Junzuo Lai

Attribute-Based Encryption With Verifiable Outsourced Decryption

Attribute-based encryption (ABE) is a public-key-based one-to-many encryption that allows users to encrypt and decrypt data based on user attributes. A promising application of ABE is flexible access control of encrypted data stored in the cloud, using access polices and ascribed attributes associated with private keys and ciphertexts. One of the main efficiency drawbacks of the existing ABE schemes is that decryption involves expensive pairing operations and the number of such operations grows with the complexity of the access policy. Recently, Green et al. proposed an ABE system with outsourced decryption that largely eliminates the decryption overhead for users. In such a system, a user provides an untrusted server, say a cloud service provider, with a transformation key that allows the cloud to translate any ABE ciphertext satisfied by that users attributes or access policy into a simple ciphertext, and it only incurs a small computational overhead for the user to recover the plaintext from the transformed ciphertext. Security of an ABE system with outsourced decryption ensures that an adversary (including a malicious cloud) will not be able to learn anything about the encrypted message; however, it does not guarantee the correctness of the transformation done by the cloud. In this paper, we consider a new requirement of ABE with outsourced decryption: verifiability. Informally, verifiability guarantees that a user can efficiently check if the transformation is done correctly. We give the formal model of ABE with verifiable outsourced decryption and propose a concrete scheme. We prove that our new scheme is both secure and verifiable, without relying on random oracles. Finally, we show an implementation of our scheme and result of performance measurements, which indicates a significant reduction on computing resources imposed on users.

Conditional proxy re-encryption secure against chosen-ciphertext attack

In a proxy re-encryption (PRE) system [4], a proxy, authorized by Alice, can convert a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. PRE has found many practical applications requiring delegation. However, it is inadequate to handle scenarios where a fine-grained delegation is demanded. To overcome the limitation of existing PRE systems, we introduce the notion of conditional proxy re-encryption (C-PRE), whereby only ci-phertext satisfying a specific condition set by Alice can be transformed by the proxy and then decrypted by Bob. We formalize its security model and propose an efficient C-PRE scheme, whose chosen-ciphertext security is proven under the 3-quotient bilinear Diffie-Hellman assumption. We further extend the construction to allow multiple conditions with a slightly higher overhead.

Expressive CP-ABE with partially hidden access structures

At Eurocrypt 2005, Sahai and Waters [7] introduced the concept of attribute-based encryption (ABE). ABE enables public key based one-to-many encryption and is envisioned as a promising cryptographic primitive for realizing scalable and fine-grained access control systems. There are two kinds of ABE schemes [1], key-policy ABE (KP-ABE) and ciphertext-policy ABE (CP-ABE) schemes. This paper, our concern is on the latter.

Efficient CCA-Secure PKE from identity-based techniques

Boneh, Canetti, Halevi, and Katz showed a general method for constructing CCA-secure public key encryption (PKE) from any selective-ID CPA-secure identity-based encryption (IBE) schemes. Their approach treated IBE as a black box. Subsequently, Boyen, Mei, and Waters demonstrated how to build a direct CCA-secure PKE scheme from the Waters IBE scheme, which is adaptive-ID CPA secure. They made direct use of the underlying IBE structure, and required no cryptographic primitive other than the IBE scheme itself. However, their scheme requires long public key and the security reduction is loose. In this paper, we propose an efficient PKE scheme employing identity-based techniques. Our scheme requires short public key and is proven CCA-secure in the standard model (without random oracles) with a tight security reduction, under the Decisional Bilinear Diffie-Hellman (DBDH) assumption. In addition, we show how to use our scheme to construct an efficient threshold public key encryption scheme and a public key encryption with non-interactive opening (PKENO) scheme.

