scispace - formally typeset
Search or ask a question

Showing papers on "Plaintext-aware encryption published in 2010"


Book ChapterDOI
30 May 2010
TL;DR: In this article, a fully secure attribute-based encryption (ABE) scheme and a predicate encryption (PE) scheme for inner-product predicates were constructed using dual pairing vector spaces.
Abstract: We present two fully secure functional encryption schemes: a fully secure attribute-based encryption (ABE) scheme and a fully secure (attribute-hiding) predicate encryption (PE) scheme for inner-product predicates. In both cases, previous constructions were only proven to be selectively secure. Both results use novel strategies to adapt the dual system encryption methodology introduced by Waters. We construct our ABE scheme in composite order bilinear groups, and prove its security from three static assumptions. Our ABE scheme supports arbitrary monotone access formulas. Our predicate encryption scheme is constructed via a new approach on bilinear pairings using the notion of dual pairing vector spaces proposed by Okamoto and Takashima.

1,363 citations


Book ChapterDOI
15 Aug 2010
TL;DR: In this article, a fully secure functional encryption scheme for a wide class of relations, that are specified by non-monotone access structures combined with inner-product relations, is presented under a well-established assumption, the decisional linear (DLIN) assumption.
Abstract: This paper presents a fully secure functional encryption scheme for a wide class of relations, that are specified by nonmonotone access structures combined with inner-product relations. The security is proven under a well-established assumption, the decisional linear (DLIN) assumption, in the standard model. The proposed functional encryption scheme covers, as special cases, (1) key-policy and ciphertext-policy attribute-based encryption with non-monotone access structures, and (2) (hierarchical) predicate encryption with inner-product relations and functional encryption with non-zero inner-product relations.

509 citations


Proceedings ArticleDOI
04 Oct 2010
TL;DR: This work put forward the notion of Worry-Free Encryption and shows how to achieve it for any polynomial-time computable policy, under only the assumption that IND-CPA public-key encryption schemes exist.
Abstract: In this work, we put forward the notion of Worry-Free Encryption This allows Alice to encrypt confidential information under Bob's public key and send it to him, without having to worry about whether Bob has the authority to actually access this information This is done by encrypting the message under a hidden access policy that only allows Bob to decrypt if his credentials satisfy the policy Our notion can be seen as a functional encryption scheme but in a public-key setting As such, we are able to insist that even if the credential authority is corrupted, it should not be able to compromise the security of any honest userWe put forward the notion of Worry-Free Encryption and show how to achieve it for any polynomial-time computable policy, under only the assumption that IND-CPA public-key encryption schemes exist Furthermore, we construct CCA-secure Worry-Free Encryption, efficiently in the random oracle model, and generally (but inefficiently) using simulation-sound non-interactive zero-knowledge proofs

200 citations


Book ChapterDOI
26 May 2010
TL;DR: The notion of negated spatial encryption is introduced, which subsumes non-zero-mode IPE and can be seen as the revocation analogue of the spatial encryption primitive of Boneh and Hamburg.
Abstract: In functional encryption (FE) schemes, ciphertexts and private keys are associated with attributes and decryption is possible whenever key and ciphertext attributes are suitably related. It is known that expressive realizations can be obtained from a simple FE flavor called inner product encryption (IPE), where decryption is allowed whenever ciphertext and key attributes form orthogonal vectors. In this paper, we construct (non-anonymous) IPE systems with constant-size ciphertexts for the zero and non-zero evaluations of inner products. These schemes respectively imply an adaptively secure identity-based broadcast encryption scheme and an identity-based revocation mechanism that both feature short ciphertexts and rely on simple assumptions in prime order groups. We also introduce the notion of negated spatial encryption, which subsumes non-zero-mode IPE and can be seen as the revocation analogue of the spatial encryption primitive of Boneh and Hamburg.

171 citations


Journal ArticleDOI
TL;DR: A new image encryption algorithm using a large pseudorandom permutation which is combinatorially generated from small permutation matrices based on chaotic maps to provide comparable security with that of the conventional image encryption schemes based on Baker map or Logistic map.

