anonymity from asymmetry new constructions for anonymous
play

Anonymity from Asymmetry: New Constructions for Anonymous HIBE - PowerPoint PPT Presentation

Dec 04, 2022 •46 likes •366 views

Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Anonymity from Asymmetry: New Constructions for Anonymous HIBE Ducas L eo, Ecole Normale Superieure, Paris February 23, 2010 Ducas L eo, Ecole Normale

  1. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Anonymity from Asymmetry: New Constructions for Anonymous HIBE Ducas L´ eo, Ecole Normale Superieure, Paris February 23, 2010 Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  2. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Plan 1 Introduction 2 Anonymous IBE Construction 3 Extension to HIBE and HVE 4 Conclusion Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  3. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion 1 Introduction 2 Anonymous IBE Construction 3 Extension to HIBE and HVE 4 Conclusion Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  4. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Identity Based Encryption IBE (Identity Based Encryption System) : any string ca be used as a public key, (knowing some public parameters) HIBE (Hierarchical Identity Based Encryption System) : Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  5. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Identity Based Encryption IBE (Identity Based Encryption System) : any string ca be used as a public key, (knowing some public parameters) corresponding private keys are derived from a master secret HIBE (Hierarchical Identity Based Encryption System) : Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  6. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Identity Based Encryption IBE (Identity Based Encryption System) : any string ca be used as a public key, (knowing some public parameters) corresponding private keys are derived from a master secret HIBE (Hierarchical Identity Based Encryption System) : Public keys are lists of strings, forming a tree Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  7. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Identity Based Encryption IBE (Identity Based Encryption System) : any string ca be used as a public key, (knowing some public parameters) corresponding private keys are derived from a master secret HIBE (Hierarchical Identity Based Encryption System) : Public keys are lists of strings, forming a tree A private key for a node allow derivation of private key for all children nodes Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  8. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Anonymity for (H)IBE Anonymity : Ciphertext should not reveal information about the public Key used to encrypt Building blocks for search on encrypted data systems. Generalizable to Hidden Vector Encryption systems. Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  9. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion (H)IBE construction using pairing Non-anonymous constructions : Boneh & Franklin [BF03] (Bilinear-DH assumption, ROM) Boneh & Boyen [BB04] a.k.a. BB 1 (Bilinear-DH assumption) Waters [Wat05] (Bilinear-DH assumption) Boneh, Boyen & Goh [BBG05] (Bilinear-DH Exponent assumption) Anonymous construction : Boyen & Waters [BW06] (linear assumption) Shi & Waters [SW08] (Composite DH assumption) Seo et al. [SKOS09] (composite DH assumption) Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  10. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Non-anonymity of BB 1 Given a bilinear map e : G × G → G t , and a generator g ∈ G . Setup Choose random α, β, γ, δ ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ . Output PP = ( g , g 1 , g 2 , h ) , mk = g α β Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  11. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Non-anonymity of BB 1 Given a bilinear map e : G × G → G t , and a generator g ∈ G . Setup Choose random α, β, γ, δ ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ . Output PP = ( g , g 1 , g 2 , h ) , mk = g α β mk · ( h I · f ) r , g r � � Extract (I) Choose random r ∈ Z p . Output d I = Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  12. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Non-anonymity of BB 1 Given a bilinear map e : G × G → G t , and a generator g ∈ G . Setup Choose random α, β, γ, δ ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ . Output PP = ( g , g 1 , g 2 , h ) , mk = g α β mk · ( h I · f ) r , g r � � Extract (I) Choose random r ∈ Z p . Output d I = Encrypt (M,I) To encrypt M ∈ G , choose s ∈ Z p and compute C = ( M · e ( g 1 , g 2 ) s , g s , ( h I · f ) s ) Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  13. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Non-anonymity of BB 1 Given a bilinear map e : G × G → G t , and a generator g ∈ G . Setup Choose random α, β, γ, δ ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ . Output PP = ( g , g 1 , g 2 , h ) , mk = g α β mk · ( h I · f ) r , g r � � Extract (I) Choose random r ∈ Z p . Output d I = Encrypt (M,I) To encrypt M ∈ G , choose s ∈ Z p and compute C = ( M · e ( g 1 , g 2 ) s , g s , ( h I · f ) s ) e ( g s , h I ′ f ) = e ( g , ( h I f ) s ) iff I = I ′ . With symmetric pairing anonymity is broken Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  14. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Contribution Tweak on BB 1 [BB04] IBE to make it provably anonymous with asymmetric pairing. Adapt to the Hierarchical version, giving also an Hidden Vector Encryption System The tweak is also applicable to [BBG05] constructions, giving efficiency trade-off alternative for anonymous HIBE. Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  15. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion 1 Introduction 2 Anonymous IBE Construction 3 Extension to HIBE and HVE 4 Conclusion Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  16. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Assumption Given a bilinear map e : G × ˆ G → G t , and a generators g ∈ ˆ g ∈ G , ˆ G . Our assumption : For randoms a , b , c ∈ Z p and T ∈ G It is hard to distinguish between g , g a , g ab , g c , ˆ g a , ˆ g b , g abc � ∈ G 4 × ˆ G 3 × G � D N := g , ˆ g , g a , g ab , g c , ˆ g a , ˆ g b , T ∈ G 4 × ˆ G 3 × G � � D R := g , ˆ Composition of two classic assumption : decisional- BDH and decisional- XDH Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  17. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion The tweak Setup Choose random α, β, γ, δ, η ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ , t = g η and analogues g 1 = ˆ g α . . . . Output G 3 and g 2 , ˆ ∈ G 5 × ˆ � � PP = g , g 1 , h , f , t , ˆ g , ˆ h g αβ , ˆ t ) ∈ ˆ G 3 f , ˆ mk = (ˆ g 0 = ˆ Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  18. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion The tweak Setup Choose random α, β, γ, δ, η ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ , t = g η and analogues g 1 = ˆ g α . . . . Output G 3 and g 2 , ˆ ∈ G 5 × ˆ � � PP = g , g 1 , h , f , t , ˆ g , ˆ h g αβ , ˆ t ) ∈ ˆ G 3 f , ˆ mk = (ˆ g 0 = ˆ Extract (I) Choose random r , R ∈ Z p . Output � h I ˆ f ) r ˆ g R � g 0 (ˆ t R , ˆ g r , ˆ d I = ˆ Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  19. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion The tweak Setup Choose random α, β, γ, δ, η ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ , t = g η and analogues g 1 = ˆ g α . . . . Output G 3 and g 2 , ˆ ∈ G 5 × ˆ � � PP = g , g 1 , h , f , t , ˆ g , ˆ h g αβ , ˆ t ) ∈ ˆ G 3 f , ˆ mk = (ˆ g 0 = ˆ Extract (I) Choose random r , R ∈ Z p . Output � h I ˆ f ) r ˆ g R � g 0 (ˆ t R , ˆ g r , ˆ d I = ˆ Encrypt (M,I) To encrypt M ∈ G , choose s ∈ Z p and compute g 2 ) s , g s , ( h I f ) s , t s � � C = M · e ( g 1 , ˆ Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

