We propose the first practical attribute-based signature (ABS) scheme with attribute privacy without pairings in the random oracle model. Our strategy is in the Fiat-Shamir paradigm; we first provide a generic construction of a boolean proof system of Sgm-protocol type. Our boolean proof system is a generalization of the well-known OR-proof system; that is, it can treat any boolean formula instead of a single OR-gate. Then, by combining our boolean proof system with a credential bundle scheme of the Fiat-Shamir signature, we obtain a generic attribute-based identification (ABID) scheme of proof of knowledge. Finally, we apply the Fiat-Shamir transform to our ABID scheme to obtain a generic ABS scheme which possesses attribute privacy and can be proved to be secure in the random oracle model. Our ABS scheme can be constructed without pairings.
{"title":"Attribute-based signatures without pairings via the fiat-shamir paradigm","authors":"Hiroaki Anada, S. Arita, K. Sakurai","doi":"10.1145/2600694.2600696","DOIUrl":"https://doi.org/10.1145/2600694.2600696","url":null,"abstract":"We propose the first practical attribute-based signature (ABS) scheme with attribute privacy without pairings in the random oracle model. Our strategy is in the Fiat-Shamir paradigm; we first provide a generic construction of a boolean proof system of Sgm-protocol type. Our boolean proof system is a generalization of the well-known OR-proof system; that is, it can treat any boolean formula instead of a single OR-gate. Then, by combining our boolean proof system with a credential bundle scheme of the Fiat-Shamir signature, we obtain a generic attribute-based identification (ABID) scheme of proof of knowledge. Finally, we apply the Fiat-Shamir transform to our ABID scheme to obtain a generic ABS scheme which possesses attribute privacy and can be proved to be secure in the random oracle model. Our ABS scheme can be constructed without pairings.","PeriodicalId":359137,"journal":{"name":"ASIAPKC '14","volume":"285 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116105311","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Homomorphic MACs allow the holder of a secret key to construct authenticators for data blocks such that an untrusted server that computes a function of the data, can also compute an authenticator that can be verified by the key holder, guaranteeing correctness of the computation. Homomorphic MACs that allow verifiable computation of multivariate polynomials of degree ≤ 2 have been proposed by Backes, Fiore and Reischuk (CCS 2013). We generalize their construction such that polynomials of degree l>2 can also be computed. Our generalization uses multilinear map abstraction and has security based on the l-linear assumption.
{"title":"Generalized homomorphic MACs with efficient verification","authors":"L. Zhang, R. Safavi-Naini","doi":"10.1145/2600694.2600697","DOIUrl":"https://doi.org/10.1145/2600694.2600697","url":null,"abstract":"Homomorphic MACs allow the holder of a secret key to construct authenticators for data blocks such that an untrusted server that computes a function of the data, can also compute an authenticator that can be verified by the key holder, guaranteeing correctness of the computation. Homomorphic MACs that allow verifiable computation of multivariate polynomials of degree ≤ 2 have been proposed by Backes, Fiore and Reischuk (CCS 2013). We generalize their construction such that polynomials of degree l>2 can also be computed. Our generalization uses multilinear map abstraction and has security based on the l-linear assumption.","PeriodicalId":359137,"journal":{"name":"ASIAPKC '14","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134263739","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Constructing multilinear maps has been long-standing open problem, before recently the first construction based on ideal lattices has been proposed by Garg et al. After this breakthrough, various new cryptographic systems have been proposed. They introduce the concept of level into the encodings, and the system has a function that extracts a deterministic value at only a specific level, and the encodings are unable to downgrade to the lower levels. These properties are useful for cryptography. We study how this graded encoding system be applied to cryptosystems, and we propose two protocols, group key exchange and witness encryption. In our group key exchange, we achieve the communication size and the computation costs per party are both O(1) with respect to the number of parties by piling the encodings of passed parties in one encoding. A witness encryption is a new type cryptosystem using NP-complete problem. The first construction is based on EXACT-COVER problem. We construct it based on another NP complete Hamilton Cycle problem, and prove its security under the Generic Cyclic Colored Matrix Model.