148 citations


Journal ArticleDOI
TL;DR: The number of additional bits required from chosen plain text attack-secure CP-ABE to chosen ciphertext attack- secure CP- ABE is reduced by 90% with respect to that of the previous scheme.
Abstract: An Attribute-Based Encryption (ABE) is an encryption scheme where users with some attributes can decrypt ciphertexts associated with these attributes. The length of the ciphertext depends on the number of attributes in previous ABE schemes. In this paper, we propose a new Ciphertext-Policy Attribute-Based Encryption (CP-ABE) with constant ciphertext length. In our scheme, the number of pairing computations is also constant. In addition, the number of additional bits required from chosen plaintext attack-secure CP-ABE to chosen ciphertext attack-secure CP-ABE is reduced by 90% with respect to that of the previous scheme.

115 citations


Book ChapterDOI
15 Dec 2010
TL;DR: This work presents a novel ciphertext policy attribute-based proxy re-encryption (CP-AB-PRE) scheme that satisfies the properties of PRE, such as unidirectionality, non-interactivity and multi-use.
Abstract: We present a novel ciphertext policy attribute-based proxy re-encryption (CP-AB-PRE) scheme. The ciphertext policy realized in our scheme is AND-gates policy supporting multi-value attributes, negative attributes and wildcards. Our scheme satisfies the properties of PRE, such as unidirectionality, non-interactivity and multi-use. Moreover, the proposed scheme has master key security, allows the encryptor to decide whether the ciphertext can be re-encrypted and allows the proxy to add access policy when re-encrypting ciphertext. Furthermore, our scheme can be modified to have constant ciphertext size in original encryption.

111 citations


Journal ArticleDOI
TL;DR: The computer simulation results show that the proposed encryption algorithm is sensitive to the multiple keys, and that it has considerable robustness, noise immunity and security.

95 citations


Journal ArticleDOI
TL;DR: This paper proposes and implements two different attacks which completely break this encryption scheme which is composed of two shuffling stages parameterized by chaotically generated sequences.

88 citations


Proceedings ArticleDOI
04 Oct 2010
TL;DR: In this paper, the authors proposed a new construction of CP-ABE, named Constant-size CP-ABCE, which significantly reduces the ciphertext to a constant size for an AND gate access policy with any given number of attributes.
Abstract: Existing CP-ABE schemes incur very large ciphertext size, which increases linearly with respect to the number of attributes in the access policy. Large ciphertext prevents CP-ABE from being adopted in the communication constrained environments. In this paper, we proposed a new construction of CP-ABE, named Constant-size CP-ABE (denoted as CCP-ABE) that significantly reduces the ciphertext to a constant size for an AND gate access policy with any given number of attributes. Each ciphertext in CCP-ABE requires only elements on a bilinear group.Based on CCP-ABE, we further proposed an Attribute Based Broadcast Encryption (ABBE) scheme. Compared to existing Broadcast Encryption (BE) schemes, ABBE is more flexible because a broadcasted message can be encrypted by an expressive access policy, either with or without explicit specifying the receivers. Moreover, ABBE significantly reduces the storage and communication overhead to the order of $O(\log N)$, where $N$ is the system size.

78 citations


Journal ArticleDOI
TL;DR: A new image encryption algorithm based on chaos with the PWL memristor in Chua's circuit that includes two main operations of image scrambling and pixel replacement and has high-level security.
Abstract: An image encryption algorithm based on the chaotic system has been increasingly used, but the disadvantages of small key space, weak security in low dimensional chaotic cryptosystems, simple chaotic system, and inconvenient for hardware implementation, are obvious. This paper presents a new image encryption algorithm based on chaos with the PWL memristor in Chua’s circuit. This encryption algorithm includes two main operations of image scrambling and pixel replacement. Simulations show that the key space is large, and the attacker cannot decrypt an encrypted image without the correct key. The encryption algorithm has high-level security.

Journal ArticleDOI
TL;DR: This paper implements some of the widely used symmetric encryption techniques i.e. data encryptionStandard (DES), triple data encryption standard (3DES), advanced encryption standard(AES), BLOWFISH and RC4 in MATLAB software and these techniques are compared on some points.
Abstract: This paper implements some of the widely used symmetric encryption techniques i.e. data encryption standard (DES), triple data encryption standard (3DES), advanced encryption standard (AES), BLOWFISH and RC4 in MATLAB software. After the implementation, these techniques are compared on some points. These points are avalanche effect due to one bit variation in plaintext keeping the key constant, avalanche effect due to one bit variation in key keeping the plaintext constant, memory required for implementation and simulation time required for different message lengths.

Journal ArticleDOI
TL;DR: A new scheme for joint compression and encryption using the Huffman codec where a basic tree is first generated for a given message and then based on a keystream generated from a chaotic map and depending from the input message, thebasic tree is mutated without changing the statistical model.

