Showing papers on "Plaintext-aware encryption published in 2007"

Attribute-based encryption with non-monotonic access structures

Abstract: We construct an Attribute-Based Encryption (ABE) scheme that allows a user's private key to be expressed in terms of any access formula over attributes. Previous ABE schemes were limited to expressing only monotonic access structures. We provide a proof of security for our scheme based on the Decisional Bilinear Diffie-Hellman (BDH) assumption. Furthermore, the performance of our new scheme compares favorably with existing, less-expressive schemes.

Provably secure ciphertext policy ABE

Abstract: In ciphertext policy attribute-based encryption (CP-ABE), every secret key is associated with a set of attributes, and every ciphertext is associated with an access structure on attributes. Decryption is enabled if and only if the user's attribute set satisfies the ciphertext access structure. This provides fine-grained access control on shared data in many practical settings, e.g., secure database and IP multicast.In this paper, we study CP-ABE schemes in which access structures are AND gates on positive and negative attributes. Our basic scheme is proven to be chosen plaintext (CPA) secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. We then apply the Canetti-Halevi-Katz technique to obtain a chosen ciphertext (CCA) secure extension using one-time signatures. The security proof is a reduction to the DBDH assumption and the strong existential unforgeability of the signature primitive.In addition, we introduce hierarchical attributes to optimize our basic scheme - reducing both ciphertext size and encryption/decryption time while maintaining CPA security. We conclude with a discussion of practical applications of CP-ABE.

Chosen-ciphertext secure proxy re-encryption

Abstract: In a proxy re-encryption (PRE) scheme, a proxy is given special information that allows it to translate a ciphertext under one key into a ciphertext of the same message under a different key. The proxy cannot, however, learn anything about the messages encrypted under either key. PRE schemes have many practical applications, including distributed storage, email, and DRM. Previously proposed re-encryption schemes achieved only semantic security; in contrast, applications often require security against chosen ciphertext attacks. We propose a definition of security against chosen ciphertext attacks for PRE schemes, and present a scheme that satisfies the definition. Our construction is efficient and based only on the Decisional Bilinear Diffie-Hellman assumption in the standard model. We also formally capture CCA security for PRE schemes via both a game-based definition and simulation-based definitions that guarantee universally composable security. We note that, simultaneously with our work, Green and Ateniese proposed a CCA-secure PRE, discussed herein.

Secure hybrid encryption from weakened key encapsulation

Abstract: We put forward a new paradigm for building hybrid encryption schemes from constrained chosen-ciphertext secure (CCCA) key-encapsulation mechanisms (KEMs) plus authenticated symmetric encryption. Constrained chosen-ciphertext security is a new security notion for KEMs that we propose. It has less demanding security requirements than standard CCCA security (since it requires the adversary to have a certain plaintext-knowledge when making a decapsulation query) yet we can prove that it is CCCA sufficient for secure hybrid encryption. Our notion is not only useful to express the Kurosawa-Desmedt public-key encryption scheme and its generalizations to hash-proof systems in an abstract KEM/DEM security framework. It also has a very constructive appeal, which we demonstrate with a new encryption scheme whose security relies on a class of intractability assumptions that we show (in the generic group model) strictly weaker than the Decision Diffie-Hellman (DDH) assumption. This appears to be the first practical public-key encryption scheme in the literature from an algebraic assumption strictly weaker than DDH.

On the Design of Perceptual MPEG-Video Encryption Algorithms

Abstract: In this paper, some existing perceptual encryption algorithms of MPEG videos are reviewed and some problems, especially security defects of two recently proposed MPEG-video perceptual encryption schemes, are pointed out. Then, a simpler and more effective design is suggested, which selectively encrypts fixed-length codewords in MPEG-video bit streams under the control of three perceptibility factors. The proposed design is actually an encryption configuration that can work with any stream cipher or block cipher. Compared with the previously-proposed schemes, the new design provides more useful features, such as strict size-preservation, on-the-fly encryption and multiple perceptibility, which make it possible to support more applications with different requirements. In addition, four different measures are suggested to provide better security against known/chosen-plaintext attacks

