g Chen

Efficient ciphertext policy attribute-based encryption with constant-size ciphertext and constant computation-cost

Attribute-based encryption provides good solutions to the problem of anonymous access control by specifying access policies among private keys or ciphertexts over encrypted data. In ciphertext-policy attribute-based encryption (CP-ABE), each user is associated with a set of attributes, and data is encrypted with access structures on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the ciphertext access structure. CP-ABE is very appealing since the ciphertext and data access policies are integrated together in a natural and effective way. n nMost current CP-ABE schemes incur large ciphertext size and computation costs in the encryption and decryption operations which depend at least linearly on the number of attributes involved in the access policy. In this paper, we present two new CP-ABE schemes, which have both constant-size ciphertext and constant computation costs for a nonmonotone AND gate access policy, under chosen plaintext and chosen ciphertext attacks. The security of first scheme can be proven CPA-secure in standard model under the decision n-BDHE assumption. And the security of second scheme can be proven CCA-secure in standard model under the decision n-BDHE assumption and the existence of collision-resistant hash functions. Our scheme can also be extended to the decentralizing multi-authority setting.

Threshold ciphertext policy attribute-based encryption with constant size ciphertexts

In PKC 2010, Herranz et al. proposed the first ciphertext policy attribute-based encryption (CP-ABE) scheme with constant size ciphertexts for threshold predicates. However, their scheme was only secure against chosen plaintext attacks (CPA), which was impossible to obtain security against chosen ciphertext attacks (CCA) in the standard model, and they left open the following three problems for CP-ABE schemes with constant size ciphertexts, i.e., how to achieve full security (i.e., not only the selective security), CCA security in the standard model, and security reduction to a more standard mathematical problem. In this paper, we answer the last two of these three problems affirmatively. Towards our goal, we first design a CPA secure threshold CP-ABE scheme, which can be further upgraded to the CCA security. The security of our schemes can be proved under the decisional q-Bilinear Diffie-Hellman Exponent (q-BDHE) assumption in the selective model. To the best of our knowledge, this is the first construction of CCA secure CP-ABE scheme with constant size ciphertexts that can support flexible threshold access structure in the standard model.

Combined public-key schemes: the case of ABE and ABS

In the context of public key cryptography, combined encryption and signature schemes have attractive properties and are sometimes used in practice. The topic of joint security of signature and encryption schemes has a fairly extensive history. In this paper, we focus on the combined public-key schemes in attribute-based setting. We present a security model for combined CP-ABE and ABS schemes in the joint security setting. An efficient concrete construction of CP-ABE and ABS based on Waterss CP-ABE scheme is proposed. Our scheme is proved to be selectively jointly secure in standard model under reasonable assumptions. Moreover, we consider the problem of how to build attribute-based signcryption (ABSC) and obtain an ABSC scheme and show that it is secure. We also give a general construction of combined ABSC, CP-ABE and ABS schemes from combined CP-ABE and ABS schemes.

Fully secure doubly-spatial encryption under simple assumptions

Recently, Hamburg improved the notion of spatial encryption by presenting a variant called doubly-spatial encryption. As a generalization of the spatial encryption, the doubly-spatial encryption is more powerful and expressive. More useful cryptography systems can be built from it, such as attribute-based encryption, etc. However, the only presented doubly-spatial encryption scheme can only be proved to be selectively secure. n nIn this paper, we primarily focus on the full security of doubly-spatial encryption. A doubly-spatial encryption scheme has been proposed. We apply the dual system methodology proposed by Waters in the security proof. Our scheme can be proved adaptively secure under standard assumptions, the decisional linear assumption and the decisional bilinear Diffe-Hellman assumption, over prime order groups in the standard model. Our scheme is the first fully secure construction of doubly-spatial encryption. As an independent interest, we also propose a fully secure spatial encryption with weak anonymity and constant ciphertext size in the composite order group settings.

