .This encryption technique is stronger than the pure RSA, because it not only lessens the characteristicof safty of RSA which RSA will be broken through factoring n,but also can validate the user’s credit throughout encrypting ,so as to resist the man-in-the-middle attack.Finally ,we also introduce the application for improved algorithm in Smart Cards.
Patent•
28 Jul 2005
TL;DR: In this paper, the authors present a method for strengthening a one-time pad encryption system, which comprises the steps of encrypting plaintext (1) with an OTP key (2) in an XOR operation to produce ciphertext (3); obfuscating the ciphertext with an AutoKey (4) in XOR operations to produce AutoKeyed ciphertext, wherein the AutoKey is a reusable key.
Abstract: Apparati, methods, and computer-readable media for strengthening a one-time pad encryption system A method embodiment of the present invention comprises the steps of encrypting plaintext (1) with an OTP key (2) in an XOR operation to produce ciphertext (3); and obfuscating the ciphertext (3) with an AutoKey (4) in an XOR operation to produce AutoKeyed ciphertext (5), wherein the AutoKey (4) is a reusable key
Journal Article•
TL;DR: In this paper, the authors proposed the notion of universally anonymizable public-key encryption (WNPE), which is based on the idea of universal anonymizability, and proved its security.
Abstract: We first propose the notion of universally anonymizable public-key encryption. Suppose that we have the encrypted data made with the same security parameter, and that these data do not satisfy the anonymity property. Consider the situation that we would like to transform these encrypted data to those with the anonymity property without decrypting these encrypted data. In this paper, in order to formalize this situation, we propose a new property for public-key encryption called universal anonymizability. If we use a universally anonymizable public-key encryption scheme, not only the person who made the ciphertexts, but also anyone can anonymize the encrypted data without using the corresponding secret key. We then propose universally anonymizable public-key encryption schemes based on the ElGamal encryption scheme, the Cramer-Shoup encryption scheme, and RSA-OAEP, and prove their security.
Journal Article•
TL;DR: A novel improved self-adaptive image encryption algorithm is proposed, which is strong under known-plaintext attack on image encryption and can be used in data validation.
Abstract: In this paper, a new self-adaptive image encryption algorithm is presented, which takes on a thorough integrity protect function and can be used in data validation. First, ergodic matrices are used to realize the position permutation algorithms. In particular, several novel methods of scrambling are proposed. By analysis of the weakness of pure position algorithms, a novel improved self-adaptive algorithm is proposed, which is strong under known-plaintext attack on image encryption. Finally the speed and safety of the new algorithm are analyzed and some simulation results are given.
21 Mar 2005
TL;DR: An encryption scheme called the Randomized Dictionary Table (RDT), which embeds encryption into the LZ78 data compression method, is proposed and analyzed and achieves high security strength under both the ciphertext only attack and the known/chosen plaintext attack.
Abstract: An encryption scheme called the Randomized Dictionary Table (RDT), which embeds encryption into the LZ78 data compression method, is proposed and analyzed in this research. The basic idea is to construct multiple dictionaries with a different entry order and then randomly select one dictionary in each compression step according to a pseudo-random sequence. Our scheme incurs light computation overhead to encrypt the compressed data and does not impair the LZ compression ratio. Security analysis demonstrates that the proposed RDT scheme achieves high security strength under both the ciphertext only attack and the known/chosen plaintext attack.