scispace - formally typeset
Search or ask a question

Showing papers on "Verifiable secret sharing published in 2018"


Book ChapterDOI
19 Aug 2018
TL;DR: The requirements for a verifiable delay function (VDF) are formalized and new candidate constructions are presented that are the first to achieve an exponential gap between evaluation and verification time.
Abstract: We study the problem of building a verifiable delay function (VDF). A \(\text {VDF}\)requires a specified number of sequential steps to evaluate, yet produces a unique output that can be efficiently and publicly verified. \(\text {VDF}\)s have many applications in decentralized systems, including public randomness beacons, leader election in consensus protocols, and proofs of replication. We formalize the requirements for \(\text {VDF}\)s and present new candidate constructions that are the first to achieve an exponential gap between evaluation and verification time.

341 citations


Posted Content
TL;DR: Slalom as mentioned in this paper is a framework that securely delegates execution of all linear layers in a DNN from a TEE to a faster, yet untrusted, co-located processor.
Abstract: As Machine Learning (ML) gets applied to security-critical or sensitive domains, there is a growing need for integrity and privacy for outsourced ML computations. A pragmatic solution comes from Trusted Execution Environments (TEEs), which use hardware and software protections to isolate sensitive computations from the untrusted software stack. However, these isolation guarantees come at a price in performance, compared to untrusted alternatives. This paper initiates the study of high performance execution of Deep Neural Networks (DNNs) in TEEs by efficiently partitioning DNN computations between trusted and untrusted devices. Building upon an efficient outsourcing scheme for matrix multiplication, we propose Slalom, a framework that securely delegates execution of all linear layers in a DNN from a TEE (e.g., Intel SGX or Sanctum) to a faster, yet untrusted, co-located processor. We evaluate Slalom by running DNNs in an Intel SGX enclave, which selectively delegates work to an untrusted GPU. For canonical DNNs (VGG16, MobileNet and ResNet variants) we obtain 6x to 20x increases in throughput for verifiable inference, and 4x to 11x for verifiable and private inference.

183 citations


Proceedings ArticleDOI
16 Apr 2018
TL;DR: This work replaces the central server with a carefully-designed smart contract and constructs a decentralized privacy-preserving search scheme where the data owner can receive correct search results with assurance and without worrying about potential wrongdoings of a malicious server.
Abstract: Enabling search directly over encrypted data is a desirable technique to allow users to effectively utilize encrypted data outsourced to a remote server like cloud service provider. So far, most existing solutions focus on an honest-but-curious server, while security designs against a malicious server have not drawn enough attention. It is not until recently that a few works address the issue of verifiable designs that enable the data owner to verify the integrity of search results. Unfortunately, these verification mechanisms are highly dependent on the specific encrypted search index structures, and fail to support complex queries. There is a lack of a general verification mechanism that can be applied to all search schemes. Moreover, no effective countermeasures (e.g., punishing the cheater) are available when an unfaithful server is detected. In this work, we explore the potential of smart contract in Ethereum, an emerging blockchain-based decentralized technology that provides a new paradigm for trusted and transparent computing. By replacing the central server with a carefully-designed smart contract, we construct a decentralized privacy-preserving search scheme where the data owner can receive correct search results with assurance and without worrying about potential wrongdoings of a malicious server. To better support practical applications, we introduce fairness to our scheme by designing a new smart contract for a financially-fair search construction, in which every participant (especially in the multiuser setting) is treated equally and incentivized to conform to correct computations. In this way, an honest party can always gain what he deserves while a malicious one gets nothing. Finally, we implement a prototype of our construction and deploy it to a locally simulated network and an official Ethereum test network, respectively. The extensive experiments and evaluations demonstrate the practicability of our decentralized search scheme over encrypted data.

176 citations


Posted Content
TL;DR: In this article, a verifiable delay function (VDF) is constructed based on groups of unknown order such as an RSA group or the class group of an imaginary quadratic field.
Abstract: We construct a verifiable delay function (VDF). A VDF is a function whose evaluation requires running a given number of sequential steps, yet the result can be efficiently verified. They have applications in decentralised systems, such as the generation of trustworthy public randomness in a trustless environment, or resource-efficient blockchains. To construct our VDF, we actually build a trapdoor VDF. A trapdoor VDF is essentially a VDF which can be evaluated efficiently by parties who know a secret (the trapdoor). By setting up this scheme in a way that the trapdoor is unknown (not even by the party running the setup, so that there is no need for a trusted setup environment), we obtain a simple VDF. Our construction is based on groups of unknown order such as an RSA group or the class group of an imaginary quadratic field. The output of our construction is very short (the result and the proof of correctness are each a single element of the group), and the verification of correctness is very efficient.