{"title":"Two applications of multilinear maps: group key exchange and witness encryption","authors":"S. Arita, Sari Handa","doi":"10.1145/2600694.2600699","DOIUrl":"https://doi.org/10.1145/2600694.2600699","url":null,"abstract":"Constructing multilinear maps has been long-standing open problem, before recently the first construction based on ideal lattices has been proposed by Garg et al. After this breakthrough, various new cryptographic systems have been proposed. They introduce the concept of level into the encodings, and the system has a function that extracts a deterministic value at only a specific level, and the encodings are unable to downgrade to the lower levels. These properties are useful for cryptography. We study how this graded encoding system be applied to cryptosystems, and we propose two protocols, group key exchange and witness encryption. In our group key exchange, we achieve the communication size and the computation costs per party are both O(1) with respect to the number of parties by piling the encodings of passed parties in one encoding. A witness encryption is a new type cryptosystem using NP-complete problem. The first construction is based on EXACT-COVER problem. We construct it based on another NP complete Hamilton Cycle problem, and prove its security under the Generic Cyclic Colored Matrix Model.","PeriodicalId":359137,"journal":{"name":"ASIAPKC '14","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125171028","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Since its invention in late 70’s, digital signatures have been playing central roles both in theory and practice. The most widely used and direct application is a public-key infrastructure that adds authenticity to communication over insecure network. Digital signatures are also used as building blocks in vast number of cryptographic schemes and protocols. Though the authentication is the essential role of digital signatures, those applications often care for privacy of the signed data or anonymity of the singer. Examples include anonymous e-voting, anonymous e-cash, credential systems, and so on. How these seemingly contradictory natures accommodate? This is where another powerful and important building block called zero-knowledge proofs kick in. It is in particular useful when it comes in with an noninteractive form to save communication complexity. Indeed, complex cryptographic systems are often built in modular fashion that combines several cryptographic schemes. The combination of digital signatures and non-interactive proof system is a standard approach to achieve privacy and authenticity at the same time. In theory, these building blocks had been constructed by early 90’s and they are versatile in exchange of poor efficiency. For practical purposes, invention of efficient non-interactive proof system over bilinear groups by Groth and Sahai in 2008 [12, 13] is a breakthrough and it is followed by practical structure-preserving signatures (SPS) and commitments by Abe, Fuschbauer, Groth, Haralambiev and Ohkubo, in 2010 [4]. A structurepreserving signature scheme is a digital signature scheme whose public-keys, messages, and signatures consist only of elements of source groups of bilinear groups, and verification only evaluates pairing product equations. It is called structure-preserving as the construction preserves the group structure among inputs and outputs. Since the success of their combination, other cryptographic objects such as encryption schemes have been pursued, and variety of applications are proposed, e.g., [10, 11, 14].
{"title":"Introduction of structure-preserving signatures","authors":"Miyako Ohkubo","doi":"10.1145/2600694.2600701","DOIUrl":"https://doi.org/10.1145/2600694.2600701","url":null,"abstract":"Since its invention in late 70’s, digital signatures have been playing central roles both in theory and practice. The most widely used and direct application is a public-key infrastructure that adds authenticity to communication over insecure network. Digital signatures are also used as building blocks in vast number of cryptographic schemes and protocols. Though the authentication is the essential role of digital signatures, those applications often care for privacy of the signed data or anonymity of the singer. Examples include anonymous e-voting, anonymous e-cash, credential systems, and so on. How these seemingly contradictory natures accommodate? This is where another powerful and important building block called zero-knowledge proofs kick in. It is in particular useful when it comes in with an noninteractive form to save communication complexity. Indeed, complex cryptographic systems are often built in modular fashion that combines several cryptographic schemes. The combination of digital signatures and non-interactive proof system is a standard approach to achieve privacy and authenticity at the same time. In theory, these building blocks had been constructed by early 90’s and they are versatile in exchange of poor efficiency. For practical purposes, invention of efficient non-interactive proof system over bilinear groups by Groth and Sahai in 2008 [12, 13] is a breakthrough and it is followed by practical structure-preserving signatures (SPS) and commitments by Abe, Fuschbauer, Groth, Haralambiev and Ohkubo, in 2010 [4]. A structurepreserving signature scheme is a digital signature scheme whose public-keys, messages, and signatures consist only of elements of source groups of bilinear groups, and verification only evaluates pairing product equations. It is called structure-preserving as the construction preserves the group structure among inputs and outputs. Since the success of their combination, other cryptographic objects such as encryption schemes have been pursued, and variety of applications are proposed, e.g., [10, 11, 14].","PeriodicalId":359137,"journal":{"name":"ASIAPKC '14","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122265517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kazuma Ohara, Yusuke Sakai, Fumiaki Yoshida, Mitsugu Iwamoto, K. Ohta
In smart grid systems, security and privacy prevention is great concerns. The suppliers of the power in smart grid systems demand to know the consumption of each customer for correctly calculating billing price and the total amount of consumption in a certain region for managing energy supply adopted real-time needs. On the other hand, the customer of the power desires to hide his/her own consumption profile, since it contains privacy information of the customer. However, hiding the consumption allows customers to reduce billing price. Previous privacy-preserving smart metering schemes provide only one of billing or energy management functionality, or even if both of them are achieved, these schemes cannot verify the integrity of the consumption issued by the smart meter. We propose a novel smart metering scheme that provides both of billing and energy management functionality, as well as verifiability of the integrity of total amount of the consumption or billing price.
