Paz Morillo

Revocable attribute-based signatures with adaptive security in the standard model

An attribute-based signature with respect to a signing policy, chosen ad-hoc by the signer, convinces the verifier that the signer holds a subset of attributes satisfying that signing policy. The verifier must obtain no other information about the identity of the signer or the attributes he holds. This primitive has many applications in real scenarios requiring both authentication and anonymity/privacy properties. We propose in this paper the first attribute-based signature scheme satisfying at the same time the following properties: (1) it admits general signing policies, (2) it is proved secure against fully adaptive adversaries, in the standard model, and (3) the number of elements in a signature depends only on the size of the signing policy. Furthermore, our scheme enjoys the additional property of revocability: an external judge can break the anonymity of a signature, when necessary. This property may be very interesting in real applications where authorities are unwilling to allow full anonymity of users.

Breaking yum and lee generic constructions of certificate-less and certificate-based encryption schemes

Identity-based public key cryptography is aimed at simplifying the management of certificates in traditional public key infrastructures by means of using the identity of a user as its public key. The user must identify itself to a trusted authority in order to obtain the secret key corresponding to its identity. The main drawback of this special form of public key cryptography is that it is key escrowed. Certificate-based and certificate-less cryptography have been recently proposed as intermediate paradigms between traditional and identity-based cryptography, seeking to simplify the management of certificates while avoiding the key escrow property of identity-based cryptography. In this work we cryptanalyse the certificate-based and certificate-less encryption schemes presented by Yum and Lee at EuroPKI 2004 and ICCSA 2004 conferences.

Weighted threshold secret sharing schemes

In a secret sharing scheme, each participant receives a share of a secret in such a way that only authorized subsets can reconstruct the secret. The information rate of a secret sharing scheme is the ratio between the size of the secret and the size of the shares given to the participants. In a weighted threshold scheme each participant has his or her own weight. A subset of participants is authorized to reconstruct the secret if the sum of their weights is greater than or equal to the threshold. This paper deals with weighted threshold schemes, mainly the properties related to the information rate. A complete characterization of the access structures of weighted threshold schemes when all the minimal authorized subsets have at most two elements is presented. Lower bounds for the optimal information rate of these access structures are given.

Improved certificate-based encryption in the standard model

Certificate-based encryption has been recently proposed as a means to simplify the certificate management inherent to traditional public key encryption. In this paper, we present an efficient certificate-based encryption scheme which is fully secure in the standard model. Our construction is more efficient (in terms of computational cost and ciphertext size) than any of the previous constructions known without random oracles.

Cryptographic techniques for mobile ad-hoc networks

In this paper, we propose some cryptographic techniques to securely set up a mobile ad-hoc network. The process is fully self-managed by the nodes, without any trusted party. New nodes can join the network and are able to obtain the same capabilities as initial nodes; further, each node can obtain a pair of secret/public keys to secure and authenticate its communication. Two additional features of our system are that it allows to implement threshold operations (signature or decryption) involving subgroups of nodes in the network and that any subgroup with a small number of nodes (between 2 and 6) can obtain a common secret key without any communication after the set up phase.

Linear broadcast encryption schemes

A new family of broadcast encryption schemes, which will be called linear broadcast encryption schemes (LBESs), is presented in this paper by using linear algebraic techniques. This family generalizes most previous proposals and provides a general framework to the study of broadcast encryption schemes. We present a method to construct, for a general specification structure, LBESs with a good trade-off between the amount of secret information stored by every user and the length of the broadcast message. In this way, we are able to find schemes that fit in situations that have not been considered before.

Linear Key Predistribution Schemes

In a key predistribution scheme, some secret information is distributed among a set of users. For a given family of privileged groups, this secret information must enable every user in a privileged group to compute a common key associated with that group. Besides, this common key must remain unknown to some specified coalitions of users outside the privileged group. We present in this paper a new model, based on linear algebraic techniques, for the design of key predistribution schemes that unifies all previous proposals. This new model provides a common mathematical formulation and a better understanding of key predistribution schemes. Two new families of key predistribution schemes that are obtained by using this model are presented. Those families provide, for some specification structures, schemes that have better information rates than the ones given in previous proposals or fit in situations that have not been considered before.

Extensions of access structures and their cryptographic applications

In secret sharing schemes a secret is distributed among a set of users

The Security of All Bits Using List Decoding

{\mathcal{P}}