Book ChapterDOI
05 Dec 2010
TL;DR: This work takes a closer look at anonymity and robustness in encryption schemes, which guarantees that every ciphertext can only be decrypted to a valid plaintext under the intended recipient's secret key.
Abstract: In this work, we take a closer look at anonymity and robustness in encryption schemes. Roughly speaking, an anonymous encryption scheme hides the identity of the secret-key holder, while a robust encryption scheme guarantees that every ciphertext can only be decrypted to a valid plaintext under the intended recipient’s secret key.

Journal ArticleDOI
01 May 2010
TL;DR: Experimental results verify and prove that the proposed modification to image cryptosystem is highly secure from the cryptographic viewpoint and with a comparison to original AES encryption algorithm the modified algorithm (MAES) gives better encryption results in terms of security against statistical attacks.
Abstract: Security in transmission storage of digital images has its importance in today's image communications and confidential video conferencing. Advanced Encryption Standard (AES) is a well known block cipher that has several advantages in data encryption. However, it is not suitable for real-time applications. In this paper, we present a modification to the Advanced Encryption Standard (MAES) to reflect a high level security and better image encryption. The modification is done by adjusting the ShiftRow phase. Experimental results verify and prove that the proposed modification to image cryptosystem is highly secure from the cryptographic viewpoint. The results also prove that with a comparison to original AES encryption algorithm the modified algorithm (MAES) gives better encryption results in terms of security against statistical attacks.

Journal ArticleDOI
TL;DR: A novel processor architecture is presented as a high-performance platform to execute key generation, encryption, and decryption according to the McEliece public-key cryptosystem.
Abstract: The McEliece public-key cryptosystem relies on the NP-hard decoding problem, and therefore, is regarded as a solution for postquantum cryptography. Though early known, this cryptosystem was not employed so far because of efficiency questions regarding performance and communication overhead. This paper presents a novel processor architecture as a high-performance platform to execute key generation, encryption, and decryption according to this cryptosystem. A prototype of this processor is realized on a reconfigurable device and tested via a dedicated software interface. A comparison with a similar software solution highlights the performance advantage of the proposed hardware solution.

Journal ArticleDOI
TL;DR: A new method for visual multimedia content encryption using Cellular Automata (CA), based on the application of an attribute of the CLF XOR filter, according to which the original content of a cellular neighborhood can be reconstructed following a predetermined number of repeated applications of the filter.

Patent
21 Apr 2010
TL;DR: In this paper, a method and system for generating ciphertext message data and message authentication codes utilizing shared hardware is described, where the plaintext message is received at an authenticated encryption unit which comprises first and second authenticated encryption hardware modules.
Abstract: A method and system for generating ciphertext and message authentication codes utilizing shared hardware are disclosed. According to one embodiment, a method is provided of generating ciphertext message data and message authentication codes utilizing shared authenticated encryption unit hardware. In the described embodiment, plaintext message data is received at an authenticated encryption unit which comprises first and second authenticated encryption hardware modules. Thereafter, a first message authentication code (MAC) associated with a first authenticated encryption mode and a second MAC associated with a second authenticated encryption mode are generated. More specifically, the first MAC is generated utilizing the plaintext message data and first authenticated encryption hardware module and ciphertext message data and the second MAC are generated utilizing the plaintext message data and second authenticated encryption hardware module.

Journal ArticleDOI
TL;DR: It is shown that the encryption architecture of this cryptosystem exhibits some important problems related to its implementation and its robustness against noise.

01 Jan 2010
TL;DR: In this survey, FPE is described and known techniques for achieving it are reviewed, including FFX, a recent proposal made to NIST.
Abstract: Format-preserving encryption (FPE) encrypts a plaintext of some specified format into a ciphertext of the same format—for example, encrypting a social-security number into a social-security number. In this survey we describe FPE and review known techniques for achieving it. These include FFX, a recent proposal made to NIST.

Journal ArticleDOI
TL;DR: A new efficient identity-based broadcast encryption scheme without random oracles is proposed and it is proved that it achieves selective identity, chosen plaintext security.
Abstract: We propose a new efficient identity-based broadcast encryption scheme without random oracles and prove that it achieves selective identity, chosen plaintext security. Our scheme is constructed based on bilinear Diffie-Hellman inversion assumption and it is a good efficient hybrid encryption scheme, which achieves O (1) -size ciphertexts, public parameters and constant size private keys. In our scheme, either ciphertexts or public parameters has no relation with the number of receivers, moreover, both the encryption and decryption only require one pairing computation. Compared with other identity-based broadcast encryption schemes, our scheme has comparable properties, but with a better efficiency.