{"title":"Privacy-preserving smart metering with verifiability for both billing and energy management","authors":"Kazuma Ohara, Yusuke Sakai, Fumiaki Yoshida, Mitsugu Iwamoto, K. Ohta","doi":"10.1145/2600694.2600700","DOIUrl":"https://doi.org/10.1145/2600694.2600700","url":null,"abstract":"In smart grid systems, security and privacy prevention is great concerns. The suppliers of the power in smart grid systems demand to know the consumption of each customer for correctly calculating billing price and the total amount of consumption in a certain region for managing energy supply adopted real-time needs. On the other hand, the customer of the power desires to hide his/her own consumption profile, since it contains privacy information of the customer. However, hiding the consumption allows customers to reduce billing price. Previous privacy-preserving smart metering schemes provide only one of billing or energy management functionality, or even if both of them are achieved, these schemes cannot verify the integrity of the consumption issued by the smart meter. We propose a novel smart metering scheme that provides both of billing and energy management functionality, as well as verifiability of the integrity of total amount of the consumption or billing price.","PeriodicalId":359137,"journal":{"name":"ASIAPKC '14","volume":"64 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116722510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Two new modification methods, triangular perturbation and dual perturbation, are proposed for multivariate signature schemes to enhance the security with almost no loss of efficiency. A new multivariate signature scheme is then constructed by applying the two new methods together to the well-known Matsumoto-Imai cryptosystem. This new signature scheme has a specially designed structure making it have several competitive advantages: 1) the public map remains surjective (this property is important for a signature scheme), 2) it is almost as efficient as the original scheme and 3) it can resist all current known structure-based attacks to MPKC and behave like a random system against direct attacks. A new efficient and effective modification method is thus provided for multivariate signature schemes.
{"title":"A new perturbed matsumoto-imai signature scheme","authors":"Wenbin Zhang, C. H. Tan","doi":"10.1145/2600694.2600698","DOIUrl":"https://doi.org/10.1145/2600694.2600698","url":null,"abstract":"Two new modification methods, triangular perturbation and dual perturbation, are proposed for multivariate signature schemes to enhance the security with almost no loss of efficiency. A new multivariate signature scheme is then constructed by applying the two new methods together to the well-known Matsumoto-Imai cryptosystem. This new signature scheme has a specially designed structure making it have several competitive advantages: 1) the public map remains surjective (this property is important for a signature scheme), 2) it is almost as efficient as the original scheme and 3) it can resist all current known structure-based attacks to MPKC and behave like a random system against direct attacks. A new efficient and effective modification method is thus provided for multivariate signature schemes.","PeriodicalId":359137,"journal":{"name":"ASIAPKC '14","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125306410","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we propose the first provably secure public key encryption scheme based on the Learning with Errors (LWE) problem, in which secrets and errors are sampled uniformly at random from a relatively small set rather than from the commonly used discrete Gaussian distribution. Using a uniform distribution, instead of a Gaussian, has the potential of improving computational efficiency a great deal due to its simplicity, thus making the scheme attractive for use in practice. At the same time our scheme features the strong security guarantee of being based on the hardness of worst-case lattice problems. After presenting the construction of our scheme we prove its security and propose asymptotic parameters. Finally, we compare our scheme on several measures to one of the most efficient LWE-based encryption schemes with Gaussian noise. We show that the expected efficiency improvement is debunked, due to the large blow-up of the parameter sets involved.
{"title":"Provably secure LWE encryption with smallish uniform noise and secret","authors":"Daniel Cabarcas, Florian Göpfert, P. Weiden","doi":"10.1145/2600694.2600695","DOIUrl":"https://doi.org/10.1145/2600694.2600695","url":null,"abstract":"In this paper we propose the first provably secure public key encryption scheme based on the Learning with Errors (LWE) problem, in which secrets and errors are sampled uniformly at random from a relatively small set rather than from the commonly used discrete Gaussian distribution. Using a uniform distribution, instead of a Gaussian, has the potential of improving computational efficiency a great deal due to its simplicity, thus making the scheme attractive for use in practice. At the same time our scheme features the strong security guarantee of being based on the hardness of worst-case lattice problems. After presenting the construction of our scheme we prove its security and propose asymptotic parameters. Finally, we compare our scheme on several measures to one of the most efficient LWE-based encryption schemes with Gaussian noise. We show that the expected efficiency improvement is debunked, due to the large blow-up of the parameter sets involved.","PeriodicalId":359137,"journal":{"name":"ASIAPKC '14","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115150134","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: