Showing papers on "Verifiable secret sharing published in 2019"

Fiat-Shamir: from practice to theory

Abstract: We give new instantiations of the Fiat-Shamir transform using explicit, efficiently computable hash functions. We improve over prior work by reducing the security of these protocols to qualitatively simpler and weaker computational hardness assumptions. As a consequence of our framework, we obtain the following concrete results. 1) There exists a succinct publicly verifiable non-interactive argument system for log-space uniform computations, under the assumption that any one of a broad class of fully homomorphic encryption (FHE) schemes has almost optimal security against polynomial-time adversaries. The class includes all FHE schemes in the literature that are based on the learning with errors (LWE) problem. 2) There exists a non-interactive zero-knowledge argument system for in the common reference string model, under either of the following two assumptions: (i) Almost optimal hardness of search-LWE against polynomial-time adversaries, or (ii) The existence of a circular-secure FHE scheme with a standard (polynomial time, negligible advantage) level of security. 3) The classic quadratic residuosity protocol of [Goldwasser, Micali, and Rackoff, SICOMP ’89] is not zero knowledge when repeated in parallel, under any of the hardness assumptions above.

Enabling Verifiable and Dynamic Ranked Search Over Outsourced Data

Abstract: Cloud computing as a promising computing paradigm is increasingly utilized as potential hosts for users' massive dataset. Since the cloud service provider (CSP) is outside the users' trusted domain, existing research suggests encrypting sensitive data before outsourcing and adopting Searchable Symmetric Encryption (SSE) to facilitate keyword-based searches over the ciphertexts. However, it remains a challenging task to design an effective SSE scheme that simultaneously supports sublinear search time, efficient update and verification, and on-demand information retrieval. To address this, we propose a Verifiable Dynamic Encryption with Ranked Search (VDERS) scheme that allows a user to perform top-K searches on a dynamic document collection and verify the correctness of the search results in a secure and efficient way. Specifically, we first provide a basic construction, VDERS0, where a ranked inverted index and a verifiable matrix are constructed to enable verifiable document insertion in top-K searches. Then, an advanced construction, VDERS*, is devised to further support document deletion with a reduced communication cost. Extensive experiments on real datasets demonstrate the efficiency and effectiveness of our VDERS scheme.

vChain: Enabling Verifiable Boolean Range Queries over Blockchain Databases

Abstract: Blockchains have recently been under the spotlight due to the boom of cryptocurrencies and decentralized applications. There is an increasing demand for querying the data stored in a blockchain database. To ensure query integrity, the user can maintain the entire blockchain database and query the data locally. However, this approach is not economic, if not infeasible, because of the blockchain's huge data size and considerable maintenance costs. In this paper, we take the first step toward investigating the problem of verifiable query processing over blockchain databases. We propose a novel framework, called vChain, that alleviates the storage and computing costs of the user and employs verifiable queries to guarantee the results' integrity. To support verifiable Boolean range queries, we propose an accumulator-based authenticated data structure that enables dynamic aggregation over arbitrary query attributes. Two new indexes are further developed to aggregate intra-block and inter-block data records for efficient query verification. We also propose an inverted prefix tree structure to accelerate the processing of a large number of subscription queries simultaneously. Security analysis and empirical study validate the robustness and practicality of the proposed techniques.

Efficient Identity-based Provable Multi-Copy Data Possession in Multi-Cloud Storage

Abstract: To increase the availability and durability of the outsourced data, many customers store multiple copies on multiple cloud servers. To guarantee the integrity of multi-copies, some provable data possession (PDP) protocols for multi-copy are presented. However, most of previous PDP protocols consider all copies to be stored on only one cloud storage server. In some degree, multi-copy makes little sense in such circumstance. Furthermore, many PDP protocols depend on the technique of public key infrastructure (PKI), which suffers many types of security vulnerabilities and also brings heavy communicational and computational cost. To increase the security and efficiency, we provide a novel identity-based PDP scheme of multi-copy on multiple cloud storage servers. In our scheme, all copies are delivered to different cloud storage servers, which work cooperatively to store the customer's data. By the homomorphic verifiable tags, the integrity of all copies can be checked simultaneously. The system model and security model of our scheme are provided in the paper. The security for our scheme is proved based on the computation Diffie-Hellman (CDH) hard problem. Analysis and experimental evaluation show that our scheme is efficient and practical. The proposed scheme is the first identity-based PDP scheme for multi-copy and multi-cloud servers.