Expressive search on encrypted data

Different from the traditional public key encryption, searchable public key encryption allows a data owner to encrypt his data under a users public key in such a way that the user can generate search token keys using her secret key and then query an encryption storage server. On receiving such a search token key, the server filters all or related stored encryptions and returns matched ones as response. Searchable pubic key encryption has many promising applications. Unfortunately, existing schemes either only support simple query predicates, such as equality queries and conjunctive queries, or have a superpolynomial blowup in ciphertext size and search token key size. In this paper, based on the key-policy attribute-based encryption scheme proposed by Lewko et al. recently, we present a new construction of searchable public key encryption. Compared to previous works in this field, our construction is much more expressive and efficient and is proven secure in the standard model.

Verifiable Computation on Outsourced Encrypted Data

On one hand, homomorphic encryption allows a cloud server to perform computation on outsourced encrypted data but provides no verifiability that the computation is correct. On the other hand, homomorphic authenticator, such as homomorphic signature with public verifiability and homomorphic MAC with private verifiability, guarantees authenticity of computation over outsourced data but does not provide data confidentiality. Since cloud servers are usually operated by third-party providers which are almost certain to be outside the trust domain of cloud users, neither homomorphic encryption nor homomorphic authenticator suffices for verifiable computation on outsourced encrypted data in the cloud. In this paper, we propose verifiable homomorphic encryption (VHE), which enables verifiable computation on outsourced encrypted data.

Identity-Based Encryption Secure against Selective Opening Chosen-Ciphertext Attack

Security against selective opening attack (SOA) requires that in a multi-user setting, even if an adversary has access to all ciphertexts from users, and adaptively corrupts some fraction of the users by exposing not only their messages but also the random coins, the remaining unopened messages retain their privacy. Recently, Bellare, Waters and Yilek considered SOA-security in the identity-based setting, and presented the first identity-based encryption (IBE) schemes that are proven secure against selective opening chosen plaintext attack (SO-CPA). However, how to achieve SO-CCA security for IBE is still open.

Authorized Keyword Search on Encrypted Data

Cloud computing has drawn much attention from research and industry in recent years. Plenty of enterprises and individuals are outsourcing their data to cloud servers. As those data may contain sensitive information, it should be encrypted before outsourced to cloud servers. In order to ensure that only authorized users can search and further access the encrypted data, two important capabilities must be supported: keyword search and access control. Recently, rigorous efforts have been made on either keyword search or access control over encrypted data. However, to the best of our knowledge, there is no encryption scheme supporting both capabilities in a public-key scenario so far. In this paper, we propose an authorized searchable public-key encryption scheme supporting expressive search capability and prove it fully secure in the standard model.

Fully secure key-policy attribute-based encryption with constant-size ciphertexts and fast decryption

Attribute-based encryption (ABE), introduced by Sahai and Waters, is a promising cryptographic primitive, which has been widely applied to implement fine-grained access control system for encrypted data. In its key-policy flavor, attribute sets are used to annotate ciphertexts and secret keys are associated with access structures that specify which ciphertexts a user is entitled to decrypt. In most existing key-policy attribute-based encryption (KP-ABE) constructions, the size of the ciphertext is proportional to the number of attributes associated with it and the decryption cost is proportional to the number of attributes used during decryption. In this paper, we present a new construction of KP-ABE. Our proposed construction is the first KP-ABE scheme, which has the following features simultaneously: expressive (i.e., supporting arbitrary monotonic access structures); fully secure in the standard model; constant-size ciphertexts and fast decryption. The downside of our construction is that secret keys have quadratic size in the number of attributes.

Towards semantically secure outsourcing of association rule mining on categorical data

When outsourcing association rule mining to cloud, it is critical for data owners to protect both sensitive raw data and valuable mining results from being snooped at cloud servers. Previous solutions addressing this concern add random noise to the raw data and/or encrypt the raw data with a substitution mapping. However, these solutions do not provide semantic security; partial information about raw data or mining results can be potentially discovered by an adversary at cloud servers under a reasonable assumption that the adversary knows some plaintext-ciphertext pairs. In this paper, we propose the first semantically secure solution for outsourcing association rule mining with both data privacy and mining privacy. In our solution, we assume that the data is categorical. Additionally, our solution is sound, which enables data owners to verify whether there exists any false data in the mining results returned by a cloud server. Experimental study shows that our solution is feasible and efficient.