Towards a Secure Certificateless Proxy Re-Encryption Scheme

Proxy re-encryption (PRE) is an attractive paradigm, which gives good solutions to the problem of delegation of decryption rights. In proxy re-encryption, a semi-trusted proxy translates a ciphertext for Alice into a ciphertext of the same plaintext for Bob, without learning any information of the underlying message. As far as we know, previous PRE schemes are mainly in traditional public key infrastructure or identity-based cryptography, thus they suffer from certificate management problem or key escrow problem in practice. In order to solve these practical problems, we aim at constructing certificateless proxy re-encryption (CL-PRE) schemes. n nIn this paper, we first introduce a security definition against (replayable) chosen ciphertext attack (CCA) for certificateless proxy re-encryption. In our security model, the adversary is allowed to adaptively corrupt users (in a specific pattern). Then, we give some evidence that it is not easy to construct a secure CL-PRE. Actually, we present an attack to the chosen plaintext secure CL-PRE scheme proposed by Xu et al. [1]. We also show a novel generic construction for certificateless public key encryption (CL-PKE) can not be trivially adapted to CL-PRE by giving an attack to this generic construction. Finally, we present an efficient CL-PRE scheme and prove its security in the random oracle model based on well-known assumptions.

Security analysis of a privacy-preserving decentralized ciphertext-policy attribute-based encryption scheme

As it does not require a central authority or the cooperation among multiple authorities, decentralized attribute‐based encryption is an efficient and flexible multi‐authority attribute‐based encryption system. In most existing multi‐authority attribute‐based encryption schemes, a global identifier (GID) is introduced to act as the linchpin to resist collusion attacks. Because GID as well as some sensitive attributes used to apply for secret keys will lead to the compromise of users privacy, some schemes towards solving these privacy issues have been proposed. Nevertheless, only the privacy of GID was considered in prior works. Recently in ESORICS 2014, Han et al. put forward a privacy‐preserving decentralized ciphertext‐policy attribute‐based encryption scheme in the standard model to address the additive privacy of attributes. In their work, a privacy‐preserving key extract protocol is presented to protect both users identifier and attributes. In this paper, we point out the security weakness of the scheme of Han et al. We present a collusion attack on their basic decentralized ciphertext‐policy attribute‐based encryption scheme and additionally show that the privacy protection of attributes in their privacy‐preserving key extract protocol cannot be provided. Copyright

Security of the SM2 Signature Scheme Against Generalized Key Substitution Attacks

Though existential unforgeability under adaptively chosen-message attacks is well-accepted for the security of digital signature schemes, the security against key substitution attacks is also of interest, and has been considered for several practical digital signature schemes such as DSA and ECDSA. In this paper, we consider generalized key substitution attacks where the base element is considered as a part of the public key and can be substituted. We first show that the general framework of certificate-based signature schemes defined in ISO/IEC 14888-3 is vulnerable to a generalized key substitution attack. We then prove that the Chinese standard SM2 signature scheme is existentially unforgeable against adaptively chosen-message attacks in the generic group model if the underlying hash function h is uniform and collision-resistant and the underlying conversion function f is almost-invertible, and the SM2 digital signature scheme is secure against the generalized key substitution attacks if the underlying hash functions H and h are modeled as non-programmable random oracles NPROs.

Forgeability of Wang-Zhu-Feng-Yau’s Attribute-Based Signature with Policy-and-Endorsement Mechanism

Recently, Wang et al. presented a new construction of attribute-based signature with policy-and-endorsement mechanism. The existential unforgeability of their scheme was claimed to be based on the strong Diffie-Hellman assumption in the random oracle model. Unfortunately, by carefully revisiting the design and security proof of Wang et al.’s scheme, we show that their scheme cannot provide unforgeability, namely, a forger, whose attributes do not satisfy a given signing predicate, can also generate valid signatures. We also point out the flaws in Wang et al.’s proof.