Attribute-Based Privacy-Preserving Data Sharing for Dynamic Groups in Cloud Computing

Abstract: The sharing of personal data with multiple users from different domains has been benefited considerably from the rapid advances of cloud computing, and it is highly desirable to ensure the sharing file should not be exposed to the unauthorized users or cloud providers. Unfortunately, issues such as achieving the flexible access control of the sharing file, preserving the privacy of the receivers, forming the receiver groups dynamically, and high efficiency in encryption/decryption still remain challenging. To deal with these challenges, we provide a novel anonymous attribute-based broadcast encryption (A $^{2}$ B $^{2}$ E) which features the property of hidden access policy and enables the data owner to share his/her data with multiple participants who are inside a predefined receiver set and fulfill the access policy. We first suggest a concrete A $^{2}$ B $^{2}$ E scheme together with the rigorous and formal security proof without the support of the random oracle model. Then, we design an efficient and secure data sharing system by incorporating the A $^{2}$ B $^{2}$ E scheme, verifiable outsourcing decryption technique for attribute-based encryption, and the idea of online/offline attribute-based encryption. Extensive security analysis and performance evaluation demonstrate that our data sharing system is secure and practical.

Verifiable Delay Functions from Supersingular Isogenies and Pairings

Abstract: We present two new Verifiable Delay Functions (VDF) based on assumptions from elliptic curve cryptography. We discuss both the advantages and drawbacks of our constructions, we study their security and we demonstrate their practicality with a proof-of-concept implementation.

Verifier-on-a-Leash: New Schemes for Verifiable Delegated Quantum Computation, with Quasilinear Resources

Abstract: The problem of reliably certifying the outcome of a computation performed by a quantum device is rapidly gaining relevance. We present two protocols for a classical verifier to verifiably delegate a quantum computation to two non-communicating but entangled quantum provers. Our protocols have near-optimal complexity in terms of the total resources employed by the verifier and the honest provers, with the total number of operations of each party, including the number of entangled pairs of qubits required of the honest provers, scaling as \(O(g\log g)\) for delegating a circuit of size g. This is in contrast to previous protocols, whose overhead in terms of resources employed, while polynomial, is far beyond what is feasible in practice. Our first protocol requires a number of rounds that is linear in the depth of the circuit being delegated, and is blind, meaning neither prover can learn the circuit or its input. The second protocol is not blind, but requires only a constant number of rounds of interaction.

Blockchain-Based Personal Health Records Sharing Scheme With Data Integrity Verifiable

Abstract: The sharing of personal health records can help to improve the accuracy of the doctor's diagnosis and to promote the progress of medical research. Currently, to reduce the maintenance cost of data, personal health records are usually outsourced to a third party such as the cloud service provider. In this case, patients may lose direct control over their personal health records and the semi-trusted cloud service provider may tamper with or reveal personal health records. Therefore, ensuring the privacy and integrity of personal health records and realizing the fine-grained access control are crucial issues when personal health records are shared. As a distributed architecture with decentralized and tamper-proof features, blockchain provides a new way to protect the personal health records sharing system. In this paper, we propose a new personal health records sharing scheme with data integrity verifiable based on blockchain. Aiming at the problems of privacy disclosure, limited keyword search ability and loss of control rights in the process of personal health record sharing, the new scheme uses searchable symmetric encryption and attribute-based encryption techniques to achieve privacy protection, keyword search, and fine-grained access control. Compared with the existing similar schemes, the new scheme allows patients to distribute attribute private key for users, avoiding many security problems caused by the existing of attribute authority in the scheme. Furthermore, the new scheme uses blockchain to manage keys in the scheme, avoiding the single point failure problem of centralized key management. In particular, the new scheme stores the hash values of encrypted personal health records in blockchain, and the related index set is stored in smart contract, which can further improve the efficiency of data integrity verification. Finally, performance evaluation and security analysis indicate that our scheme is secure and feasible for practical use.

CP-ABSE: A Ciphertext-Policy Attribute-Based Searchable Encryption Scheme

Abstract: Searchable encryption provides an effective mechanism that achieves secure search over encrypted data. A popular application model of searchable encryption is that a data owner stores encrypted data to a server and the server can effectively perform keyword-based search over encrypted data according to a query trapdoor submitted by a data user, where the owner’s data and the user’s queries are kept secret in the server. Recently, many searchable encryptions have been proposed to achieve better security and performance, provide secure data updatable feature ( dynamics ), and search results verifiable capability ( verifiability ). However, most of the existing works endow the data user an unlimited search capacities and do not consider a data user’s search permissions. In practical application, granting search privileges for data users is a very important measure to enforce data access control. In this paper, we propose an attribute-based searchable encryption scheme by leveraging the ciphertext-policy attribute-based encryption technique. Our scheme allows the data owner to conduct a fine-grained search authorization for a data user. The main idea is that a data owner encrypts an index keyword under a specified access policy, if and only if, a data user’s attributes satisfy the access policy, the data user can perform search over the encrypted index keyword. We provide the detailed correctness analyses, performance analyses, and security proofs for our scheme. The extensive experiments demonstrate that our proposed scheme outperforms the similar work CP-ABKS proposed by Zheng on many aspects.

Proof-of-Reputation Based-Consortium Blockchain for Trust Resource Sharing in Internet of Vehicles

Abstract: Resource sharing among vehicles can highly improve the capability and efficiency of Internet of Vehicles (IoV). However, it is challenging to establish trust and preserve privacy during the resource sharing process because of the high mobility and topological variability in IoV. Emerging blockchain technology expresses the excellent performance in handling distributed trust due to its verifiable and immutable ledger. In this paper, we first propose a consortium blockchain-based resource sharing paradigm in IoV, in which the resource sharing interactions are encapsulated as transactions and recorded by Road Side Units (RSUs). Moreover, a lightweight consensus mechanism named as Proof-of-Reputation is proposed to reduce computational power consumption and motivate vehicles involved in resource sharing. Finally a differentiated resource pricing scheme is proposed based on the dynamic match game of resource demand and supply. The reputation value is designed to indicate the trustworthy degree of vehicles, and the trust is established via the consensus procedure. We couple the resource sharing process and consensus together by utilizing the reputation value of each vehicle. The security and privacy analysis as well as simulation experiments on communication performance can verify the efficiency of the proposed blockchain system.

A Simple Voting Protocol on Quantum Blockchain

Abstract: This paper proposes a simple voting protocol based on Quantum Blockchain. Despite its simplicity, our protocol satisfies the most important properties of secure voting protocols: is anonymous, binding, non-reusable, verifiable, eligible, fair and self-tallying. The protocol could also be implemented using presently available technology.

Computationally-Secure and Composable Remote State Preparation

Abstract: We introduce a protocol between a classical polynomial-time verifier and a quantum polynomial-time prover that allows the verifier to securely delegate to the prover the preparation of certain single-qubit quantum states The prover is unaware of which state he received and moreover, the verifier can check with high confidence whether the preparation was successful. The delegated preparation of single-qubit states is an elementary building block in many quantum cryptographic protocols. We expect our implementation of "random remote state preparation with verification", a functionality first defined in (Dunjko and Kashefi 2014), to be useful for removing the need for quantum communication in such protocols while keeping functionality. The main application that we detail is to a protocol for blind and verifiable delegated quantum computation (DQC) that builds on the work of (Fitzsimons and Kashefi 2018), who provided such a protocol with quantum communication. Recently, both blind an verifiable DQC were shown to be possible, under computational assumptions, with a classical polynomial-time client (Mahadev 2017, Mahadev 2018). Compared to the work of Mahadev, our protocol is more modular, applies to the measurement-based model of computation (instead of the Hamiltonian model) and is composable. Our proof of security builds on ideas introduced in (Brakerski et al. 2018).

A new verifiable outsourced ciphertext-policy attribute based encryption for big data privacy and access control in cloud

Abstract: The foremost security concerns for big data in the cloud are privacy and access control. Ciphertext-policy attribute based encryption (CP-ABE) is an effective cryptographic solution for above concerns, but the existing CP-ABE schemes are not suitable for big data in the cloud as they require huge computation time for encryption and decryption process. In this paper, we propose a new verifiable outsourced CP-ABE for big data privacy and access control in the cloud. Our scheme reduces the computational overhead of encryption and decryption by outsourcing the heavy computations to the proxy server. Our scheme also verifies the correctness of the data along with the outsourcing computations. Further, our scheme limits the data access for a set of users instead of providing an infinite number of times data access, which is essentially required for commercial applications. In security analysis, we prove that our scheme is secure against chosen plain-text attack, collusion and proxy attacks. Performance analysis proves that our scheme is efficient.

How to delegate computations publicly

Abstract: We construct a delegation scheme for all polynomial time computations. Our scheme is publicly verifiable and completely non-interactive in the common reference string (CRS) model. Our scheme is based on an efficiently falsifiable decisional assumption on groups with bilinear maps. Prior to this work, publicly verifiable non-interactive delegation schemes were only known under knowledge assumptions (or in the Random Oracle model) or under non-standard assumptions related to obfuscation or multilinear maps. We obtain our result in two steps. First, we construct a scheme with a long CRS (polynomial in the running time of the computation) by following the blueprint of Paneth and Rothblum (TCC 2017). Then we bootstrap this scheme to obtain a short CRS. Our bootstrapping theorem exploits the fact that our scheme can securely delegate certain non-deterministic computations.

ServeDB: Secure, Verifiable, and Efficient Range Queries on Outsourced Database

Abstract: Data outsourcing to cloud has been a common IT practice nowadays due to its significant benefits. Meanwhile, security and privacy concerns are critical obstacles to hinder the further adoption of cloud. Although data encryption can mitigate the problem, it reduces the functionality of query processing, e.g., disabling SQL queries. Several schemes have been proposed to enable one-dimensional query on encrypted data, but multi-dimensional range query has not been well addressed. In this paper, we propose a secure and scalable scheme that can support multi-dimensional range queries over encrypted data. The proposed scheme has three salient features: (1) Privacy: the server cannot learn the contents of queries and data records during query processing. (2) Efficiency: we utilize hierarchical cubes to encode multi-dimensional data records and construct a secure tree index on top of such encoding to achieve sublinear query time. (3) Verifiability: our scheme allows users to verify the correctness and completeness of the query results to address server's malicious behaviors. We perform formal security analysis and comprehensive experimental evaluations. The results on real datasets demonstrate that our scheme achieves practical performance while guaranteeing data privacy and result integrity.

Towards Efficient Verifiable Forward Secure Searchable Symmetric Encryption

Abstract: Searchable Symmetric Encryption (SSE) allows a server to perform search directly over encrypted data outsourced by user. Recently, the primitive of forward secure SSE has attracted significant attention due to its favorable property for dynamic data searching. That is, it can prevent the linkability from newly update data to previously searched keyword. However, the server is assumed to be honest-but-curious in the existing work. How to achieve verifiable forward secure SSE in malicious server model remains a challenging problem. In this paper, we propose an efficient verifiable forward secure SSE scheme, which can simultaneously achieve verifiability of search result and forward security property. In particular, we propose a new verifiable data structure based on the primitive of multiset hash functions, which enables efficient verifiable data update by incrementally hash operation. Compared with the state-of-the-art solution, our proposed scheme is superior in search and update efficiency while providing verifiability of search result. Finally, we present a formal security analysis and implement our scheme, which demonstrates that our proposed scheme is equipped with the desired security properties with practical efficiency.

Veritas: Shared Verifiable Databases and Tables in the Cloud.

Abstract: In this paper we introduce shared, verifiable database tables, a new abstraction for trusted data sharing in the cloud.