438 views • 33 slides
Tokumei Anonymous Social Networking Keefer Rourke 19 October 2016 https://tokumei.co/ Prepared

Tokumei Anonymous Social Networking Keefer Rourke 19 October 2016 https://tokumei.co/ Prepared

Tokumei Anonymous Social Networking Keefer Rourke 19 October 2016 https://tokumei.co/ Prepared for the Guelph Coding Community (GCC) The Importance of Anonymity Anonymity Definition: The condition of being anonymous; having no method for

482 views • 27 slides
Anonymous Communication Martijn Terpstra & Max Tijssen Introduction 1. Definition of

Anonymous Communication Martijn Terpstra & Max Tijssen Introduction 1. Definition of

Anonymous Communication Martijn Terpstra & Max Tijssen Introduction 1. Definition of anonymity 2. Reasons 3. Problems 4. Legal issues and implications 5. PETs 6. Crowds 7. I2P Definition of anonymity The state or quality

607 views • 36 slides
for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

Anonymity Trilemma not all is lost for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 Universitaet zu Luebeck Anonymous Communication (AC) Networks

449 views • 21 slides
The Free Haven project: Distributed Anonymous Storage Service R. Dingledine (MIT), M.J.

The Free Haven project: Distributed Anonymous Storage Service R. Dingledine (MIT), M.J.

http://www.freehaven.net The Free Haven project: Distributed Anonymous Storage Service R. Dingledine (MIT), M.J. Freedman(MIT) and S. Molnar(Harvard) Proceedings of the Workshop on Design Issues in Anonymity and Unobservability, July 2000

446 views • 40 slides
Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

551 views • 44 slides
Relationships Between Broadcast and Shared Memory in Reliable Anonymous Distributed Systems

Relationships Between Broadcast and Shared Memory in Reliable Anonymous Distributed Systems

Relationships Between Broadcast and Shared Memory in Reliable Anonymous Distributed Systems James Aspnes, Yale University Faith Ellen Fich, University of Toronto Eric Ruppert, York University Anonymity Processes do not have identifiers and

773 views • 22 slides
Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is

764 views • 54 slides
Monero an anonymous altcoin Dionysis Zindros ATHECRYPT 2016 Overview Bitcoins problems

Monero an anonymous altcoin Dionysis Zindros ATHECRYPT 2016 Overview Bitcoins problems

Monero an anonymous altcoin Dionysis Zindros ATHECRYPT 2016 Overview Bitcoins problems Moneros solutions Fungibility Anonymity Unlinkability Untraceability Acknowledgments Bitcoin Genve, Universit

