Robert H. Deng

Public Key Cryptography – PKC 2004

We present an extension of Wiener’s attack on small RSA secret decryption exponents [10]. Wiener showed that every RSA public key tuple (N, e) with e ∈ Zφ(N) that satisfies ed − 1 = 0 mod φ(N) for some d < 1 3 N 1 4 yields the factorization of N = pq. Our new method finds p and q in polynomial time for every (N, e) satisfying ex + y = 0 mod φ(N) with

Efficient and practical fair exchange protocols with off-line TTP

We present protocols for fair exchange of electronic data (digital signatures, payment and confidential data) between two parties A and B. Novel properties of the proposed protocols include: 1) offline trusted third party (TTP), i.e., TTP does not take part in the exchange unless one of the parties behaves improperly; 2) only three message exchanges are required in the normal situation; 3) true fair exchange, i.e., either A and B obtain each others data or no party receives anything useful; no loss can be incurred to a party no matter how maliciously the other party behaves during the exchange. This last property is in contrast to previously proposed protocols with offline TTP ([1] and [21]), where a misbehaving party may get another partys data while refusing to send his document to the other party, and the TTP can provide affidavits attesting to what happened during the exchange. To our knowledge, the protocols presented here are the first exchange protocols which use offline TTP and at the same time guarantee true fair exchange of digital messages. We introduce a novel cryptographic primitive, called the Certificate of Encrypted Message Being a Signature (CEMBS), as the basic building block of the fair exchange protocols. It is used to prove that an encrypted message is a certain partys signature on a public file, without revealing the signature. We also give two examples to show in detail how the certificate can be constructed.

Trellis-coded multidimensional phase modulation

A 2L-dimensional multiple phase-shift keyed (L*MPSK) signal set is obtained by forming the Cartesian product of L two-dimensional MPSK signal sets. A systematic approach to partitioning L*MPSK signal sets that is based on block coding is used. An encoder system approach is developed. It incorporates the design of a differential precoder, a systematic convolutional encoder, and a signal set mapper. Trellis-coded L*4PSK, L*8PSK, and L*16PSK modulation schemes are found for 1 >

HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing

Cloud computing has emerged as one of the most influential paradigms in the IT industry in recent years. Since this new computing technology requires users to entrust their valuable data to cloud providers, there have been increasing security and privacy concerns on outsourced data. Several schemes employing attribute-based encryption (ABE) have been proposed for access control of outsourced data in cloud computing; however, most of them suffer from inflexibility in implementing complex access control policies. In order to realize scalable, flexible, and fine-grained access control of outsourced data in cloud computing, in this paper, we propose hierarchical attribute-set-based encryption (HASBE) by extending ciphertext-policy attribute-set-based encryption (ASBE) with a hierarchical structure of users. The proposed scheme not only achieves scalability due to its hierarchical structure, but also inherits flexibility and fine-grained access control in supporting compound attributes of ASBE. In addition, HASBE employs multiple value assignments for access expiration time to deal with user revocation more efficiently than existing schemes. We formally prove the security of HASBE based on security of the ciphertext-policy attribute-based encryption (CP-ABE) scheme by Bethencourt and analyze its performance and computational complexity. We implement our scheme and show that it is both efficient and flexible in dealing with access control for outsourced data in cloud computing with comprehensive experiments.

Anonymous secure routing in mobile ad-hoc networks

Although there are a large number of papers on secure routing in mobile ad-hoc networks, only a few consider the anonymity issue. We define more strict requirements on the anonymity and security properties of the routing protocol, and notice that previous research works only provide weak location privacy and route anonymity, and are vulnerable to specific attacks. Therefore, we propose the anonymous secure routing (ASR) protocol that can provide additional properties on anonymity, i.e. identity anonymity and strong location privacy, and at the same time ensure the security of discovered routes against various passive and active attacks. Detailed analysis shows that ASR can achieve both anonymity and security properties, as defined in the requirements, of the routing protocol in mobile ad-hoc networks.