Book ChapterDOI
09 Feb 2010
TL;DR: A variant of the Naor-Yung (NY) paradigm that leads to practical, fully IND-CCA secure encryption schemes whose security can be based on a generic class of algebraic complexity assumptions, and which uses hash proof systems in the NY way as a device to prove consistency.
Abstract: The Naor-Yung (NY) paradigm shows how to build a chosen-ciphertext secure encryption scheme from three conceptual ingredients: a weakly (i.e., IND-CPA) secure encryption scheme, a “replication strategy” that specifies how to use the weakly secure encryption scheme; concretely, a NY-encryption contains several weak encryptions of the same plaintext, a non-interactive zero-knowledge (NIZK) proof system to show that a given ciphertext is consistent, i.e., contains weak encryptions of the same plaintext. The NY paradigm served both as a breakthrough proof-of-concept, and as an inspiration to subsequent constructions. However, the NY construction leads to impractical encryption schemes, due to the usually prohibitively expensive NIZK proof. In this contribution, we give a variant of the NY paradigm that leads to practical, fully IND-CCA secure encryption schemes whose security can be based on a generic class of algebraic complexity assumptions. Our approach refines NY’s approach as follows: Our sole computational assumption is that of a Diffie-Hellman (DH) type two-move key exchange protocol, interpreted as a weakly secure key encapsulation mechanism (KEM). Our “replication strategy” is as follows. Key generation consists of replicating the KEM several times, but only the first pass. Encryption then consists of performing the second pass with respect to all of these, but with the same random coins in each instance. For proving consistency of a given ciphertext, we employ a practical universal hash proof system, case-tailored to our KEM and replication strategy. We instantiate our paradigm both from computational Diffie-Hellman (CDH) and from RSA type assumptions. This way, practical IND-CCA secure encryption schemes based on search problems can be built and explained in a generic, NY-like fashion. We would like to stress that while we generalize universal hash proof systems as a proof system, we do not follow or generalize the approach of Cramer and Shoup to build IND- CCA secure encryption. Their approach uses specific hash proof systems that feature, on top of a NIZK property, a computational indistinguishability property. Hence they necessarily build upon decisional assumptions, whereas we show how to implement our approach with search assumptions. Our approach uses hash proof systems in the NY way, namely solely as a device to prove consistency. In our case, secrecy is provided by the “weak encryption” component, which allows us to embed search problems.

Journal ArticleDOI
TL;DR: This paper lays out a scheme for a two-level H.263-based video cryptosystem, which skillfully combines the traditional selective encryption algorithm with permutation and subsequent masking operation of the coded H. 263-based stream.
Abstract: Chaos-based video encryption algorithms are designed based on selective encryption method. Different from many prevailing MPEG-based video encryption designs, this paper lays out a scheme for a two-level H.263-based video cryptosystem, which skillfully combines the traditional selective encryption algorithm with permutation and subsequent masking operation of the coded H.263-based stream. Lastly, the implementation of the proposed cryptosystem on a local area network (LAN) strongly illustrates the efficiency and feasibility of the two-level chaos-based cryptosystem for practical use in many respects, including processing speed, compression ratio, quality of reconstructed image and security level.

Journal ArticleDOI
YinXia Sun1, Hui Li1
TL;DR: This paper presents a short-ciphertext CCA2 secure certificateless encryption scheme under the standard BDH assumption, and due to short ciphertext and convincing security, this scheme has practical value.
Abstract: Certificateless public key cryptosystem actually belongs to identity based cryptography, with an attractive characteristic that the private key generator does not have access to any user’s full private key. Most of the existing certificateless encryption schemes employ the FO-technique and/or strong assumptions, for example GBDH, Gap-BDH and BDHI, to achieve adaptive chosen ciphertext security (CCA2 security). However, FO-technique introduces redundancy in ciphertext, and strong assumption reduces our confidence in the security of the underlying scheme. In this paper, we present a short-ciphertext CCA2 secure certificateless encryption scheme under the standard BDH assumption. Due to short ciphertext and convincing security, our scheme has practical value.

Posted Content
TL;DR: A trapdoor one-way function is constructed based on two n-qubit quantum states, and a bit-oriented quantum public-key encryption scheme is suggested which has been proved to be information theoretic security under chosen plaintext attack.
Abstract: We present a definition of information theoretic security of quantum public-key encryption(QPKE) under chosen plaintext attack. Then we introduce two n-qubit quantum states and prove the indistinguishable and trapdoor property of them. We construct a trapdoor one-way function based on the two states, and suggest a bit-oriented quantum public-key encryption scheme which has been proved to be information theoretic security under chosen plaintext attack . Finally, we extend the QPKE scheme to multi-bit-oriented one.

Journal ArticleDOI
TL;DR: An identity-based unidirectional PRE scheme is presented, which not only is provably secure against the chosen ciphertext attack in the standard model but also achieves the master secret security at the same time.
Abstract: We address the cryptographic topic of proxy re-encryption (PRE), which is a special public-key cryptosystem. A PRE scheme allows a special entity, known as the proxy, to transform a message encrypted with the public key of a delegator (say Alice), into a new ciphertext that is protected under the public key of a delegatee (say Bob), and thus the same message can then be recovered with Bob's private key. In this paper, in the identity-based setting, we first investigate the relationship between so called mediated encryption and unidirectional PRE. We provide a general framework which converts any secure identity-based unidirectional PRE scheme into a secure identity-based mediated encryption scheme, and vice versa. Concerning the security for unidirectional PRE schemes, Ateniese et al. previously suggested an important property known as the master secret security, which requires that the coalition of the proxy and Bob cannot expose Alice's private key. In this paper, we extend the notion to the identity-based setting, and present an identity-based unidirectional PRE scheme, which not only is provably secure against the chosen ciphertext attack in the standard model but also achieves the master secret security at the same time.

Book ChapterDOI
13 Dec 2010
TL;DR: Two new generic constructions of TRE-PC schemes derived from a generic construction from a public-key encryption scheme, an identity-based encryption scheme (with some special property), and a signature scheme are proposed.
Abstract: Timed-release encryption with pre-open capability (TRE-PC), introduced by Hwang et al. in 2005, is a cryptosystem with which a sender can make a ciphertext so that a receiver can decrypt it by using a timed-release key provided from a trusted time-server, or by using a special information called pre-open key provided from the sender before the release-time, and thus adds flexibility to ordinary TRE schemes in many practical situations. Recently, Nakai et al. proposed a generic construction of a TRE-PC scheme from a public-key encryption scheme, an identity-based encryption scheme (with some special property), and a signature scheme. Concrete TRE-PC schemes derived via their generic construction are, however, not so practical because of the used building block primitives. Motivated by this situation, in this paper we propose two new generic constructions of TRE-PC schemes. Both of our constructions follow the basic idea behind the generic construction by Nakai et al. but overcome its inefficiency without losing "generality" for the used building block primitives. Concrete TRE-PC schemes derived from our generic constructions are comparable to or more efficient than the currently known TRE-PC schemes in terms of ciphertext overhead size and computation costs.

Patent
11 Oct 2010
TL;DR: A ciphertext-policy attribute-based encryption system was proposed in this paper, where a re-encryption key was used to decrypt a ciphertext associated with a first access policy.
Abstract: A ciphertext-policy attribute-based encryption system, comprising a re-encrypter (9) for cryptographically transforming a first ciphertext (CT p1 ) associated with a first access policy (P1) into a second ciphertext (CT P2 ) associated with a second access policy (P2) by means of a re-encryption key (RK) The system further comprises a re-encryption key generator (7) for generating the re-encryption key (RK), wherein the re-encryption key (RK) enables the re-encrypter (9) to cryptographically transform the first ciphertext (CT P1 ) associated with the first access policy (P1) into the second ciphertext (CT P2 ) associated with the second access policy (P2) Said re-encryption key generator (7) comprises a subsystem for encrypting a value derived from a pseudorandom number, thereby generating a further ciphertext associated with the second access policy (P2)

Journal ArticleDOI
TL;DR: This paper finds that the security of MCKBA can be broken with a differential attack, which requires only four chosen plain-images, and performance of the attack is verified by experimental results.
Abstract: Recently, a chaos-based image encryption algorithm called MCKBA (Modified Chaotic-Key Based Algorithm) was proposed This paper analyzes the security of MCKBA and finds that it can be broken with a differential attack, which requires only four chosen plain-images Performance of the attack is verified by experimental results In addition, some defects of MCKBA, including insensitivity with respect to changes of plain-image/secret key, are reported