Publicly verifiable searchable symmetric encryption based on efficient cryptographic components

Abstract: Public verifiability is an interesting feature that cryptographic protocols, such as those used in cloud computing applications, may support. By public verifiability, the client can delegate the verification process to a third party auditor without revealing the private key or data. The main contribution of this paper is achieving public verifiability in the symmetric setting of searchable encryption (SE), separately for single and Boolean keyword search. While Public verifiability in SE has already been achieved using complex tools such as indistinguishability obfuscation or pairing, this work employs basic cryptographic components and assumptions, such as pseudo-random functions, one-way functions, digital signatures and the DDH assumption.

An Efficient Privacy-preserving Approach for Secure Verifiable Outsourced Computing on Untrusted Platforms

Abstract: In outsourcing computation models, weak devices (clients) increasingly rely on remote servers (workers) for data storage and computations. However, most of these servers are hackable or untrustwort...

Multi-Keyword Searchable and Data Verifiable Attribute-Based Encryption Scheme for Cloud Storage

Abstract: In a data sharing system, it is a basic requirement for a user, who has an appropriate privilege to perform keyword retrieval for encrypted documents stored in the cloud. Although traditional searchable encryption technology can provide data protection and retrieval characteristic, there are some main issues should also be considered. First, most existing attribute-based searchable encryption schemes only support single-keyword search, which may return abundant irrelevant search results, resulting in a waste of computational and broadband resources. Second, the user often needs to seek some data related to some particular keywords but his attributes may be altered frequently. Third, the cloud server is not completely loyal which sometimes returns a fraction of erroneous search results. Focus on these issues, a practical multi-keyword searchable encryption scheme is proposed for data integrity verification and attribute revocation by combining the ciphertext policy attribute-based encryption (CP-ABE) and auditing ideas. The scheme on one hand supports multi-keyword search which avoids the cloud server yield ample irrelevant documents by narrowing the search scope, and the other hand can implement effectively attribute revocation by entrusting ciphertext updates to the powerful cloud server, thereby preventing access by illegal users. Furthermore, third-party audits use verification algorithms to ensure the correctness of search results and reduce the amount of computing by end users. The most critically, the scheme proved to be resistant to selective plaintext attacks and selective keyword attacks under the general group model. The extensive experimental results demonstrate that the scheme is more expressive, efficient, and feasible in the practical applications.

Weak zero-knowledge beyond the black-box barrier

Abstract: The round complexity of zero-knowledge protocols is a long-standing open question, yet to be settled under standard assumptions. So far, the question has appeared equally challenging for relaxations such as weak zero-knowledge and witness hiding. Protocols satisfying these relaxed notions under standard assumptions have at least four messages, just like full-fledged zero-knowledge. The difficulty in improving round complexity stems from a fundamental barrier: none of these notions can be achieved in three messages via reductions (or simulators) that treat the verifier as a black box. We introduce a new non-black-box technique and use it to obtain the first protocols that cross this barrier under standard assumptions. We obtain weak zero-knowledge for in two messages, assuming the existence of quasipolynomially-secure fully-homomorphic encryption and other standard primitives (known based on the quasipolynomial hardness of Learning with Errors), and subexponentially-secure one-way functions. We also obtain weak zero-knowledge for in three messages under standard polynomial assumptions (following for example from fully homomorphic encryption and factoring). We also give, under polynomial assumptions, a two-message witness-hiding protocol for any language ∈ that has a witness encryption scheme. This protocol is publicly verifiable. Our technique is based on a new homomorphic trapdoor paradigm, which can be seen as a non-black-box analog of the classic Feige-Lapidot-Shamir trapdoor paradigm.

Belenios: a simple private and verifiable electronic voting system

Abstract: We present the electronic voting protocol Belenios together with its associated voting platform. Belenios guarantees vote privacy and full verifiability, even against a compromised voting server. While the core of the voting protocol was already described and formally proved secure, we detail here the complete voting system from the setup to the tally and the recovery procedures.

