Veronika Kuchta

A Categorical Approach in Handling Event-Ordering in Distributed Systems

The issue of event-ordering in distributed systems is crucial an connected to threat management. In this paper, we investigate the use of modifications for handling event-ordering. We employ category theory to strike a balance between Lamport clocks, which enforce global order but lose information about causality, and Vector clocks, which have more precise causality information but do not scale well. We extend previous work on Godement calculus and cartesian closed comma categories for information security management. Finally, we propose a framework for implementing our approach in the detection of threats and attacks in communication systems.

Multi-authority Distributed Attribute-Based Encryption with Application to Searchable Encryption on Lattices

Many Internet users deploy several cloud services for storing sensitive data. Cloud services provide the opportunity to perform cheap and efficient storage techniques. In order to guarantee secrecy of uploaded data, users need first to encrypt it before uploading it to the cloud servers. There are also certain services which allow user to perform search operations according to certain attributes without revealing any information about the encrypted content. In the cryptographic community this service is known as the public key encryption with keyword search. In order to enable user control during performed search operations there exists an attribute-based encryption scheme that provides the required functionality. We introduce the first Key-Policy Multi-Authority Attribute-Based Encryption (KP-MABE) on lattices assuming existence of multiple servers, where each of these servers contributes to the decryption process by computing decryption shares using its own secret share. Furthermore we construct a Key-Policy Distributed Attribute-Based Searchable Encryption (DABSE) which is based on lattices and use the introduced KP-MABE as a building block for the transformation to DABSE. We prove our scheme secure against chosen ciphertext attacks under the assumption that the underlying KP-MABE is secure under the hardness of learning with errors (LWE) problem.

Secure Certificateless Proxy Re-encryption Without Pairing

A Proxy Re-encryption (PRE) is a cryptographic scheme for delegation of decryption rights. In a PRE scheme, a semi-honest proxy agent of Bob re-encrypts the ciphertext, on the message intended for Alice, on behalf of Bob, without learning anything about the message. The PRE schemes are useful in the scenarios where data are desired to be shared with the authorized users over the cloud. For such important applications, in this paper, we present an efficient and secure proxy re-encryption scheme. To avoid the overhead due to certification and to get rid of the key escrow issue of identity-based setting, we construct our scheme on the certificateless setting. The scheme has been proved secure in random oracle model under the standard assumption, the hardness of the computational Diffie-Hellman problem (CDHP). Moreover, as we device a pairing-free construction, our scheme is significantly more efficient than the best available scheme.

Multi-party (Leveled) Homomorphic Encryption on Identity-Based and Attribute-Based Settings

We present constructions of CPA-secure (leveled) homomorphic encryption from learning with errors (LWE) problem. We use the construction introduced by Gentry, Sahai and Waters ‘GSW’ (CRYPTO’13) as building blocks of our schemes. We apply their approximate eigenvector method to our scheme. In contrast to the GSW scheme we provide extensions of the (leveled) homomorphic identity-based encryption (IBE) and (leveled) homomorphic attribute-based encryption (ABE) on the multi-identity and multi-attribute settings respectively. We realize the (leveled) homomorphic property for the multi-party setting by applying tensor product and natural logarithm. Tensor product and natural logarithm allow to evaluate different ciphertexts computed under different public keys. Similar to the GSW scheme, our constructions do not need any evaluation key, which enables evaluation even without the knowledge of user’s public key.

On New Zero-Knowledge Arguments for Attribute-Based Group Signatures from Lattices

Due to its emerging security and computational properties, lattice-based constructions are of prime concerns in recent research. Zero-knowledge evidences serve strongest security guarantees to cryptographic primitives. In this paper we formalize a new zero-knowledge argument (ZKA) suitable for lattice-based construction and employ it to security assurance of the proposed structure of attribute-based group signature on lattice assumption. To the best of our knowledge this paper proposes the first such construction.

Generic Framework for Attribute-Based Group Signature.

We first formalise a generic architecture for attribute-based signatures (ABS). Further we expand the design to the generic framework of an attribute-based group signature (ABGS), combining our generic structure of ABS with the efficient generic design of group signature proposed by Bellare et al. in Eurocrypt 2003. We also analyse security of the proposed constructions following the most standard and strong proof system, the Non-Interactive Zero Knowledge (NIZK) arguments. We emphasise that meanwhile in the process, we first achieve an attribute-based instantiation of the generic group signature scheme given by Bellare et al. and we provide a generic structure of ABGS on that block which has applications in cloud security and other cryptographic problems.

Authenticated Group Key Agreement Protocol Without Pairing.

Since the inception of pairing-based constructions in cryptography, the authentication in group key agreement (GKA) protocol has been usually achieved by pairings. But due to high computation cost of pairing such constructions are inefficient for practical implementation, specially for low power devices. Also, in almost all such constructions leakage of both the keys- the long-term secret key and the ephemeral key has not been considered for security guarantee. In this view, construction of an efficient and secure GKA protocol is desired. In this paper, we propose an authenticated GKA protocol without pairing. We have achieved security of the proposed scheme following the most standard and recent security notion namely the EGBG model. In particular, we have proved the authenticated key exchange (AKE) security and the mutual authentication (MA) security with full forward secrecy, considering leakage of both the keys long-term and ephemeral, adopting a comparatively efficient technique, the game hopping technique. Our proposed scheme is more efficient in the view of computation and operation time with compare to the existing similar schemes, hence it is more acceptable for the tiny processors. To the best of our knowledge ours is the first pairing free balanced AGKA protocol secure in the EGBG model.

Identity-Based Threshold Encryption on Lattices with Application to Searchable Encryption

As more Internet users are getting interested in using cloud services for storing sensitive data, it motivates the user to encrypt the private data before uploading it to the cloud. There are services which allow an user to conduct searches without revealing anything about the encrypted data. This service is provided by public key encryption with keyword search. Our main contributions is the construction of a lattice-based identity-based threshold decryption (IBTD) that is anonymous and indistinguishable against chosen ciphertext attacks. Furthermore, using the transformation technique from Abdalla et al. [CRYPTO’05] we present the application of our IBTD scheme which can be transformed to a distributed public key encryption with keyword search. The distributed setting allows to split the role of one server into multiple servers in order to distribute the single point of failure. Our construction uses the particularly efficient mathematical construct, called lattices that make our scheme resistant against quantum attacks. We give an efficient construction of a lattice-based IBTD scheme and prove it secure under the hardness of learning with errors (LWE) problem.