156 citations


Journal ArticleDOI
TL;DR: PHOABE, a Policy-Hidden Outsourced ABE scheme, is introduced and is proven to be selectively secure, verifiable and policy privacy preserving under the random oracle model, and estimation of the processing overhead proves its feasibility in IoT constrained environments.

121 citations


Journal ArticleDOI
Zheli Liu1, Tong Li1, Ping Li2, Chunfu Jia1, Jin Li2 
TL;DR: This paper proposes a scheme named “verifiable searchable encryption with aggregate keys”, which a data owner need only distribute a single aggregate key to other users to selectively share both search and verification privileges over his/her document sets.

108 citations


Posted Content
TL;DR: This short note briefly surveys and compares two recent beautiful Verifiable Delay Functions (VDFs), one due to Pietrzak and the other due to Wesolowski, and provides a new computational proof of security for one of them.
Abstract: A verifiable delay function (VDF) is an important tool used for adding delay in decentralized applications. This short note briefly surveys and compares two recent beautiful Verifiable Delay Functions (VDFs), one due to Pietrzak and the other due to Wesolowski. We also provide a new computational proof of security for one of them, and compare the complexity assumptions needed for both schemes. 1 What is a Verifiable Delay Function? A verifiable delay function (VDF) [12, 3] is a function f : X → Y that takes a prescribed time to compute, even on a parallel computer. However once computed, the output can be quickly verified by anyone. Moreover, every input x ∈ X must have a unique valid output y ∈ Y. In more detail, a VDF that implements a function X → Y is a tuple of three algorithms: • Setup(λ, T ) → pp is a randomized algorithm that takes a security parameter λ and a time bound T , and outputs public parameters pp, • Eval(pp, x)→ (y, π) takes an input x ∈ X and outputs a y ∈ Y and a proof π. • Verify(pp, x, y, π) → {accept, reject} outputs accept if y is the correct evaluation of the VDF on input x. If (y, π) ← F (pp, x) then Verify(pp, x, y, π) = accept, for all x ∈ X and pp output by Setup(λ, T ). A VDF must satisfy three properties. We state these properties informally and refer to [3] for a complete definition: • -evaluation time: algorithm Eval(pp, x) runs in time at most (1 + )T , for all x ∈ X and all pp output by Setup(λ, T ). We will explain how to measure run time in the next section. • Sequentiality: a parallel algorithm A, using at most poly(λ) processors, that runs in time less than T cannot compute the function. Specifically, for a random x ∈ X and pp output by Setup(λ, T ), if (y, π)← Eval(pp, x) then Pr [ A(pp, x) = y ] is negligible. • Uniqueness: for an input x ∈ X , exactly one y ∈ Y will be accepted by Verify. Specifically, let A be an efficient algorithm that given pp as input, outputs (x, y, π) such that Verify(pp, x, y, π) = accept. Then Pr[Eval(pp, x) 6= y] is negligible. VDFs have many applications. They are useful for constructing a verifiable randomness beacon, and they provide a “proof of elapsed time” for certain blockchain designs [7]. We refer to [3, Sec. 2] for a survey of their applications.

97 citations


Book ChapterDOI
09 Sep 2018
TL;DR: This work proposes a practical platform-independent secure and verifiable voting system that can be deployed on any blockchain that supports an execution of a smart contract and analyzes the correctness and coercion-resistance of the proposed voting system.
Abstract: Cryptographic techniques are employed to ensure the security of voting systems in order to increase its wide adoption. However, in such electronic voting systems, the public bulletin board that is hosted by the third party for publishing and auditing the voting results should be trusted by all participants. Recently a number of blockchain-based solutions have been proposed to address this issue. However, these systems are impractical to use due to the limitations on the voter and candidate numbers supported, and their security framework, which highly depends on the underlying blockchain protocol and suffers from potential attacks (e.g., force-abstention attacks). To deal with two aforementioned issues, we propose a practical platform-independent secure and verifiable voting system that can be deployed on any blockchain that supports an execution of a smart contract. Verifiability is inherently provided by the underlying blockchain platform, whereas cryptographic techniques like Paillier encryption, proof-of-knowledge, and linkable ring signature are employed to provide a framework for system security and user-privacy that are independent from the security and privacy features of the blockchain platform. We analyse the correctness and coercion-resistance of our proposed voting system. We employ Hyperledger Fabric to deploy our voting system and analyse the performance of our deployed scheme numerically.