734 views • 52 slides
Deployed Anonymity Networks: A brief history Nick Mathewson <nickm@freehaven.net> The

Deployed Anonymity Networks: A brief history Nick Mathewson <nickm@freehaven.net> The

Deployed Anonymity Networks: A brief history Nick Mathewson <nickm@freehaven.net> The Free Haven Project This presentation About me Introduction to anonymous communication High-latency networks Low-latency networks

792 views • 39 slides
How to Bootstrap Anonymous Communication Sune K. Jakobsen 1 Claudio Orlandi 2 1 Queen Mary,

How to Bootstrap Anonymous Communication Sune K. Jakobsen 1 Claudio Orlandi 2 1 Queen Mary,

How to Bootstrap Anonymous Communication Sune K. Jakobsen 1 Claudio Orlandi 2 1 Queen Mary, University of London 2 Aarhus University January 16, 2016 How can you get anonymity? Contact a journalist or publisher, and tell them you want to be

561 views • 34 slides
Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine The Free Haven Project {nickm,arma}@freehaven.net Scope Introduction to anonymity How we got started Introduction to mix-nets

649 views • 27 slides
Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work with Ben Kreuter, Tancrde Lepoint, Mariana Raykova ia.cr/2020/072 1 Definition Anonymous tokens are lightweight, single-use anonymous credentials.

657 views • 61 slides
Alcoh oholics olics Anonymous nymous A Source ce of Hope for the Person on Suff ffering

Alcoh oholics olics Anonymous nymous A Source ce of Hope for the Person on Suff ffering

Alcoh oholics olics Anonymous nymous A Source ce of Hope for the Person on Suff ffering ering from m Alcoho oholism lism AA Area 28 CPC Committee CPC@area28aa.org Endorsed d by by Area 28 PI Committee A.A. A. Anonymity nymity

434 views • 16 slides
Secure Networks Starting with Basic Reference Model for Security Architecture A Historic Review

Secure Networks Starting with Basic Reference Model for Security Architecture A Historic Review

Secure Networks Starting with Basic Reference Model for Security Architecture A Historic Review of a Nascent Industry Seattle University CSSE 572 Spring 2008 Mohsen Banan Guest Speaker May 15, 2008 Less Talked About Security

215 views • 19 slides
Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search Ph.D. Dissertation Defense Zeeshan Pervez Department of Computer Engineering Kyung Hee University, Global Campus, Korea email:

650 views • 24 slides
Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy Duong Hieu Phan David Pointcheval ENS France CNRS-ENS France Asiacrypt '03 Taipei - Taiwan December 1 st 2003 Summary Summary Asymmetric

235 views • 21 slides
Practical Security and Key Management Management University of Amsterdam Introduction SNE -

Practical Security and Key Management Management University of Amsterdam Introduction SNE -

Practical Security and Key Practical Security and Key Management Management University of Amsterdam Introduction SNE - Research Project 2 Research Question Security levels Secure elements By: Key Magiel van der Meer management PGP

778 views • 20 slides
Knowing Just Enough Crypto to be Dangerous Vasilij Schneidermann April 2018 Outline 1 Intro 2

Knowing Just Enough Crypto to be Dangerous Vasilij Schneidermann April 2018 Outline 1 Intro 2

Knowing Just Enough Crypto to be Dangerous Vasilij Schneidermann April 2018 Outline 1 Intro 2 Selected attacks 3 Outro Section 1 Intro About Vasilij Schneidermann, 25 Software developer at bevuta IT, Cologne mail@vasilij.de

485 views • 47 slides
Stay invisible in the digital world 1 Mobile Trust Telecommunications About us We provide a

Stay invisible in the digital world 1 Mobile Trust Telecommunications About us We provide a

Cyber security is a National Security Priority Barack Obama Mobile Trust Telecommunications (MTT) presents Stealthphone Information Security System Stay invisible in the digital world 1 Mobile Trust Telecommunications About us We

501 views • 21 slides
TECHNOLOGY (DLT) AND BLOCKCHAIN Blockchain and its applications INTRODUCTION Ishmeet Singh,

TECHNOLOGY (DLT) AND BLOCKCHAIN Blockchain and its applications INTRODUCTION Ishmeet Singh,

DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN Blockchain and its applications INTRODUCTION Ishmeet Singh, Blockchain Consultant I have built technology products for Fortune 500 companies like MasterCard, MetLife and Adobe. I have also

925 views • 28 slides
Small Form Computing A bump in the wire The questions What can we do with an inexpensive

Small Form Computing A bump in the wire The questions What can we do with an inexpensive

Small Form Computing A bump in the wire The questions What can we do with an inexpensive small computer? Can we make it a part of a seamless wireless mesh network by installing SMesh? Can we make it a robot controller by performing

360 views • 23 slides

More recommend