Chosen-ciphertext secure key-encapsulation based on gap hashed Diffie-Hellman

Abstract: We propose a practical key encapsulation mechanism with a simple and intuitive design concept. Security against chosen-ciphertext attacks can be proved in the standard model under a new assumption, the Gap Hashed Diffie-Hellman (GHDH) assumption. The security reduction is tight and simple. Secure key encapsulation, combined with an appropriately secure symmetric encryption scheme, yields a hybrid public-key encryption scheme which is secure against chosen-ciphertext attacks. The implied encryption scheme is very efficient: compared to the previously most efficient scheme by Kurosawa and Desmedt [Crypto 2004] it has 128 bits shorter ciphertexts, between 25-50% shorter public/secret keys, and it is slightly more efficient in terms of encryption/decryption speed. Furthermore, our scheme enjoys (the option of) public verifiability of the ciphertexts and it inherits all practical advantages of secure hybrid encryption.

Answering aggregation queries in a secure system model

Abstract: As more sensitive data is captured in electronic form, security becomes more and more important. Data encryption is the main technique for achieving security. While in the past enterprises were hesitant to implement database encryption because of the very high cost, complexity, and performance degradation, they now have to face the ever-growing risk of data theft as well as emerging legislative requirements. Data encryption can be done at multiple tiers within the enterprise. Different choices on where to encrypt the data offer different security features that protect against different attacks. One class of attack that needs to be taken seriously is the compromise of the database server, its software or administrator. A secure way to address this threat is for a DBMS to directly process queries on the ciphertext, without decryption. We conduct a comprehensive study on answering SUM and AVG aggregation queries in such a system model by using a secure homomorphic encryption scheme in a novel way. We demonstrate that the performance of such a solution is comparable to a traditional symmetric encryption scheme (e.g., DES) in which each value is decrypted and the computation is performed on the plaintext. Clearly this traditional encryption scheme is not a viable solution to the problem because the server must have access to the secret key and the plaintext, which violates our system model and security requirements. We study the problem in the setting of a read-optimized DBMS for data warehousing applications, in which SUM and AVG are frequent and crucial.

Bounded CCA2-secure encryption

Abstract: Whereas encryption schemes withstanding passive chosen-plaintext attacks (CPA) can be constructed based on a variety of computational assumptions, only a few assumptions are known to imply the existence of encryption schemes withstanding adaptive chosen-ciphertext attacks (CCA2). Towards addressing this asymmetry, we consider a weakening of the CCA2 model--bounded CCA2-security -- wherein security needs only hold against adversaries that make an a-priori bounded number of queries to the decryption oracle. Regarding this notion we show (without any further assumptions): - For any polynomial q, a simple black-box construction of q-bounded IND-CCA2-secure encryption schemes, from any IND-CPA-secure encryption scheme. When instantiated with the Decisional Diffie-Hellman (DDH) assumption, this construction additionally yields encryption schemes with very short ciphertexts. - For any polynomial q, a (non-black box) construction of q-bounded NM-CCA2-secure encryption schemes, from any IND-CPA-secure encryption scheme. Bounded-CCA2 non-malleability is the strongest notion of security yet known to be achievable assuming only the existence of IND-CPA secure encryption schemes. Finally, we show that non-malleability and indistinguishability are not equivalent under bounded-CCA2 attacks (in contrast to general CCA2 attacks).

Towards a separation of semantic and CCA security for public key encryption

Abstract: We address the question of whether or not semantically secure public-key encryption primitives imply the existence of chosen ciphertext attack (CCA) secure primitives. We show a black-box separation, following the methodology introduced by Impagliazzo and Rudich [23], for a large non-trivial class of constructions. In particular, we show that if the proposed CCA construction's decryption algorithm does not query the semantically secure primitive's encryption algorithm, then the proposed construction cannot be CCA secure.