95 citations


Journal ArticleDOI
TL;DR: A key-policy attribute-based encryption scheme for assured deletion (AD-KP-ABE) of cloud data that enjoys desirable properties such as no secret key update, partial ciphertext update and assured data deletion is proposed.

94 citations


Journal ArticleDOI
TL;DR: Based on the blockchain, homomorphic ElGamal encryption and ring signature, an electronic voting scheme based on blockchain is proposed for large-scale voting, which has the properties of decentralization, self-management, non-interactive and free-receipt, furthermore the one-time ring signature ensures the anonymity of the vote trading in the blockchain this article.

88 citations


Journal ArticleDOI
TL;DR: A secure and verifiable access control scheme based on the NTRU cryptosystem for big data storage in clouds that enables the data owner and eligible users to effectively verify the legitimacy of a user for accessing the data, and a user to validate the information provided by other users for correct plaintext recovery.
Abstract: Due to the complexity and volume, outsourcing ciphertexts to a cloud is deemed to be one of the most effective approaches for big data storage and access. Nevertheless, verifying the access legitimacy of a user and securely updating a ciphertext in the cloud based on a new access policy designated by the data owner are two critical challenges to make cloud-based big data storage practical and effective. Traditional approaches either completely ignore the issue of access policy update or delegate the update to a third party authority; but in practice, access policy update is important for enhancing security and dealing with the dynamism caused by user join and leave activities. In this paper, we propose a secure and verifiable access control scheme based on the NTRU cryptosystem for big data storage in clouds. We first propose a new NTRU decryption algorithm to overcome the decryption failures of the original NTRU, and then detail our scheme and analyze its correctness, security strengths, and computational efficiency. Our scheme allows the cloud server to efficiently update the ciphertext when a new access policy is specified by the data owner, who is also able to validate the update to counter against cheating behaviors of the cloud. It also enables (i) the data owner and eligible users to effectively verify the legitimacy of a user for accessing the data, and (ii) a user to validate the information provided by other users for correct plaintext recovery. Rigorous analysis indicates that our scheme can prevent eligible users from cheating and resist various attacks such as the collusion attack.

Posted Content
TL;DR: This paper proposes a novel framework, called vChain, that alleviates the storage and computing costs of the user and employs verifiable queries to guarantee the results' integrity and proposes an accumulator-based authenticated data structure that enables dynamic aggregation over arbitrary query attributes.
Abstract: Blockchains have recently been under the spotlight due to the boom of cryptocurrencies and decentralized applications. There is an increasing demand for querying the data stored in a blockchain database. To ensure query integrity, the user can maintain the entire blockchain database and query the data locally. However, this approach is not economic, if not infeasible, because of the blockchain's huge data size and considerable maintenance costs. In this paper, we take the first step toward investigating the problem of verifiable query processing over blockchain databases. We propose a novel framework, called vChain, that alleviates the storage and computing costs of the user and employs verifiable queries to guarantee the results' integrity. To support verifiable Boolean range queries, we propose an accumulator-based authenticated data structure that enables dynamic aggregation over arbitrary query attributes. Two new indexes are further developed to aggregate intra-block and inter-block data records for efficient query verification. We also propose an inverted prefix tree structure to accelerate the processing of a large number of subscription queries simultaneously. Security analysis and empirical study validate the robustness and practicality of the proposed techniques.

Book ChapterDOI
26 Feb 2018
TL;DR: This paper presents a smart contract for a verifiable sealed-bid auction on the Ethereum blockchain and provides an analysis of the proposed protocol and the smart contract design, in addition to the estimated gas costs associated with the different transactions.
Abstract: The success of the Ethereum blockchain as a decentralized application platform with a distributed consensus protocol has made many organizations start to invest into running their business on top of it. Technically, the most impressive feature behind the success of Ethereum is its support for a Turing complete language. On the other hand, the inherent transparency and, consequently, the lack of privacy poses a great challenge for many financial applications. In this paper, we tackle this challenge and present a smart contract for a verifiable sealed-bid auction on the Ethereum blockchain. In a nutshell, initially, the bidders submit homomorphic commitments to their sealed-bids on the contract. Subsequently, they reveal their commitments secretly to the auctioneer via a public key encryption scheme. Then, according to the auction rules, the auctioneer determines and claims the winner of the auction. Finally, we utilize interactive zero-knowledge proof protocols between the smart contract and the auctioneer to verify the correctness of such a claim. The underlying protocol of the proposed smart contract is partially privacy-preserving. To be precise, no information about the losing bids is leaked to the bidders. We provide an analysis of the proposed protocol and the smart contract design, in addition to the estimated gas costs associated with the different transactions.

Proceedings ArticleDOI
05 Sep 2018
TL;DR: A data sharing framework that will guarantee the authenticity of the shared data in real-time and provide transactional privacy in a blockchain network is proposed that can significantly reduce the turnaround time for data sharing, improve the decision making process and reduce the overall cost.
Abstract: Personal data such as electronic medical records and academic records are critical and sensitive private information These personal information is usually hosted across many data-custodian systems Personal Data Store (PDS) is a service that lets an individual store, manage and deploy their key personal data in a highly secure and structured way It also gives the user a central point of control for their personal information One of the inherent problems of digital records is that it can be easily forged Therefore, the data-consumer(with whom the data is shared) often needs to verify the authenticity of the shared document/record by communicating with the document/certificate issuing authority (eg, data custodian) However, this process is time consuming and inefficient In recent time, blockchain has gained tremendous attention from both industry and academia for distributed recording and immutable transactions Blockchain provides a shared, immutable and transparent history of transactions enabling the building of applications that incorporate trust, accountability and transparency This provides a unique opportunity to develop a secure and trustable data sharing system using blockchain However, blockchain is primarily proposed for publicly verifiable transactions and does not provide privacy to the individuals In this paper, we propose a data sharing framework that will guarantee the authenticity of the shared data in real-time and provide transactional privacy in a blockchain network We have implemented our framework in a prototype that ensures privacy, integrity, and fine-grained access control over the shared data The proposed work can significantly reduce the turnaround time for data sharing, improve the decision making process and reduce the overall cost

Journal ArticleDOI
TL;DR: GSSE is proposed, the first generic verifiable SSE scheme in the single-owner multiple-user model, which provides verifiability for any SSE schemes and further supports data updates and develops a timestamp-chain for data freshness maintenance across multiple users.
Abstract: Searchable Symmetric Encryption (SSE) has been widely studied in cloud storage, which allows cloud services to directly search over encrypted data. Most SSE schemes only work with honest-but-curious cloud services that do not deviate from the prescribed protocols. However, this assumption does not always hold in practice due to the untrusted nature in storage outsourcing. To alleviate the issue, there have been studies on Verifiable Searchable Symmetric Encryption (VSSE), which functions against malicious cloud services by enabling results verification. But to our best knowledge, existing VSSE schemes exhibit very limited applicability, such as only supporting static database, demanding specific SSE constructions, or only working in the single-user model. In this paper, we propose GSSE, the first generic verifiable SSE scheme in the single-owner multiple-user model, which provides verifiability for any SSE schemes and further supports data updates. To generically support result verification, we first decouple the proof index in GSSE from SSE. We then leverage Merkle Patricia Tree (MPT) and Incremental Hash to build the proof index with data update support. We also develop a timestamp-chain for data freshness maintenance across multiple users. Rigorous analysis and experimental evaluations show that GSSE is secure and introduces small overhead for result verification.

Journal ArticleDOI
TL;DR: This paper presents a secure cryptographic primitive, Verifiable Multiple Keywords Search (VMKS) over ciphertexts, which leverages the Identity-Based Encryption (IBE) and certificateless signature techniques and demonstrates the security of this scheme.

Proceedings ArticleDOI
01 Jan 2018
TL;DR: In this article, the Rivest-Shamir-Wagner time-lock puzzle can be made publicly verifiable by constructing a verifiable delay function (VDF) for the Chia blockchain.
Abstract: We construct a verifiable delay function (VDF) by showing how the Rivest-Shamir-Wagner time-lock puzzle can be made publicly verifiable. Concretely, we give a statistically sound public-coin protocol to prove that a tuple (N,x,T,y) satisfies y=x^{2^T} mod N where the prover doesn't know the factorization of N and its running time is dominated by solving the puzzle, that is, compute x^{2^T}, which is conjectured to require T sequential squarings. To get a VDF we make this protocol non-interactive using the Fiat-Shamir heuristic. The motivation for this work comes from the Chia blockchain design, which uses a VDF as a key ingredient. For typical parameters (T <=2^{40},N=2048), our proofs are of size around 10KB, verification cost around three RSA exponentiations and computing the proof is 8000 times faster than solving the puzzle even without any parallelism.

Journal ArticleDOI
TL;DR: A verifiable diversity ranking search scheme over encrypted outsourced data is proposed while preserving privacy in cloud computing, which also supports search results verification, and is effective for the diversification of documents and verification.
Abstract: Data outsourcing has become an important application of cloud computing. Driven by the growing security demands of data outsourcing applications, sensitive data have to be encrypted before outsourcing. Therefore, how to properly encrypt data in a way that the encrypted and remotely stored data can still be queried has become a challenging issue. Searchable encryption scheme is proposed to allow users to search over encrypted data. However, most searchable encryption schemes not consider search result diversification, resulting in information redundancy. In this paper, a verifiable diversity ranking search scheme over encrypted outsourced data is proposed while preserving privacy in cloud computing, which also supports search results verification. The goal is that the ranked documents concerning diversification instead of reading relevant documents that only deliver redundant information. Extensive experiments on real-world dataset validate our analysis and show that our proposed solution is effective for the diversification of documents and verification.

Journal ArticleDOI
TL;DR: This article proposes a novel fog-to-cloud-based architecture for data sharing in VCC that is secure against existing adversaries and newborn security threats, and shows significant performance improvement in edge devices' overhead saving and response delay reduction.
Abstract: VCC is an emerging computing paradigm developed for providing various services to vehicle drivers, and has attracted more and more attention from researchers and practitioners over the last few years. However, privacy preserving and secure data sharing has become a very challenging and important issue in VCC. Unfortunately, existing secure access control schemes consume too many computation resources, which prevents them from being performed on computing resource constrained vehicle onboard devices. Also, these cloud-based schemes suffer large latency and jitter due to their centralized resource management, and thus may not be suitable for real-time applications in VANETs. In this article, we thus propose a novel fog-to-cloud-based architecture for data sharing in VCC. Our scheme is a cryptography-based mechanism that conducts fine-grained access control. In our design, the complicated computation burden is securely outsourced to fog and cloud servers with confidentiality and privacy preservation. Meanwhile, with the prediction of a vehicle's mobility, pre-pushing data to specific fog servers can further reduce response latency with no need to consume more resources of the fog server. In addition, with the assumption of no collusion between different providers for the cloud and fog servers, our scheme can provide verifiable auditing of fog servers' reports. The scheme is proved secure against existing adversaries and newborn security threats. Experimental test shows significant performance improvement in edge devices' overhead saving and response delay reduction. Introduction

Proceedings ArticleDOI
20 Jun 2018
TL;DR: The first result is the construction of a t-out-of-n non-malleable secret sharing scheme against an adversary who arbitrarily tampers each of the shares independently, which is unconditional and features statistical non-Malleability.
Abstract: A number of works have focused on the setting where an adversary tampers with the shares of a secret sharing scheme. This includes literature on verifiable secret sharing, algebraic manipulation detection(AMD) codes, and, error correcting or detecting codes in general. In this work, we initiate a systematic study of what we call non-malleable secret sharing. Very roughly, the guarantee we seek is the following: the adversary may potentially tamper with all of the shares, and still, either the reconstruction procedure outputs the original secret, or, the original secret is “destroyed” and the reconstruction outputs a string which is completely “unrelated” to the original secret. Recent exciting work on non-malleable codes in the split-state model led to constructions which can be seen as 2-out-of-2 non-malleable secret sharing schemes. These constructions have already found a number of applications in cryptography. We investigate the natural question of constructing t-out-of-n non-malleable secret sharing schemes. Such a secret sharing scheme ensures that only a set consisting of t or more shares can reconstruct the secret, and, additionally guarantees non-malleability under an attack where potentially every share maybe tampered with. Techniques used for obtaining split-state non-malleable codes (or 2-out-of-2 non-malleable secret sharing) are (in some form) based on two-source extractors and seem not to generalize to our setting. Our first result is the construction of a t-out-of-n non-malleable secret sharing scheme against an adversary who arbitrarily tampers each of the shares independently. Our construction is unconditional and features statistical non-malleability. As our main technical result, we present t-out-of-n non-malleable secret sharing scheme in a stronger adversarial model where an adversary may jointly tamper multiple shares. Our construction is unconditional and the adversary is allowed to jointly-tamper subsets of up to (t−1) shares. We believe that the techniques introduced in our construction may be of independent interest. Inspired by the well studied problem of perfectly secure message transmission introduced in the seminal work of Dolev et. al (J. of ACM’93), we also initiate the study of non-malleable message transmission. Non-malleable message transmission can be seen as a natural generalization in which the goal is to ensure that the receiver either receives the original message, or, the original message is essentially destroyed and the receiver receives an “unrelated” message, when the network is under the influence of an adversary who can byzantinely corrupt all the nodes in the network. As natural applications of our non-malleable secret sharing schemes, we propose constructions for non-malleable message transmission.

Proceedings Article
08 Jun 2018
TL;DR: Slalom as mentioned in this paper is a framework that securely delegates execution of all linear layers in a DNN from a TEE to a faster, yet untrusted, co-located processor.
Abstract: As Machine Learning (ML) gets applied to security-critical or sensitive domains, there is a growing need for integrity and privacy for outsourced ML computations. A pragmatic solution comes from Trusted Execution Environments (TEEs), which use hardware and software protections to isolate sensitive computations from the untrusted software stack. However, these isolation guarantees come at a price in performance, compared to untrusted alternatives. This paper initiates the study of high performance execution of Deep Neural Networks (DNNs) in TEEs by efficiently partitioning DNN computations between trusted and untrusted devices. Building upon an efficient outsourcing scheme for matrix multiplication, we propose Slalom, a framework that securely delegates execution of all linear layers in a DNN from a TEE (e.g., Intel SGX or Sanctum) to a faster, yet untrusted, co-located processor. We evaluate Slalom by running DNNs in an Intel SGX enclave, which selectively delegates work to an untrusted GPU. For canonical DNNs (VGG16, MobileNet and ResNet variants) we obtain 6x to 20x increases in throughput for verifiable inference, and 4x to 11x for verifiable and private inference.

Posted Content
TL;DR: In this article, the authors proposed a t-out-of-n non-malleable secret sharing scheme against an adversary who arbitrarily tampers with each of the shares independently.
Abstract: A number of works have focused on the setting where an adversary tampers with the shares of a secret sharing scheme. This includes literature on verifiable secret sharing, algebraic manipulation detection(AMD) codes, and, error correcting or detecting codes in general. In this work, we initiate a systematic study of what we call non-malleable secret sharing. Very roughly, the guarantee we seek is the following: the adversary may potentially tamper with all of the shares, and still, either the reconstruction procedure outputs the original secret, or, the original secret is “destroyed” and the reconstruction outputs a string which is completely “unrelated” to the original secret. Recent exciting work on non-malleable codes in the split-state model led to constructions which can be seen as 2-out-of-2 non-malleable secret sharing schemes. These constructions have already found a number of applications in cryptography. We investigate the natural question of constructing t-out-of-n non-malleable secret sharing schemes. Such a secret sharing scheme ensures that only a set consisting of t or more shares can reconstruct the secret, and, additionally guarantees non-malleability under an attack where potentially every share maybe tampered with. Techniques used for obtaining split-state non-malleable codes (or 2-out-of-2 non-malleable secret sharing) are (in some form) based on two-source extractors and seem not to generalize to our setting. Our first result is the construction of a t-out-of-n non-malleable secret sharing scheme against an adversary who arbitrarily tampers each of the shares independently. Our construction is unconditional and features statistical non-malleability. As our main technical result, we present t-out-of-n non-malleable secret sharing scheme in a stronger adversarial model where an adversary may jointly tamper multiple shares. Our construction is unconditional and the adversary is allowed to jointly-tamper subsets of up to (t−1) shares. We believe that the techniques introduced in our construction may be of independent interest. Inspired by the well studied problem of perfectly secure message transmission introduced in the seminal work of Dolev et. al (J. of ACM’93), we also initiate the study of non-malleable message transmission. Non-malleable message transmission can be seen as a natural generalization in which the goal is to ensure that the receiver either receives the original message, or, the original message is essentially destroyed and the receiver receives an “unrelated” message, when the network is under the influence of an adversary who can byzantinely corrupt all the nodes in the network. As natural applications of our non-malleable secret sharing schemes, we propose constructions for non-malleable message transmission.

