efficient conditional proxy re encryption with chosen
play

Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext - PowerPoint PPT Presentation

Jan 10, 2024 •873 likes •1.04k views

Introduction Model of C-PRE Our proposed C-PRE Scheme Conclusion Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext Security Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Institute for Infocomm Research (I2R),

  1. Introduction Model of C-PRE Our proposed C-PRE Scheme Conclusion Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext Security Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Institute for Infocomm Research (I2R), Singapore School of Information Systems, SMU, Singapore DIES, Faculty of EEMCS, University of Twente, the Netherlands Email: { yyang@i2r.a-star.edu.sg } ISC 2009, Pisa Italy September 5, 2009 Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext

  2. Introduction Model of C-PRE Our proposed C-PRE Scheme Conclusion Outline Introduction Model of Conditional Proxy Re-Encryption(C-PRE). Our Proposed C-PRE Scheme. Conclusion Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext

  3. Introduction Model of C-PRE Proxy Re-Encryption Our proposed C-PRE Scheme Conditional Proxy Re-Encryption Conclusion Proxy Re-Encryption Proxy re-encryption (PRE), introduced by Blaze, Bleumer and Strauss in Eurocrypt’98, allows a semi-trust proxy to convert a ciphertext originally intended for Alice into an encryption of the same message intended for Bob 1 . PRE has found many practical applications, such as digital rights management (DRM), distributed file systems, outsourced filtering of encrypted spam, and encrypted email forwarding, etc. 1 The original ciphertext is called second level ciphertext, and the transformed ciphertext is named first level ciphertext Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext

  4. Introduction Model of C-PRE Proxy Re-Encryption Our proposed C-PRE Scheme Conditional Proxy Re-Encryption Conclusion Conditional Proxy Re-Encryption Traditional PRE enforces coarse-grained delegation of decryption right, in the sense that the proxy can transform all of Alice’s second level ciphertexts. In practice, fine-grained delegation is often more desirable. To address this problem, Tang (Indocrypt’08) and Weng et al. (ASIACCS’09) independently introduced the notion of Conditional Proxy Re-Encryption(C-PRE) 2 . In C-PRE, ciphertexts are generated with respect to a certain condition, and the proxy can translate a ciphertext only if the associated condition is satisfied. 2 In their full paper of PKC’08, Libert and Vergnaud also considered the problem of how to add keywords into PRE, and gave a concrete scheme. Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext

  5. Introduction Model of C-PRE Proxy Re-Encryption Our proposed C-PRE Scheme Conditional Proxy Re-Encryption Conclusion Problems of Existing Models for C-PRE Weng et al. and Tang’s definition and security notion have their respective pros and cons: In Tang’s definition, the proxy needs only one key pair to perform transformation, while the proxy in Weng et al. ’s definition needs two key pair; In Weng et al. ’s definition, a user can acts as delegator for any other users, and can also be the delegatee for any other users. In Tang’s definition, the delegators and the delegatees have to be in different systems, which means that the user in a given system can only act as either (not both) a delegator or a delegatee. Both of Weng et al. and Tang’s security notions only consider the second level ciphertext security, and do not address the first level ciphertext security. Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext

  6. Introduction Model of C-PRE Proxy Re-Encryption Our proposed C-PRE Scheme Conditional Proxy Re-Encryption Conclusion Our Work We re-formalize the definition and security models for C-PRE. In our definition, the proxy needs only one key pair for performing transformations A user can act as the delegator or the delegatee for any other users. We propose a more efficient C-PRE scheme, and prove its CCA-security under our rigorous security model. Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext

  7. Introduction Model of C-PRE Definition of C-PRE Our proposed C-PRE Scheme Security Notions of C-PRE Conclusion Definition of C-PRE A C-PRE scheme consists of the following algorithms: Setup algorithm: Setup ( 1 κ ) = ⇒ param . Key generation algorithm: KeyGen ( 1 κ ) = ⇒ ( pk i , sk i ) . Re-encryption key generation algorithm: ReKeyGen ( sk i , w , pk j ) = ⇒ rk i w → j . Second level encryption algorithm: Enc 2 ( pk , m , w ) = ⇒ CT First level encryption algorithm: Enc 1 ( pk , m ) = ⇒ CT. Re-encryption algorithm: ReEnc ( CT i , rk i w → j ) = ⇒ CT j Second level decryption algorithm: Dec 2 ( CT , sk ) = ⇒ m . First level decryption algorithm: Dec 1 ( CT , sk ) = ⇒ m . Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext

  8. Introduction Model of C-PRE Definition of C-PRE Our proposed C-PRE Scheme Security Notions of C-PRE Conclusion Security Notions of C-PRE: IND-2CPRE-CCA Chosen-ciphertext security for second level ciphertexts ( IND-2CPRE-CCA ): The adversary A is challenged with a second level ciphertext CT ∗ encrypted under a target public key pk i ∗ and a target condition w ∗ . A is allowed to issue a series of queries, except those queries which allow A to trivially decrypt CT ∗ . For examples, A should not obtain the re-encryption key rk i ∗ w ∗ → j where sk j is corrupted. If there exists no polynomial time adversary A can obtain anything about the underlying plaintext of CT ∗ , then the C-PRE is said to be IND-2CPRE-CCA secure. Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext

  9. Introduction Model of C-PRE Definition of C-PRE Our proposed C-PRE Scheme Security Notions of C-PRE Conclusion Security Notions of C-PRE: IND-1CPRE-CCA Chosen-ciphertext security for first level ciphertexts ( IND-1CPRE-CCA ): The adversary A is challenged with a first level ciphertext CT ∗ encrypted under a target public key pk i ∗ . A is allowed to issue a series of queries, except those queries which allow A to trivially decrypt CT ∗ . But now A is even allowed to obtain the re-encryption key rk i ∗ w ∗ → j where sk j is corrupted. If there exists no polynomial time adversary A can obtain anything about the underlying plaintext of CT ∗ , then the C-PRE is said to be IND-1CPRE-CCA secure. Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext

  10. Introduction Principles for Designing CCA-Secure C-PRE Model of C-PRE Our Proposed C-PRE Scheme Our proposed C-PRE Scheme Security of Our Scheme Conclusion Principles for Designing CCA-Secure C-PRE Three principles: The validity of the second level ciphertext should be publicly verifiable. The first level ciphertext should be able to resist the adversary’s malicious manipulating The first level ciphertext should not contains all the components of the second level ciphertext 3 . 3 Otherwise, it will suffers from a similar attack as Zhang et al .’s attack (eprint, 2009/344) against Shao-Cao’s PRE scheme in PKC’09 Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext

  11. Introduction Principles for Designing CCA-Secure C-PRE Model of C-PRE Our Proposed C-PRE Scheme Our proposed C-PRE Scheme Security of Our Scheme Conclusion Our Scheme: A First Attempt Setup ( 1 κ ) : The global parameter is param = (( q , G , G T , e ) , g , n , H 1 , · · · , H 5 ) . KeyGen ( 1 κ ) : user i ’s secret key sk i = x i ∈ R Z q , and public key pk i = g x i . ReKeyGen ( sk i , w , pk j ) : Pick s ∈ R Z q . The re-encryption key from user i to j w.r.t condition w is �� � � − sk i , pk s H 2 ( pk i , w ) pk s rk i w → j = ( rk 1 , rk 2 ) = j i . Enc 2 ( pk , m , w ) : Pick R ∈ R G T , and compute r = H 1 ( m , R ) . The second level ciphertext is g r , R · e ( pk , H 2 ( pk , w )) r , m ⊕ H 3 ( R ) , H 4 ( C 1 , C 2 , C 3 ) r � � CT = ( C 1 , C 2 , C 3 , C 4 ) = . ReEnc ( CT i , rk i w → j ) : Given CT i = ( C 1 , C 2 , C 3 , C 4 ) and rk i w → j = ( rk 1 , rk 2 ) , check e ( C 1 , H 4 ( C 1 , C 2 , C 3 )) ? = e ( g , C 4 ) . If no, output ⊥ ; else output CT j = ( C 1 , C 2 , C 3 , C 4 ) = ( C 1 , C 2 · e ( C 1 , rk 1 ) , C 3 , rk 2 ) . Enc 1 ( pk , m ) : Pick R ∈ R G T , s ∈ R Z ∗ q , and compute r = H 1 ( m , R ) . The first level ciphertext CT is g r , R · e ( g , pk ) − r · s , m ⊕ H 3 ( R ) , g s � � CT = ( C 1 , C 2 , C 3 , C 4 ) = . Algorithms Dec 2 ( CT , sk ) and Dec 1 ( CT , sk ) can be given accordingly. Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NTRUReEncrypt An Efficient Proxy Re-Encryption Scheme based on NTRU David Nu nez , Isaac Agudo,

NTRUReEncrypt An Efficient Proxy Re-Encryption Scheme based on NTRU David Nu nez , Isaac Agudo,

Outline Proxy Re-Encryption NTRU NTRUReEncrypt PS-NTRUReEncrypt Experimental results Conclusions NTRUReEncrypt An Efficient Proxy Re-Encryption Scheme based on NTRU David Nu nez , Isaac Agudo, and Javier Lopez Network, Information and

929 views • 38 slides
Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services

Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services

Outline Introduction Support technologies Privacy-preserving IDaaS system Conclusions Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services David Nu nez , Isaac Agudo, and Javier Lopez Network,

422 views • 24 slides
Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore, India B. Qin and S. Liu LR-CCA Secure

580 views • 47 slides
Lecture 15: Conditional Probability and Independence Math 115 October 29, 2019 1/8 Conditional

Lecture 15: Conditional Probability and Independence Math 115 October 29, 2019 1/8 Conditional

Lecture 15: Conditional Probability and Independence Math 115 October 29, 2019 1/8 Conditional Probability Example : In a group of 30 athletes, 18 are women, 12 are swimmers and 10 are neither. A person is chosen at random. 1. What is the

293 views • 25 slides
Lattice-based Proxy Re-encryption PKC 2014 , 26.03.14 Elena Kirshanova Horst Grtz Institute for

Lattice-based Proxy Re-encryption PKC 2014 , 26.03.14 Elena Kirshanova Horst Grtz Institute for

Lattice-based Proxy Re-encryption PKC 2014 , 26.03.14 Elena Kirshanova Horst Grtz Institute for IT Security Ruhr University Bochum Outline 1 Definition of PRE and Security Model 2 Previous constructions and our contribution 3 One-way functions

971 views • 60 slides
Efficient Threshold Encryption from Lossy Trapdoor Functions Xiang Xie, Rui Xue and Rui Zhang

Efficient Threshold Encryption from Lossy Trapdoor Functions Xiang Xie, Rui Xue and Rui Zhang

Efficient Threshold Encryption from Lossy Trapdoor Functions Xiang Xie, Rui Xue and Rui Zhang SKLOIS Chinese Academy of Sciences Outline Background Our Results Our Constructions Conclusions 2 Threshold Public Key Encryption

854 views • 32 slides
Efficient Ring-LWE Encryption on 8-bit AVR Processors . Zhe Liu 1 Hwajeong Seo 2 Sujoy Sinha Roy

Efficient Ring-LWE Encryption on 8-bit AVR Processors . Zhe Liu 1 Hwajeong Seo 2 Sujoy Sinha Roy

Short Overview Ring-LWE Encryption Scheme Our Implementation Implementation Results Conclusion . Efficient Ring-LWE Encryption on 8-bit AVR Processors . Zhe Liu 1 Hwajeong Seo 2 Sujoy Sinha Roy 3 adl 1 Howon Kim 2 Ingrid Verbauwhede 3

1.4k views • 102 slides
I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing

I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing

I n t e r n s L i g h t n i n g T a l k s Proxy editing PiTiVi Proxy editing Anton Belka, antonbelka@gmail.com GUADEC 2013 The TM Conference GUADEC Proxy editing What is proxy editing? Proxy editing is the ability to

1.75k views • 143 slides
Identity-Based Cryptosystems and Quadratic Residuosity Marc Joye Proxy: Fabrice Benhamouda PKC

Identity-Based Cryptosystems and Quadratic Residuosity Marc Joye Proxy: Fabrice Benhamouda PKC

Identity-Based Encryption Cocks IBE Scheme Algebraic Structure Applications Conclusion Identity-Based Cryptosystems and Quadratic Residuosity Marc Joye Proxy: Fabrice Benhamouda PKC 2016 Tapei, Taiwan 1 / 20 Identity-Based Encryption

655 views • 38 slides
Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key

Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key

Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key Encryption Accepted security notion: chosen-ciphertext security (IND-CCA) Public-Key Encryption Accepted security notion: chosen-ciphertext security

1.16k views • 83 slides
GAN Compression: Efficient Architectures for Interactive Conditional GANs Muyang Li 1,3 , Ji Lin 1

GAN Compression: Efficient Architectures for Interactive Conditional GANs Muyang Li 1,3 , Ji Lin 1

GAN Compression: Efficient Architectures for Interactive Conditional GANs Muyang Li 1,3 , Ji Lin 1 , Yaoyao Ding 1,3 , Zhijian Liu 1 , Jun-Yan Zhu 2 , and Song Han 1 1 Massachusetts Institute of Technology 2 Adobe Research. 3 Shanghai Jiao Tong

442 views • 15 slides
Efficient KDM-CCA Secure Public-Key Encryption for Polynomial Functions Shuai Han, Shengli Liu,

Efficient KDM-CCA Secure Public-Key Encryption for Polynomial Functions Shuai Han, Shengli Liu,

Efficient KDM-CCA Secure Public-Key Encryption for Polynomial Functions Shuai Han, Shengli Liu, and Lin Lyu 1. Shanghai Jiao Tong University 2. State Key Laboratory of Cryptology 3. Westone Cryptologic Research Center Asiacrypt 2016, Hanoi,

950 views • 73 slides
Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh,

Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh,

Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology New Security Challenges Current computer

411 views • 26 slides
MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers

MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers

MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers forward requests to backends and can transform, handle or block them released under the GPL see http://forge.mysql.com/wiki/MySQL_Proxy

945 views • 27 slides
Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng

Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer Hong-Sheng Zhou University of Connecticut Joint work with Juan Garay (AT&T) and Daniel Wichs (NYU) CRYPTO 2009 Outline Background New Approach

789 views • 36 slides
Backward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates Hyung Tae Lee

Backward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates Hyung Tae Lee

Backward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates Hyung Tae Lee Chonbuk National University, Republic of Korea June 14, 2019@ Workshop on Modern Trends in Cryptography Table of contents 1. Introduction 2.

537 views • 25 slides
john@dwagents.com www.JoinDWHSA.com (Contact John for the link to a special DWHSA application

john@dwagents.com www.JoinDWHSA.com (Contact John for the link to a special DWHSA application

11/16/2013 DWHSA Webinars Tame Your Phone Calls and Voicemails With Google Voice Questions? john@dwagents.com www.JoinDWHSA.com (Contact John for the link to a special DWHSA application form with the $25 discount [good through Dec. 20].)

519 views • 13 slides
1 DARIUS . WOOD @ BEAZLEY . COM AHART @ CRAI . COM BRADKE @ POLSINELLI . COM 2 B USINESS E MAIL C

1 DARIUS . WOOD @ BEAZLEY . COM AHART @ CRAI . COM BRADKE @ POLSINELLI . COM 2 B USINESS E MAIL C

1 DARIUS . WOOD @ BEAZLEY . COM AHART @ CRAI . COM BRADKE @ POLSINELLI . COM 2 B USINESS E MAIL C OMPROMISES (BEC) T RENDS P ROTECTION L EGAL I MPLICATIONS R ANSOMWARE A TTACKS T RENDS R ECOVERY P ROTECTION L EGAL I

594 views • 17 slides
15 Years of Broken Encrypted Emails and were still doing it wrong Alfredo Pironti

15 Years of Broken Encrypted Emails and were still doing it wrong Alfredo Pironti

15 Years of Broken Encrypted Emails and were still doing it wrong Alfredo Pironti IOActive alfredo.pironti@ioactive.com IMDEA - NEXTLEAP 3 Mar 2017 1 Agenda Intro to OpenPGP An efficient attack on signatures And

459 views • 25 slides
Electronic Mail Prof. Indranil Sen Gupta Professor, Dept. of Computer Science & Engineering

Electronic Mail Prof. Indranil Sen Gupta Professor, Dept. of Computer Science & Engineering

Electronic Mail Prof. Indranil Sen Gupta Professor, Dept. of Computer Science & Engineering Indian Institute of Technology Kharagpur 1 Introduction Most heavily used application on the Internet. Simple Mail Transfer Protocol

555 views • 27 slides
Towards Scatterbox: A Context-Aware Message Forwarding Platform Stephen Knox, Adrian K Clear,

Towards Scatterbox: A Context-Aware Message Forwarding Platform Stephen Knox, Adrian K Clear,

Towards Scatterbox: A Context-Aware Message Forwarding Platform Stephen Knox, Adrian K Clear, Lorcan Coyle, Ross Shannon, Simon Dobson, Aaron Quigley and Paddy Nixon Systems Research Group School of Computer Science and Informatics UCD CASL,

431 views • 19 slides
The Clock is Ticking Moving from in person to virtual reference in a hurry Agenda How we

The Clock is Ticking Moving from in person to virtual reference in a hurry Agenda How we

The Clock is Ticking Moving from in person to virtual reference in a hurry Agenda How we prepared What we did not expect How to better prepare next time Opportunities and unexpected upsides How we prepared Challenges Set Up

357 views • 21 slides
MOBILE COMPUTING CSE 40814/60814 Fall 2015 System Structure explicit explicit input output 1

MOBILE COMPUTING CSE 40814/60814 Fall 2015 System Structure explicit explicit input output 1

9/27/15 MOBILE COMPUTING CSE 40814/60814 Fall 2015 System Structure explicit explicit input output 1 9/27/15 Context as Implicit Input explicit explicit input output Context: state of the user state of the

679 views • 26 slides
P2P Applications Niels Olof Bouvin 1 Purpose Demonstrate the use of P2P techniques in

P2P Applications Niels Olof Bouvin 1 Purpose Demonstrate the use of P2P techniques in

P2P Applications Niels Olof Bouvin 1 Purpose Demonstrate the use of P2P techniques in real applications Show how a well designed P2P framework can be extended to support wildly di ff erent uses 2 Overview YouServ YouSearch PAST

761 views • 72 slides

More recommend