Fast, Secure Encryption for Indexing in a Column-Oriented DBMS

Abstract: Networked information systems require strong security guarantees because of the new threats that they face. Various forms of encryption have been proposed to deal with this problem. In a database system, there are often two contradictory goals: security of the encryption and fast performance of queries. There have been a number of proposals of database encryption schemes to facilitate queries on encrypted columns. Order-preserving encryption techniques are well-suited for databases since they support a simple, and efficient way to build indices. However, as we will show, they are insecure under straightforward attack scenarios. We propose a new light-weight database encryption scheme (called FCE) for column stores in data warehouses with trusted servers. The low decryption overhead of FCE makes comparisons of ciphertexts and hence indexing operations very fast. Since it is hard to use classical security definitions in cryptography to prove the security of any existing symmetric encryption scheme, we propose a relaxed measure of security, called INFO-CPA-DB. INFO-CPA-DB is based on a well-established security definition in cryptography and relaxes it using information theoretic concepts. Using INFO-CPA-DB, we give strong evidence that FCE is as secure as any underlying block cipher (yet more efficient than using the block cipher itself). Using the same security measure we also show the inherent insecurity of any order preserving encryption scheme under straightforward attack scenarios. We discuss indexing techniques based on FCE as well.

Multirecipient Encryption Schemes: How to Save on Bandwidth and Computation Without Sacrificing Security

Abstract: This paper proposes several new schemes which allow a sender to send encrypted messages to multiple recipients more efficiently (in terms of bandwidth and computation) than by using a standard encryption scheme. Most of the proposed schemes explore a new natural technique called randomness reuse. In order to analyze security of our constructions, we introduce a new notion of multirecipient encryption schemes (MRESs) and provide definitions of security for them. We finally show a way to avoid ad hoc analyses by providing a general test that can be applied to a standard encryption scheme to determine whether the associated randomness reusing MRES is secure. The results and applications cover both asymmetric and symmetric encryption.

Generic combination of public key encryption with keyword search and public key encryption

Abstract: In this paper, we study the problem of secure integrating public key encryption with keyword search (PEKS) with public key data encryption (PKE). We argue the previous security model is not complete regarding keyword privacy and the previous constructions are secure only in the random oracle model. We solve these problems by first defining a new security model, then give a generic construction which is secure in the new security model without random oracles. Our construction is based on secure PEKS and tag-KEM/DEM schemes and achieves modular design. We also point out some applications and extensions for our construction. For example, instantiate our construction with proper components, we have a concrete scheme without random oracles, whose performance is even competitive to the previous schemes with random oracles.

Secure and practical identity-based encryption

Abstract: A variant of Waters' identity-based encryption scheme with a much smaller system parameters size (only a few kilobytes) is presented. It is shown that this variant is semantically secure against passive adversaries in the standard model. In essence, the new variant divides Waters' system parameters size by a factor l at the cost of (negligibly) reducing security by l bits. The construction yields a fully secure practical identity-based encryption scheme.

Method and apparatus for encrypting message for maintaining message integrity, and method and apparatus for decrypting message for maintaining message integrity

Abstract: A method of encrypting a message for message integrity is provided. In the method, a random number is generated, a first ciphertext is generated by encrypting the message by using the generated random number, a hash value of the first ciphertext is calculated, an encryption key is generated by using the hash value of the first ciphertext and a shared key, a second ciphertext is generated by encrypting the random number by using the encryption key, and the first and second ciphertexts are combined.

A leak and its remedy in JPEG image encryption

Abstract: Focusing on the encryption of digital image and video, an intrinsic weakness of all existing discrete-cosine-transform (DCT) based algorithms is reported. This serious weakness of DCT-based encryptions is analysed theoretically and then demonstrated practically. As an instance, a novel attack algorithm is proposed to acquire the sketch information from encrypted data without any prior knowledge of the encryption algorithm. The quality of the extracted sketch is then evaluated by comparing with the original picture edge. Thereafter, to prevent this kind of attack, a full inter-block shuffle (FIBS) approach is proposed. This method can be employed to improve the encryption security in all DCT-based algorithms, such as JPEG, MPEG video and H.26x video.

