Rajeev Anand Sahu

Practical and secure integrated PKE+PEKS with keyword privacy

Public-key encryption with keyword search (PEKS) schemes are useful to delegate searching capabilities on encrypted data to a third party, who does not hold the entire secret key, but only an appropriate token which allows searching operations but preserves data privacy. We propose an efficient and practical integrated public-key encryption (PKE) and public-key encryption with keyword search (PEKS) scheme (PKE+PEKS) which we prove to be secure in the strongest security notion for PKE+PEKS schemes. In particular, we provide a unified security proof of its joint CCA-security in standard model. The security of our scheme relies on Symmetric eXternal Diffie-Hellman (SXDH) assumption which is a much simpler and more standard hardness assumption than the ones used in most of the comparable schemes. Ours is the first construction to use asymmetric pairings which enable an extremely fast implementation useful for practical applications. Finally we compare our scheme with other proposed integrated PKE+PEKS schemes and provide a relative analysis of its efficiency.

A Secure Anonymous Proxy Signcryption Scheme

Abstract We introduce a new cryptographic primitive identity-based anonymous proxy signcryption which provides anonymity to the proxy sender while also providing a mechanism to the original sender to expose the identity of the proxy sender in case of misuse. We introduce a formal definition of an identity-based anonymous proxy signcryption (IBAPS) scheme and give a security model for it. We also construct an IBAPS scheme and prove its security under the discrete logarithm assumption and computational Diffie–Hellman assumption. Moreover, we do an efficiency comparison with the existing identity-based signcryption schemes and anonymous signcryption schemes and show that our scheme is much more efficient than those schemes, we also compare the efficiency of our scheme with the available proxy signcryption schemes and show that our scheme provides anonymity to the proxy sender at cost less than those of existing proxy signcryption schemes.

A secure anonymous proxy multi-signature scheme

Proxy signature scheme enables a signer to delegate its signing rights to any other user, called the proxy signer, to produce a signature on its behalf. In a proxy multi-signature scheme, the proxy signer can produce one single signature on behalf of multiple original signers. We propose an efficient and provably secure threshold-anonymous identity-based proxy multi-signature (IBPMS) scheme which provides anonymity to the proxy signer while also providing a threshold mechanism to the original signers to expose the identity of the proxy signer in case of misuse. The proposed scheme is proved secure against adaptive chosen-message and adaptive chosen-ID attacks under the computational Diffie-Hellman assumption. We compare our scheme with the recently proposed anonymous proxy multi-signature scheme and other ID-based proxy multi-signature schemes, and show that our scheme requires significantly less operation time in the practical implementation and thus it is more efficient in computation than the existing schemes.

Short Integrated PKE+PEKS in Standard Model

At SeCrypt 2015, Buccafurri et al. [BLSS15] presented an integrated public-key encryption (PKE) and public-key encryption with keyword search (PEKS) scheme (PKE+PEKS) whose security relies on the Symmetric eXternal Diffie-Hellman (SXDH) assumption but they did not provide a security proof. We present a construction of PKE+PEKS and prove its security in the standard model under the SXDH assumption. We prove that our scheme is both IND-PKE-CCA secure, that is, it provides message confidentiality against an adaptive chosen ciphertext adversary, and IND-PEKS-CCA secure, that is, it provides keyword privacy against an adaptive chosen ciphertext adversary. Ours is the first secure PKE+PEKS construction to use asymmetric pairings which enable an extremely fast implementation useful for practical applications. Our scheme has much shorter ciphertexts than the scheme in [BLSS15] and all other publicly known PKE+PEKS schemes. Finally, we compare our scheme with other proposed PEKS and integrated PKE+PEKS schemes and provide a relative analysis of various parameters including assumption, security and efficiency.

Secure and Efficient Scheme for Delegation of Signing Rights

A proxy signature scheme enables a signer to transfer its signing rights to any other user, called the proxy signer, to produce a signature on its behalf. Multi-proxy signature is a proxy signature primitive which enables a user to transfer its signing rights to a group of proxy signers in such a way that every member of the authorized group must participate to sign a document on behalf of the original signer. We propose an efficient and provably secure identity-based multi-proxy signature scheme from bilinear map based on the hardness of the computational Diffie-Hellman problem. The proposed scheme is proved secure against adaptive chosen message and adaptive chosen-ID attack in random oracle model under the computational Diffie-Hellman assumption. Moreover, we do an efficiency comparison with the existing identity-based multi-proxy signature schemes and show that our scheme is upto 56i¾ź% more efficient in computation than the existing schemes.

