Showing papers on "Plaintext-aware encryption published in 2006"
30 Oct 2006
TL;DR: This work develops a new cryptosystem for fine-grained sharing of encrypted data that is compatible with Hierarchical Identity-Based Encryption (HIBE), and demonstrates the applicability of the construction to sharing of audit-log information and broadcast encryption.
Abstract: As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumesHierarchical Identity-Based Encryption (HIBE).
4,257 citations
TL;DR: The results of several experimental, statistical analysis and key sensitivity tests show that the proposed image encryption scheme based on Henon chaotic maps provides an efficient and secure way for image encryption.
Abstract: Recent researches of image encryption algorithms have been increasingly based on chaotic systems, but the drawbacks of small key space and weak security in one-dimensional chaotic cryptosystems are obvious. This paper presents a new nonlinear chaotic algorithm (NCA) which uses power function and tangent function instead of linear function. Its structural parameters are obtained by experimental analysis. And an image encryption algorithm in a one-time-one-password system is designed. The experimental results demonstrate that the image encryption algorithm based on NCA shows advantages of large key space and high-level security, while maintaining acceptable efficiency. Compared with some general encryption algorithms such as DES, the encryption algorithm is more secure.
485 citations
Posted Content•
TL;DR: In this paper, a new general mathematical problem, suitable for public-key cryptosystems, is proposed: morphism computation in a category of Abelian groups in connection with elliptic curves over finite fields, the problem becomes the following: compute an isogeny (an algebraic homomorphism) between the elliptic curve given.
Abstract: A new general mathematical problem, suitable for publickey cryptosystems, is proposed: morphism computation in a category of Abelian groups In connection with elliptic curves over finite fields, the problem becomes the following: compute an isogeny (an algebraic homomorphism) between the elliptic curves given The problem seems to be hard for solving with a quantum computer ElGamal public-key encryption and Diffie-Hellman key agreement are proposed for an isogeny cryptosystem The paper describes theoretical background and a publickey encryption technique, followed by security analysis and consideration of cryptosystem parameters selection A demonstrative example of encryption is included as well public-key cryptography, elliptic curve cryptosystem, cryptosystem on isogenies of elliptic curves, isogeny star, isogeny cycle, quantum computer
206 citations
Journal Article•
TL;DR: In this paper, a non-interactive chosen ciphertext secure threshold encryption system is presented, which is based on the identity-based encryption system of Boneh and Boyen and the chosen-ciphertext secure construction of Canetti, Halevi, and Katz.
Abstract: We present a non-interactive chosen ciphertext secure threshold encryption system. The proof of security is set in the standard model and does not use random oracles. Our construction uses the recent identity based encryption system of Boneh and Boyen and the chosen ciphertext secure construction of Canetti, Halevi, and Katz.
153 citations
10 Jul 2006
TL;DR: In this article, the concept of identity based encryption with wildcards (WIBE) was introduced, which allows the encryption of messages to multiple parties with common fields in their identity strings.
Abstract: In this paper we introduce the notion of identity based encryption with wildcards, or WIBE for short. This allows the encryption of messages to multiple parties with common fields in their identity strings, for example email groups in a corporate hierarchy. We propose a full security notion and give efficient implementations meeting this notion in the standard model and in the random oracle model
109 citations
Journal Article•
TL;DR: The notion of identity based encryption with wildcards, or WIBE for short, is introduced and efficient implementations meeting this notion in the standard model and in the random oracle model are given.
Abstract: In this paper we introduce the notion of identity based encryption with wildcards, or WIBE for short. This allows the encryption of messages to multiple parties with common fields in their identity strings, for example email groups in a corporate hierarchy. We propose a full security notion and give efficient implementations meeting this notion in the standard model and in the random oracle model.
95 citations
TL;DR: A variant of the Hill cipher that adjusts the encryption key to form a different key for each block encryption that yields higher security and significantly superior encryption quality compared to the original one.
Abstract: The Hill cipher algorithm is one of the symmetric key algorithms that have several advantages in data encryption. However, a main drawback of this algorithm is that it encrypts identical plaintext blocks to identical ciphertext blocks and cannot encrypt images that contain large areas of a single color. Thus, it does not hide all features of the image which reveals patterns in the plaintext. Moreover, it can be easily broken with a known plaintext attack revealing weak security. This paper presents a variant of the Hill cipher that overcomes these disadvantages. The proposed technique adjusts the encryption key to form a dif- ferent key for each block encryption. Visually and computationally, experimental results demonstrate that the proposed variant yields higher security and significantly superior encryption quality compared to the original one.