Image encryption using high-dimension chaotic system

Abstract: In recent years, the chaos based cryptographic algorithms have suggested some new and efficient ways to develop secure image encryption techniques. This paper proposes a new approach for image encryption based on a high-dimensional chaotic map. The new scheme employs the Cat map to shuffle the positions, then to confuse the relationship between the cipher-image and the plain-image using the high-dimensional Lorenz chaotic map preprocessed. The results of experimental, statistical analysis and key space analysis show that the proposed image encryption scheme provides an efficient and secure way for real-time image encryption and transmission.

A chaos-based image encryption algorithm using alternate structure

Abstract: Combined with two chaotic maps, a novel alternate structure is applied to image cryptosystem. In proposed algorithm, a general cat-map is used for permutation and diffusion, as well as the OCML (one-way coupled map lattice), which is applied for substitution. These two methods are operated alternately in every round of encryption process, where two subkeys employed in different chaotic maps are generated through the masterkey spreading. Decryption has the same structure with the encryption algorithm, but the masterkey in each round should be reversely ordered in decryption. The cryptanalysis shows that the proposed algorithm bears good immunities to many forms of attacks. Moreover, the algorithm features high execution speed and compact program, which is suitable for various software and hardware applications.

Ciphertext-only attack on double random phase encoding optical encryption system

Abstract: Security analysis of optical encryption system based on double random phase encoding indicates that the system can be classified as a linear symmetric block-cipher cryptosystem, which may lead to a great vulnerability. Under the ciphertext-only attack (COA), an opponent can attack such a cryptosystem only on the basis of estimated support of wave function in the object plane with iterative phase retrieval methods, and subsequently deduce the phase keys in the Fourier plane easily. The ciphertext-only attack (COA) requires much less resources than other types of attacks. Estimated support of wave function in the object plane could have some translations relative to the true support, so retrieved wave function could also have translations in both the amplitude and the phase, leading to a translation of retrieved plaintext relative to original plaintext. However, attackers can take this translation as a priori knowledge to traverse estimated support in the object plane until finding the best estimated keys, which bring about the best decryption quality.

Tweaking TBE/IBE to PKE Transforms with Chameleon Hash Functions

Abstract: We present two transforms to acquire chosen ciphertext security from tag based techniques The first one requires the separability of underlying primitives By separability, informally, we mean the encryption algorithm has special structures and can process the identity and the message independently Compared with generic transforms [8],it significantly reduces the ciphertext size overhead with only marginal computation cost Compared with [11], the only known technique which directly achieves chosen ciphertext secure public key encryption from separable identity based primitives, it only requires selective-Tag/ID security of underlying primitives Our second transform is less efficient but performs generically Both transforms preserve the public verifiability of underlying primitives, and can be extended to hierarchical identity based encryption (HIBE) and threshold settings As an independent interest, we also investigate the security requirements of chameleon hash functions to build strongly unforgeable one-time signatures

Miniature CCA2 PK encryption: tight security without redundancy

Abstract: We present a minimalist public-key cryptosystem, as compact as ElGamal, but with adaptive chosen-ciphertext security under the gap Diffie-Hellman assumption in the random oracle model. The novelty is a dual-hash device that provides tight redundancy-free implicit validation. Compared to previous constructions, ours features a tight security reduction, both in efficacy and efficiency, to a classic and essentially non-interactive complexity assumption, and without resorting to asymmetric/symmetric-key hybrid constructions. The system is very compact: on elliptic curves with 80-bit security, a 160-bit plaintext becomes a 320-bit ciphertext. It is also very simple and has a number of practical advantages, and we hope to see it adopted widely.