Anonymous yet Traceable Strong Designated Verifier Signature

In many privacy-preserving protocols, protection of the user’s identity, called anonymity, is a desirable feature. Another issue is that, if a signed document is leaked then anyone can be convinced of the authenticated data, which is strictly not allowed for sensitive data, instead the authentication only by a designated receiver is recommended. There are many scenarios in real life, for example e-auction, where both the functionalities– anonymity and designated verification are required simultaneously. For such an objective, in this paper we introduce a compact scheme of identity-based strong designated verifier group signature (ID-SDVGS) by combining the good features of strong designated verifier signature and group signature in ID-based setting. This scheme provides anonymity to the signer of a designated verifier signature with the feature of the revocation of signer’s identity in case of misuse or dispute. Moreover, our scheme fulfils all the security properties of the individual components. We have obtained an ID-based instantiation of the generic group signature given by Bellare et al. in Eurocrypt 2003, and have proposed our scheme on that framework. To the best of our knowledge, this is the first construction of ID-SDVGS.

Secure Certificateless Proxy Re-encryption Without Pairing

A Proxy Re-encryption (PRE) is a cryptographic scheme for delegation of decryption rights. In a PRE scheme, a semi-honest proxy agent of Bob re-encrypts the ciphertext, on the message intended for Alice, on behalf of Bob, without learning anything about the message. The PRE schemes are useful in the scenarios where data are desired to be shared with the authorized users over the cloud. For such important applications, in this paper, we present an efficient and secure proxy re-encryption scheme. To avoid the overhead due to certification and to get rid of the key escrow issue of identity-based setting, we construct our scheme on the certificateless setting. The scheme has been proved secure in random oracle model under the standard assumption, the hardness of the computational Diffie-Hellman problem (CDHP). Moreover, as we device a pairing-free construction, our scheme is significantly more efficient than the best available scheme.

Multi-party (Leveled) Homomorphic Encryption on Identity-Based and Attribute-Based Settings

We present constructions of CPA-secure (leveled) homomorphic encryption from learning with errors (LWE) problem. We use the construction introduced by Gentry, Sahai and Waters ‘GSW’ (CRYPTO’13) as building blocks of our schemes. We apply their approximate eigenvector method to our scheme. In contrast to the GSW scheme we provide extensions of the (leveled) homomorphic identity-based encryption (IBE) and (leveled) homomorphic attribute-based encryption (ABE) on the multi-identity and multi-attribute settings respectively. We realize the (leveled) homomorphic property for the multi-party setting by applying tensor product and natural logarithm. Tensor product and natural logarithm allow to evaluate different ciphertexts computed under different public keys. Similar to the GSW scheme, our constructions do not need any evaluation key, which enables evaluation even without the knowledge of user’s public key.

On New Zero-Knowledge Arguments for Attribute-Based Group Signatures from Lattices

Due to its emerging security and computational properties, lattice-based constructions are of prime concerns in recent research. Zero-knowledge evidences serve strongest security guarantees to cryptographic primitives. In this paper we formalize a new zero-knowledge argument (ZKA) suitable for lattice-based construction and employ it to security assurance of the proposed structure of attribute-based group signature on lattice assumption. To the best of our knowledge this paper proposes the first such construction.

Generic Framework for Attribute-Based Group Signature.

We first formalise a generic architecture for attribute-based signatures (ABS). Further we expand the design to the generic framework of an attribute-based group signature (ABGS), combining our generic structure of ABS with the efficient generic design of group signature proposed by Bellare et al. in Eurocrypt 2003. We also analyse security of the proposed constructions following the most standard and strong proof system, the Non-Interactive Zero Knowledge (NIZK) arguments. We emphasise that meanwhile in the process, we first achieve an attribute-based instantiation of the generic group signature scheme given by Bellare et al. and we provide a generic structure of ABGS on that block which has applications in cloud security and other cryptographic problems.