87 citations
20 Aug 2006
TL;DR: This work shows how to transform any semantically secure encryption scheme into one that is non-malleable for arbitrarily many messages.
Abstract: There are several candidate semantically secure encryption schemes, yet in many applications non-malleability of encryptions is crucial. We show how to transform any semantically secure encryption scheme into one that is non-malleable for arbitrarily many messages.
86 citations
13 Feb 2006
TL;DR: This work presents a non-interactive chosen ciphertext secure threshold encryption system that uses the recent identity based encryption system of Boneh and Boyen and the chosen cipher text secure construction of Canetti, Halevi, and Katz.
Abstract: We present a non-interactive chosen ciphertext secure threshold encryption system. The proof of security is set in the standard model and does not use random oracles. Our construction uses the recent identity based encryption system of Boneh and Boyen and the chosen ciphertext secure construction of Canetti, Halevi, and Katz.
85 citations
TL;DR: Theoretical analysis and experimental results show that the proposed scheme can achieve various purposes of selective encryption and is computationally secure, and does not decrease the compressibility of the standard JPEG 2000 coding scheme.
55 citations
28 May 2006
TL;DR: In this paper, the Cramer-Shoup scheme is shown to be plaintext-aware in the standard model, which answers a previously open conjecture of Bellare and Palacio on the existence of fully plaintext aware encryption schemes.
Abstract: In this paper we examine the notion of plaintext awareness as it applies to hybrid encryption schemes. We apply this theory to the Cramer-Shoup hybrid scheme acting on fixed length messages and deduce that the Cramer-Shoup scheme is plaintext-aware in the standard model. This answers a previously open conjecture of Bellare and Palacio on the existence of fully plaintext-aware encryption schemes.
TL;DR: Numerical simulations show that the new chaotic cryptosystem is practical whenever efficiency, ciphertext length or security is concerned, and a noise-like variable is utilized to govern the encryption and decryption processes.
Abstract: Based on the study of some previously proposed chaotic encryption algorithms, we found that it is dangerous to mix chaotic state or iteration number of the chaotic system with ciphertext. In this paper, a new chaotic cryptosystem is proposed. Instead of simply mixing the chaotic signal of the proposed chaotic cryptosystem with the ciphertext, a noise-like variable is utilized to govern the encryption and decryption processes. This adds statistical sense to the new cryptosystem. Numerical simulations show that the new cryptosystem is practical whenever efficiency, ciphertext length or security is concerned.
Posted Content•
TL;DR: In this article, a practical identity-based encryption scheme that is secure in the standard model against chosen-ciphertext (IND-CCA2) attacks is described, which is based on an assumption similar to (but slightly stronger than) Bilinear Decisonal Di-e-Hellman (BDDH).
Abstract: We describe a practical identity-based encryption scheme that is secure in the standard model againstchosen-ciphertext(IND-CCA2)attacks. Securityisbasedonanassumptioncomparableto (but slightly stronger than) Bilinear Decisonal Di‐e-Hellman (BDDH). A comparison shows that our construction outperforms all known identity-based encryption schemes in the standard model anditsperformanceisevencomparablewiththeonefromtherandom-oraclebasedBoneh/Franklin IBEscheme. OurproposedIBEschemehasfurthermorethepropertythatitfulflllssomenotionof \redundancy-freeness",i.e. theencryptionalgorithmisnotonlyaprobabilisticinjectionbutalsoa surjection. As a consequence the ciphertext overhead is nearly optimal: to encrypt k bit messages for k bit identities and with k bit randomness we get 3k bit ciphertexts to guarantee (roughly) k bits of security.
TL;DR: This work presents and analyze an adaptive chosen ciphertext secure (IND-CCA) identity-based encryption scheme (IBE) based on the well studied Decisional Diffie-Hellman (DDH) assumption that is provably secure in the standard model assuming the adversary can corrupt up to a maximum of k users adaptively.
Abstract: We present and analyze an adaptive chosen ciphertext secure (IND-CCA) identity-based encryption scheme (IBE) based on the well studied Decisional Diffie-Hellman (DDH) assumption. The scheme is provably secure in the standard model assuming the adversary can corrupt up to a maximum of k users adaptively. This is contrary to the Boneh-Franklin scheme which holds in the random-oracle model.