General and efficient certificateless public key encryption constructions

Abstract: In 2003, Al-Riyami and Paterson introduced a new public key encryption paradigm called Certificateless Public Key Encryption (CL-PKE), which like Identity-Based Encryption (IBE) is certificatefree, and meanwhile which unlike IBE but similar to certificate-based encryption is key-escrow-free. In this paper, based on a heuristic observation on some existing IBE schemes and PKE schemes, we propose a general approach to build a CL-PKE solution, which makes use of a simple combination of an IBE scheme, a Diffie-Hellman type key establishment algorithm and a secure hash-function. Following this approach we construct two efficient concrete CL-PKE schemes and formally analyse their security in the random oracle model.

A Parallel Algorithm for determining the inverse of a matrix for use in blockcipher encryption/decryption

Abstract: In the current world that we live in, of rapid growing technology, and especially reliance on the Internet for our daily lively hood (Banking, shopping, entertainment, news), and also with current crimes (Identity-theft, hacking, spyware), computer security is becoming more and more important. By "computer security" we often refer to addressing three important aspects of a computer-related system: Confidentiality, integrity, and availability. Encryption clearly addresses the need for confidentiality of data, both in storage and transmission. However, the use of encryption can be cumbersome and time consuming. It is important to have a fast algorithm to both encrypt and decrypt data as needed. Public key encryption, though secure, is definitely not fast enough to be used for large size data. We introduce a Parallel Algorithm for computation of inverses of matrices modulo n. This is used in conjunction with Block Ciphers and Hill Ciphers in symmetric encryption and decryption of data for transmission on open lines. Experimental studies were done to compare the run-time of this algorithm on parallel machines, to the traditional one. The new algorithm was found to perform much better than the traditional one, and would be useful to use in encryption/decryption of large sensitive data.

The First and Fourth Public-Key Cryptosystems with Worst-Case/Average-Case Equivalence

Abstract: We describe a public-key cryptosystem with worst-case/average case equivalence. The cryptosystem has an amortized plaintext to ciphertext expansion of O(n), relies on the hardness of the ˜ O(n 2 )-unique shortest vector problem for lattices, and requires a public key of size at most O(n 4 ) bits. The new cryptosystem generalizes a conceptually simple modification of the “Ajtai-Dwork” cryptosystem. We provide a unified treatment of the two cryptosystems.

Efficient chosen-ciphertext secure identity-based encryption with wildcards

Abstract: We propose new instantiations of chosen-ciphertext secure of identity-based encryption schemes with wildcards (WIBE). Our schemes outperform all existing alternatives in terms of efficiency as well as security. We achieve these results by extending the hybrid encryption (KEMDEM) framework to the case of WIBE schemes. We propose and prove secure one generic construction in the random oracle model, and one direct construction in the standard model.

Certificateless public key encryption in the selective-ID security model (without random oracles)

Abstract: The concept of Certificateless Public Key Encryption (CLPKE) eliminates the use of certificates in certified Public Key Encryption (PKE) scheme and the key-escrow problem in Identity Based Encryption (IBE) scheme. Al-Riyami and Paterson first proposed a CL-PKE scheme and proved its security in their security model (AP-model) using idealized random oracles. Several generic constructions were also proposed to construct a CL-PKE scheme by composing the standard PKE and IBE schemes. Recently, it was proved that some generic constructions are not secure against chosen ciphertext attacks in light of the security goals in the AP-model. In this paper, we show that all the known generic constructions are not secure against chosen ciphertext attacks, in the AP-model or a weaker security model than the AP-model. We also propose a CL-PKE scheme which is provably secure against chosen ciphertext attacks without random oracles. Our construction is proven secure in the selective-ID security model, reflecting the feature of CL-PKE scheme.

Data Encryption Using Event-related Brain Signals

Abstract: A method based on event-related brain signal is used for data encryption. The idea is to shuffle the Huffman tree using an encryption key generated by electroencephalogram (EEG) signals recorded when the user perceives a common black and white line picture. As different persons have different thought processes, the generated key is unique to each individual and hence the encryption is robust to fraudulent attacks as compared to other encryption systems. Further, as Huffman tree is used to encode the data during encryption, the method achieves both compression and encryption. This pilot study has shown the huge potential of the method as it is impossible to be compromised.