Obfuscating EVES Algorithm and Its Application in Fair Electronic Transactions in Public Clouds

Abstract: In EUROCRYPT’10, Hada proposed a secure obfuscator of encrypted signature scheme which can be executed on an untrusted server to solve the security problem of untrusted proxy signature. In Hada's scheme, the server can generate a valid signature for the user without obtaining user's secret key; however, the scheme cannot resist the collusion attack. In this paper, we extend the study of encrypted signature schemes and propose an obfuscator for encrypted verifiable encrypted signature (EVES), and model the application in electronic transactions. The proposed scheme cannot only prevent the semihonest server from obtaining user's sensitive information, but also resist to the collusion activities between verifier/receiver and untrusted cloud. We show that the obfuscation scheme achieves the requirement of virtual black-box security under standard cryptographic assumptions. The experiments show that the time of constructing the EVES obfuscator is 63 ms, the signing time of the obfuscated algorithm is 78 ms, and the verifying time of obfuscated signature is 63 ms, which is more efficient and practical than related schemes, and the scheme can be deployed in scenarios requiring electronic transactions in outsourced clouds.

Verifiable and Multi-Keyword Searchable Attribute-Based Encryption Scheme for Cloud Storage

Abstract: In attribute-based searchable encryption (ABSE) scheme, data owners can encrypt their data with access policy for security consideration, and encrypt keywords to obtain keyword index for privacy keyword search, and data users can search interesting keyword on keyword indexes by keyword search trapdoor. However, many existing searchable encryption schemes only support single keyword search and most of the existing attribute-based encryption (ABE) schemes have high computational costs at user client. These problems significantly limit the application of attribute-based searchable encryption schemes in practice. In this paper, we propose a verifiable and multi-keyword searchable attribute-based encryption (VMKS-ABE) scheme for cloud storage, in our new scheme, multi-keyword can be searched and the search privacy is protected. That is, the cloud server can search the multi-keyword with keyword search trapdoor but it does not know any information about the keywords searched. In the proposed scheme, many computing tasks are outsourced to the cloud proxy server, which greatly reduces the computing burden at the user client. Besides, the scheme also supports the verification of the correctness of the outsourced private key. The proposed scheme is proved secure that the keyword index is indistinguishable under the adaptive keyword attacks in the general group model, and the ciphertext is selective secure under selective plaintext attacks in the random oracle model. The security and experimental results show that our scheme is suitable for practicability.

Foiling covert channels and malicious classical post-processing units in quantum key distribution

Abstract: The existing paradigm for the security of quantum key distribution (QKD) suffers from two fundamental weaknesses. First, covert channels have emerged as an important threat and have attracted a lot of attention in security research in conventional information and communication systems. Covert channels (e.g. memory attacks) can fatally break the security of even device-independent quantum key distribution (DI-QKD), whenever QKD devices are re-used. Second, it is often implicitly assumed that the classical post-processing units of a QKD system are trusted. This is a rather strong assumption and is very hard to justify in practice. Here, we propose a new paradigm for the security of QKD that addresses these two fundamental problems. Specifically, we show that by using verifiable secret sharing and multiple optical devices and classical post-processing units, one could re-establish the security of QKD. Our techniques are rather general and they apply to both DI-QKD and non-DI-QKD.

An Efficient ABE Scheme With Verifiable Outsourced Encryption and Decryption

Abstract: Attribute-based encryption (ABE) is a promising cryptographic tool for data owner (DO) to realize fine-grained date sharing in the cloud computing. In the encryption of most existing ABE schemes, a substantial number of modular exponentiations are often required; the computational cost of it is growing linearly with the complexity of the access policy. Besides, in the most existing ABE with outsourced decryption, the computation cost of generating transformation key is growing linearly with the number of attributes associated with user private key; these computations are prohibitively high for mobile device users, which becomes a bottleneck limiting its application. To address the above issues, we propose a secure outsourcing algorithm for modular exponentiation in one single untrusted server model and a new method to generate the transformation key. Based on these techniques and Brent Waters's ciphertext-policy ABE scheme, we propose an ABE scheme with verifiable outsourced both encryption and decryption, which can securely outsource encryption and decryption to untrusted encryption service provider (ESP) and decryption service provider (DSP), respectively, leaving only a constant number of simple operations for the DO and eligible users to perform locally. In addition, both DO and the eligible users can check the correctness of results returned from the ESP and the DSP with a probability, respectively. Finally, we provide the experimental evaluation and security analysis of our scheme, which indicates that our construction is suitable for the mobile environment.