24 Apr 2006
TL;DR: Partially homomorphic in customizable ways, this paper's encryptions are comparable to plain ElGamal in efficiency, and boost the encryption ratio from about 13 for classical parameters to the optimal value of 2.
Abstract: ElGamal encryption is the most extensively used alternative to RSA. Easily adaptable to many kinds of cryptographic groups, ElGamal encryption enjoys homomorphic properties while remaining semantically secure providing that the DDH assumption holds on the chosen group. Its practical use, unfortunately, is intricate: plaintexts have to be encoded into group elements before encryption, thereby requiring awkward and ad hoc conversions which strongly limit the number of plaintext bits or may partially destroy homomorphicity. Getting rid of the group encoding (e.g., with a hash function) is known to ruin the standard model security of the system.
This paper introduces a new alternative to group encodings and hash functions which remains fully compatible with standard model security properties. Partially homomorphic in customizable ways, our encryptions are comparable to plain ElGamal in efficiency, and boost the encryption ratio from about 13 for classical parameters to the optimal value of 2.
Posted Content•
TL;DR: This paper proposes a Hierarchical Identity Based Encryption scheme that is proven secure under the strongest model of [5] directly, without relying on random oracles and using more standard q-SDH assumption.
Abstract: In this paper, we propose a Hierarchical Identity Based Encryption scheme that is proven secure under the strongest model of [5] directly, without relying on random oracles The size of the ciphertext is a constant while the size of public parameters is independent to the number of bit representing an identity It is the first in the literature to achieve such a high security level and space efficiency at the same time In addition, we also propose the first Hierarchical Identity Based Signature scheme that is proven under the strongest model without relying on random oracles and using more standard q-SDH assumption Similar to the proposed encryption scheme, the space complexity of the signature and public parameters are as efficient as the proposed encryption scheme
Journal Article•
TL;DR: Using nine different security notions for KEMs, ten for DEMs, and six for PKE schemes, this work completely characterize which combinations lead to a secure hybrid PKE scheme and which do not and revisit and extend prior work on the relation among security notions.
Abstract: The KEM/DEM hybrid encryption paradigm combines the efficiency and large message space of secret key encryption with the advantages of public key cryptography. Due to its simplicity and flexibility, the approach has ever since gained increased popularity and has been successfully adapted in encryption standards. In hybrid public key encryption (PKE), first a key encapsulation mechanism (KEM) is used to fix a random session key that is then fed into a highly efficient data encapsulation mechanism (DEM) to encrypt the actual message. A composition theorem states that if both the KEM and the DEM have the highest level of security (i.e. security against chosen-ciphertext attacks), then so does the hybrid PKE scheme. It is not known if these strong security requirements on the KEM and DEM are also neccessary, nor if such general composition theorems exist for weaker levels of security. In this work we study neccessary and sufficient conditions on the security of the KEM and the DEM in order to guarantee a hybrid PKE scheme with a certain given level of security. More precisely, using nine different security notions for KEMs, ten for DEMs, and six for PKE schemes we completely characterize which combinations lead to a secure hybrid PKE scheme (by proving a composition theorem) and which do not (by providing counterexamples). Furthermore, as an independent result, we revisit and extend prior work on the relation among security notions for KEMs and DEMs.
03 Nov 2006
TL;DR: It is argued that well-typed, polynomial-time programs in the type system extended to address encryption and decryption satisfy a computational probabilistic noninterference property, provided that the encryption scheme is IND-CCA secure.
Abstract: Type systems for secure information flow aim to prevent a program from leaking information from variables classified as $H$ to variables classified as $L$. In this work we extend such a type system to address encryption and decryption; our intuition is that encrypting a $H$ plaintext yields a $L$ ciphertext. We argue that well-typed, polynomial-time programs in our system satisfy a computational probabilistic noninterference property, provided that the encryption scheme is IND-CCA secure. As a part of our proof, we first consider secure information flow in a language with a random assignment operator (but no encryption). We establish a result that may be of independent interest, namely, that well-typed, probabilistically total programs with random assignments satisfy probabilistic noninterference. We establish this result using a weak probabilistic bisimulation.
TL;DR: An efficient key management and derivation scheme based on the elliptic curve cryptosystem is proposed to solve the hierarchical access control problem and is shown much more efficiently and flexibly than the schemes proposed previously.
TL;DR: A cryptosystem for secure communication between computers using synchronisation of discrete-time chaotic systems that employs a one-time pad encryption where each message block of M bits is encrypted using a unique set of secret keys that is self-generated within the system.