Journal ArticleDOI
TL;DR: A novel TiOISS scheme based on PBVCS using exclusive OR operation is proposed, which does not need complex computation in revealing process, and it can be used in real-time application.
Abstract: Perfect black visual cryptography scheme (PBVCS) shares a binary secret image into n shadows. Stacking any $$k(k

Journal ArticleDOI
TL;DR: This paper proposes a ranked choice online voting system, which eliminates all hardwired restrictions on the possible assignments of points to different candidates according to the voters’ personal preferences and maintains confidentiality.
Abstract: Advanced security methods are necessary to introduce effective online voting in the whole world. Elections conducted on paper consume a lot of resources and contribute to the destruction of forests, which leads to climate deterioration. Recent online voting experiences in countries, such as the United States, India, and Brazil, demonstrated that further research is needed to improve security guarantees for future elections, to ensure the confidentiality of votes and enable the verification of their integrity and validity. In this paper, we propose a ranked choice online voting system, which addresses these challenges. It eliminates all hardwired restrictions on the possible assignments of points to different candidates according to the voters’ personal preferences. In order to protect the confidentiality of the votes, each cast ballot is encrypted using the exponential ElGamal cryptosystem before submission. Furthermore, during voting the system ensures that proofs are generated and stored for each element in the cast ballot. These proofs can then be used to verify the correctness and the eligibility of each ballot before counting without decrypting and accessing the content of the ballot. This validates the votes in the counting process and at the same time maintains confidentiality. The security and performance analyses included in this paper demonstrate that our method has achieved significant improvements in comparison with the previous systems. The outcomes of our experiments also show that our proposed protocols are feasible for practical implementations.

Patent
01 Jun 2018
TL;DR: In this article, the authors present a system for providing a cryptographic platform for distributing data structures within a peer-to-peer network wherein encrypted messages are exchanged among nodes, and the system provides for the creation and management of privately subspaced blockchains that include subspaces that are private, yet verifiable through the use of global state roots.
Abstract: Disclosed herein is a system for providing a cryptographic platform for distributing data structures within a peer-to-peer network wherein encrypted messages are exchanged among nodes. The system provides for the creation and management of privately subspaced blockchains that include subspaces that are private, yet verifiable through the use of global state roots. The global state roots are updated based on subspace roots that are in term generated based on the data in that subspace.

Proceedings ArticleDOI
23 Jul 2018
TL;DR: A new Transaction-based Access Control (TBAC) platform which integrates the standard attribute-based access control (ABAC) model and the blockchain system is presented, and a cryptosystem associated with TBAC (Crypto TBAC) is presented for ensuring secure attribute-exchanging and decision-making of dynamic policy.
Abstract: In this paper we focus on a new generation of secure resource sharing platform in a decentralized blockchain environment with flexible and diverse permission management, as well as verifiable and transparent access process. To do it, we present a new Transaction-based Access Control (TBAC) platform which integrates the standard attribute-based access control (ABAC) model and the blockchain system. In this platform, four types of transactions and Bitcoin-type cryptographic scripts are presented to describe the TBAC access control procedure corresponding to subject registration, object escrowing and publication, access request and grant. We also present a cryptosystem associated with TBAC (CryptoTBAC) for ensuring secure attribute-exchanging and decision-making of dynamic policy. We evaluate the security of CryptoTBAC from three aspects: transaction, authorization, and decision-making security.