A Signcryption Scheme with Signature Directly Verifiable by Public Key

Signcryption, first proposed by Zheng [4, 5], is a cryptographic primitive which combines both the functions of digital signature and public key encryption in a logical single step, and with a computational cost siginficantly lower than that needed by the traditional signature-then-encryption approach. In Zhengs scheme, the signature verification can be done either by the recipient directly (using his private key) or by engaging a zero-knowledge interative protocol with a third party, without disclosing recipients private key. In this note, we modify Zhengs scheme so that the recipients private key is no longer needed in signature verification. The computational cost of the modified scheme is higher than that of Zhengs scheme but lower than that of the signature-then-encryption approach.

Variations of Diffie-Hellman Problem

This paper studies various computational and decisional Diffie-Hellman problems by providing reductions among them in the high granularity setting. We show that all three variations of computational Diffie-Hellman problem: square Diffie-Hellman problem, inverse Diffie-Hellman problem and divisible Diffie-Hellman problem, are equivalent with optimal reduction. Also, we are considering variations of the decisional Diffie-Hellman problem in single sample and polynomial samples settings, and we are able to show that all variations are equivalent except for the argument DDH \(\Leftarrow\) SDDH. We are not able to prove or disprove this statement, thus leave an interesting open problem.

Efficient unidirectional proxy re-encryption

Proxy re-encryption (PRE) allows a semi-trusted proxy to convert a ciphertext originally intended for Alice into one encrypting the same plaintext for Bob. The proxy only needs a re-encryption key given by Alice, and cannot learn anything about the plaintext encrypted. This adds flexibility in various applications, such as confidential email, digital right management and distributed storage. In this paper, we study unidirectional PRE, which the re-encryption key only enables delegation in one direction but not the opposite. In PKC 2009, Shao and Cao proposed a unidirectional PRE assuming the random oracle. However, we show that it is vulnerable to chosen-ciphertext attack (CCA). We then propose an efficient unidirectional PRE scheme (without resorting to pairings). We gain high efficiency and CCA-security using the “token-controlled encryption” technique, under the computational Diffie-Hellman assumption, in the random oracle model and a relaxed but reasonable definition.

Practical protocols for certified electronic mail

Electronic mail, or e-mail, has brought us a big step closer towards the vision of paperless offices. To advance even closer to this vision, however, it is essential that existing e-mail systems be enhanced with value-added services which are capable of replacing many of the human procedures established in pen and paper communications. One of the most important and desirable such services is certified e-mail delivery, in which the intended recipient will get the mail content if and only if the mail originator receives an irrefutable proof-of-delivery from the recipient. In this paper, we present the design of two third-party based certified mail protocols, termed CMP1 and CMP2. Both protocols are designed for integration into existing standard e-mail systems and both satisfy the requirements ofnonrepudiation of origin, nonrepudiation of delivery, and fairness. The difference between CMP1 and CMP2 is that the former provides no mail content confidentiality protection while the latter provides such a protection. Moreover, security of the protocols are analyzed using a recently proposed accountability framework.

Attribute-Based Encryption With Verifiable Outsourced Decryption

Attribute-based encryption (ABE) is a public-key-based one-to-many encryption that allows users to encrypt and decrypt data based on user attributes. A promising application of ABE is flexible access control of encrypted data stored in the cloud, using access polices and ascribed attributes associated with private keys and ciphertexts. One of the main efficiency drawbacks of the existing ABE schemes is that decryption involves expensive pairing operations and the number of such operations grows with the complexity of the access policy. Recently, Green et al. proposed an ABE system with outsourced decryption that largely eliminates the decryption overhead for users. In such a system, a user provides an untrusted server, say a cloud service provider, with a transformation key that allows the cloud to translate any ABE ciphertext satisfied by that users attributes or access policy into a simple ciphertext, and it only incurs a small computational overhead for the user to recover the plaintext from the transformed ciphertext. Security of an ABE system with outsourced decryption ensures that an adversary (including a malicious cloud) will not be able to learn anything about the encrypted message; however, it does not guarantee the correctness of the transformation done by the cloud. In this paper, we consider a new requirement of ABE with outsourced decryption: verifiability. Informally, verifiability guarantees that a user can efficiently check if the transformation is done correctly. We give the formal model of ABE with verifiable outsourced decryption and propose a concrete scheme. We prove that our new scheme is both secure and verifiable, without relying on random oracles. Finally, we show an implementation of our scheme and result of performance measurements, which indicates a significant reduction on computing resources imposed on users.