27 Feb 2006
TL;DR: In this paper, the authors formalize the notion of secure timed-release public key encryption, and show that it is equivalent to strongly key-insulated public-key encryption (with optimal threshold and random access key updates).
Abstract: In this paper we consider two security notions related to Identity Based Encryption: Key-insulated public key encryption, introduced by Dodis, Katz, Xu and Yung; and Timed-Release Public Key cryptography, introduced independently by May and Rivest, Shamir and Wagner. We first formalize the notion of secure timed-release public key encryption, and show that, despite several differences in its formulation, it is equivalent to strongly key-insulated public key encryption (with optimal threshold and random access key updates). Next, we introduce the concept of an authenticated timed-release cryptosystem, briefly consider generic constructions, and then give a construction based on a single primitive which is efficient and provably secure.
TL;DR: In this article, the authors present a cryptanalysis of an image encryption scheme based on the base-switching (BS) lossless compression algorithm, which is not secure against known/chosen-plaintext/ciphertext attacks.
Abstract: We present cryptanalysis of an image encryption scheme, which is based on the base-switching (BS) lossless compression algorithm. The following conclusions are reached: 1. the size of the key space, i.e., the security against brute-force attacks, was greatly overestimated by the designers; and 2. the scheme is not secure against known/chosen-plaintext/ciphertext attacks. A real example is given to show the feasibility of a proposed chosen-plaintext attack. In addition, some other minor problems of the joint compression-encryption scheme are also pointed out.
TL;DR: This paper analyzes the security of DSEA, and points out the following weaknesses: its security against the brute-force attack was overestimated, it is not sufficiently secure against ciphertext-only attacks, and only one ciphertext is enough to get some information about the plaintext and to break the value of a sub-key.
Patent•
01 Aug 2006
TL;DR: In this paper, a multistage sequence of pseudorandom permutations is proposed to achieve enhanced integrity verification through assured error propagation using a multi-stage sequence of pseudo-random permutations.
Abstract: An encryption and authentication technique that achieves enhanced integrity verification through assured error-propagation using a multistage sequence of pseudorandom permutations. The present invention generates intermediate data-dependent cryptographic variables at each stage, which are systematically combined into feedback loops. The encryption technique also generates an authentication tag without any further steps that is N times longer than the block size where N is the number of pseudorandom permutations used in the encipherment of each block. The authentication tag provides a unique mapping to the plaintext for any number of plaintext blocks that is less than or equal to N. In addition to being a stand alone encryption algorithm, the disclosed technique is applicable to any mode that uses pseudorandom permutations such as, key dependent lookup tables, S-Boxes, and block ciphers such as RC5, TEA, and AES.
TL;DR: An efficient technique for parallel computation of the modular exponentiation is proposed and the algorithm can reduce time complexity and improves efficiency for RSA cryptosystem.
Abstract: We know the necessity for information security becomes more widespread in these days, especially for hardware-based implementations such as smart cards chips for wireless applications and cryptographic accelerators. Fast modular exponentiation algorithms are often considered of practical significance in public-key cryptosystems. The RSA cryptosystem is one of the most widely used technologies for achieving information security. The main task of the encryption and decryption engine of RSA cryptosystem is to compute M E mod N. Because the bit-length of the numbers M, E, and N would be about 512 to 1024 bits now, the computations for RSA cryptosystem are time-consuming. In this paper, an efficient technique for parallel computation of the modular exponentiation is proposed and our algorithm can reduce time complexity. We can have the speedup ratio as 1.06 or even 2.75 if the proposed technique is used. In Savas-Tenca-Koc algorithm, they design a multiplier with an insignificant increase in chip area (about 2.8p) and no increase in time delay. Our proposed technique is faster than Savas-Tenca-Koc algorithm in time complexity and improves efficiency for RSA cryptosystem.
21 Mar 2006
TL;DR: A policy-based public-key encryption scheme from bilinear pairings was developed and proved its security under the corresponding security model and a proposal improves related work in terms of both security and efficiency.