Journal ArticleDOI
TL;DR: This scheme is the first to define reconstruction outsourcing concept in all cloud storage schemes for EHRs based on secret sharing, and the results of outsourcing reconstruction can be verified by healthcare centers or patients in the scheme.
Abstract: Deploying electronic health records (EHRs) is now an undisputable trend in healthcare systems. Through affording benefits like flexibility and low cost, the cutting-cloud cloud storage is becoming a popular solution to store a massive amount of EHRs to depress the local storage. Nevertheless, storing sensitive information such as health records on the cloud incurs severe security and privacy risks. In this paper, we propose a novel cloud storage system for EHRs which fully ensures the data privacy by employing the Shamir’s secret sharing. In this system, an EHR is divided into multiple segments by a healthcare center, and the segments are distributed to numerous cloud servers. When retrieving the EHR, the healthcare center captures segments from partial cloud servers and reconstructs the EHRs. Meanwhile, in reality, the reconstruction of a shared EHR could be much burdensome for a healthcare center or a patient, we thus propose a practical cloud storage scheme which outsources the reconstruction of a shared EHR to a cloud computing service provider. Such a solution can drastically boost the efficiency of the proposed scheme. As far as we know, our scheme is the first to define reconstruction outsourcing concept in all cloud storage schemes for EHRs based on secret sharing, and the results of outsourcing reconstruction can be verified by healthcare centers or patients in our scheme. The theoretical analysis and experimental results also support that our proposed scheme is secure and efficient.

Posted Content
TL;DR: An implementation of ZRaziel, which combines secure multi-party computation and proof-carrying code to provide privacy, correctness and verifiability guarantees for smart contracts on blockchains, is described and examples to demonstrate its practical viability are presented.
Abstract: Raziel combines secure multi-party computation and proof-carrying code to provide privacy, correctness and verifiability guarantees for smart contracts on blockchains. Effectively solving DAO and Gyges attacks, this paper describes an implementation and presents examples to demonstrate its practical viability (e.g., private and verifiable crowdfundings and investment funds). Additionally, we show how to use Zero-Knowledge Proofs of Proofs (i.e., Proof-Carrying Code certificates) to prove the validity of smart contracts to third parties before their execution without revealing anything else. Finally, we show how miners could get rewarded for generating pre-processing data for secure multi-party computation.

Journal ArticleDOI
Xinrui Ge1, Jia Yu1, Chengyu Hu2, Hanlin Zhang1, Rong Hao1 
TL;DR: A novel verifiable fuzzy keyword search scheme over encrypted cloud data is proposed and an authentication label is generated for each fuzzy keyword to verify the authenticity of the returned ciphertexts.
Abstract: Searchable encryption can support data user to selectively retrieve the cipher documents over encrypted cloud data by keyword-based search. Most of the existing searchable encryption schemes only focus on the exact keyword search. When data user makes spelling errors, these schemes fail to return the result of interest. In searchable encryption, the cloud server might return the invalid result to data user for saving the computation cost or other reasons. Therefore, these exact keyword search schemes find little practical significance in real-world applications. In order to address these issues, we propose a novel verifiable fuzzy keyword search scheme over encrypted cloud data. For the purpose of introducing this scheme, we first propose a verifiable exact keyword search scheme and then extend this scheme to the fuzzy keyword search scheme. In the fuzzy keyword search scheme, we employ the linked list as our secure index to achieve the efficient storage. We construct a linked list with three nodes for each exact keyword and generate a fuzzy keyword set for it. To reduce the computation cost and the storage space, we generate one index vector for each fuzzy keyword set, rather than each fuzzy keyword. To resist malicious behaviors of the cloud server, we generate an authentication label for each fuzzy keyword to verify the authenticity of the returned ciphertexts. Through security analysis and experiment evaluation, we show that our proposed schemes are secure and efficient.

Journal ArticleDOI
TL;DR: The robustness of the scheme has been validated by considering different attack scenarios in the encrypted domain itself and the visual quality of the recovered media and the extracted secret information evaluated via peak signal to noise ratio (PSNR), normalized cross correlation metric (NCC) and structural similarity index (SSIM) prove the efficacy of the proposed scheme.