Abstract: The concept of policy-based cryptography is a promising paradigm for trust establishment and authorization in largescale open environments like the Internet and Mobile Networks. It aims at providing a framework for performing cryptographic operations with respect to policies formalized as monotone Boolean expressions written in standard normal forms. A policy involves conjunctions and disjunctions of conditions where each condition is fulfilled by a digital credential representing the signature of a specific credential issuer on a set of statements about a certain entity. Therefore, an entity fulfills a policy if any only if it has been issued a set of credentials fulfilling the combination of conditions specified by the policy.In this work, we focus on policy-based encryption schemes which allow to encrypt a message according to a policy so that only entities fulfilling the policy are able to decrypt the message. More generally, policy-based encryption belongs to an emerging family of encryption schemes sharing the ability to integrate encryption with access control structures. This ability is mainly enabled by bilinear pairings over elliptic curves and allows for several interesting applications in different contexts.A policy-based encryption scheme has to fulfill two primary requirements: on one hand, provable security under well defined attack models. On the other hand, efficiency, especially when dealing with the conjunctions and disjunctions of credential-based conditions.The contributions of our research work are twofold:1. The standard acceptable notion of security for public-key encryption schemes is indistinguishability against chosen ciphertext attacks. Hence, it is natural to require that a policy-based encryption scheme also satisfies this strong notion of security. However, the definition of this security notion must be adapted to the policy-based setting. Our first contribution is the definition of policy-oriented security model for policy-based encryption schemes as well as the development of an efficient policy-based encryption scheme that is provably secure under our security model in the random oracle model.2. Policy-based encryption schemes may suffer from the key-escrow property i.e. in addition to the legitimate holder of the credentials fulfilling the encryption policy, any collusion of credential issuers who are able to issue a set of credentials fulfilling the policy can decrypt the message. Our second contribution is to address this issue through the notion of policy-based public-key encryption. The latter allows encrypting a message not only with respect to a policy but also according to a public-key so that only an entity fulfilling the policy and having access to the corresponding private-key is able to decrypt the message. We developed a policy-based public-key encryption scheme from bilinear pairings and proved its security under the corresponding security model. Our proposal improves related work in terms of both security and efficiency.
TL;DR: The weakness of Javidi's optical security system is carefully analyzed with a known-plain text attack and it is shown that the double-random-phase encoding encryption scheme is a linear symmetric block cipher cryptosystem and its linearity opens avenues of attacks.
Abstract: In the field of optical information security, the most attractive work is the so-called double-random-phase encoding encryption scheme proposed by Javidi. However, the security of this cryptosystem has not been analyzed thoroughly from the point of view of cryptoanalysis. In this article, the weakness of Javidi's optical security system is carefully analyzed with a known-plain text attack. It is shown that the double-random-phase encoding encryption scheme is a linear symmetric block cipher cryptosystem and its linearity opens avenues of attacks. Under the known-plaintext attack, attacker can obtain the phase key(s) in the input plane using the typical phase retrieval algorithms and subsequently deduce the phase key(s) in the Fourier domain easily. In addition, an optical implementation of known-plain text attack is also proposed.
14 May 2006
TL;DR: A lightweight encryption scheme for JPEG 2000 based on the wavelet packet transform is proposed, which significantly reduces the amount of data to be encrypted compared to full encryption and other partial or selective encryption schemes, at the cost of increased computational complexity in the compression pipeline.
Abstract: A lightweight encryption scheme for JPEG 2000 based on the wavelet packet transform is proposed. This scheme significantly reduces the amount of data to be encrypted compared to full encryption and other partial or selective encryption schemes, at the cost of increased computational complexity in the compression pipeline. We investigate the applicability of this approach in two scenarios: for providing full confidentiality and for its utility as a transparent encryption scheme. We evaluate the presented scheme in the context of each scenario with respect to its impact on compression performance, its complexity, the level of security it provides, and its applicability.
TL;DR: A chosen plaintext attack requiring only two plaintexts is proposed and an improved version of this attack that narrows the key space need to be searched is also suggested.
Abstract: An encryption system with discretized skew tent map has been proposed recently by N. Masuda . However, there is a fundamental weakness with this chaotic cryptographic scheme. In this paper, a chosen plaintext attack requiring only two plaintexts is proposed. An improved version of this attack that narrows the key space need to be searched is also suggested. The test results demonstrate that this encryption cryptosystem is easily broken under the proposed chosen plaintext attack.
25 Jun 2006
TL;DR: In this paper, a novel broadcast group oriented encryption scheme, any receiver in the designated group can independently decrypt the ciphertext, and both ciphertext and private keys are of constant size.
Abstract: In this paper, we present a novel broadcast group oriented encryption. In our scheme, any receiver in the designated group can independently decrypt the ciphertext. In addition, compared with other schemes, both ciphertext and private keys are of constant size. Therefore, it is more efficient than the ordinary measures for a sender to encrypt a message for a group.