nach oben

International Journal of Information Security

Erschienen in:

01.08.2013 | Regular Contribution

Adaptive CCA broadcast encryption with constant-size secret keys and ciphertexts

verfasst von: Duong-Hieu Phan, David Pointcheval, Siamak F. Shahandashti, Mario Strefler

Erschienen in: International Journal of Information Security | Ausgabe 4/2013

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

We consider designing public-key broadcast encryption schemes with constant-size secret keys and ciphertexts, achieving chosen-ciphertext security. We first argue that known CPA-to-CCA transforms currently do not yield such schemes. We then propose a scheme, modifying a previous selective CPA secure proposal by Boneh, Gentry, and Waters. Our scheme has constant-size secret keys and ciphertexts, and we prove that it is selective chosen-ciphertext secure based on standard assumptions. Our scheme has ciphertexts that are shorter than those of the previous CCA secure proposals. Then, we propose a second scheme that provides the functionality of both broadcast encryption and revocation schemes simultaneously using the same set of parameters. Finally, we show that it is possible to prove our first scheme adaptive chosen-ciphertext secure under reasonable extensions of the bilinear Diffie–Hellman exponent and the knowledge-of-exponent assumptions. We prove both of these extended assumptions in the generic group model. Hence, our scheme becomes the first to achieve constant-size secret keys and ciphertexts (both asymptotically optimal) and adaptive chosen-ciphertext security at the same time.

Nächster Artikel Less is more: relaxed yet composable security notions for key exchange

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Note that, in comparison with [34], we ignore the \(Reg\) parameter here as it can be regarded as part of \({\textit{EK}}\).

UOWHF is also known as target collision resistance (TCR).

Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) Topics in Cryptology—CT-RSA 2001, vol. 2020 of Lecture Notes in Computer Science. Springer, pp. 143–158 (2001)

Abe, M., Fehr, S.: Perfect NIZK with adaptive soundness. In: Vadhan, S.P. (ed.) TCC 2007: 4th Theory of Cryptography Conference, vol. 4392 of Lecture Notes in Computer Science. Springer, pp. 118–136 (2007)

Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) Advances in Cryptology—EUROCRYPT 2005, vol. 3494 of Lecture Notes in Computer Science, Springer, pp. 440–456 (2005)

Berlekamp, E.R.: Factoring polynomials over large finite fields. Math. Comput. 24(111), 713–735 (1970)MathSciNetCrossRef

Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (eds.) Advances in Cryptology—CRYPTO 2005, vol. 3621 of Lecture Notes in Computer Science. Springer, pp. 258–275 (2005)

Boneh, D., Katz, J.: Improved efficiency for CCA-secure cryptosystems built using identity-based encryption. In: Menezes, A. (ed.) Topics in Cryptology—CT-RSA 2005, vol. 3376 of Lecture Notes in Computer Science. Springer, pp. 87–103 (2005)

Boyen, X., Mei, Q., Waters, B.: Direct chosen ciphertext security from identity-based techniques. In: Atluri, V., Meadows, C., Juels, A. (eds.) ACM CCS 05: 12th Conference on Computer and Communications Security. ACM Press, pp. 320–329 (2005)

Bellare, M., Palacio, A.: The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols. In: Franklin, M. (ed.) Advances in Cryptology—CRYPTO 2004, vol. 3152 of Lecture Notes in Computer Science. Springer, pp. 273–289 (2004)

Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Ashby, V. (ed.) ACM CCS 93: 1st Conference on Computer and Communications Security. ACM Press, pp. 62–73 (1993)

10.

Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J. (eds.) Advances in Cryptology—EUROCRYPT 2004, vol. 3027 of Lecture Notes in Computer Science. Springer, pp. 207–222 (2004)

11.

Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2003)MathSciNetMATHCrossRef

12.

Damgård, I.: Collision free hash functions and public key signature schemes. In: Chaum, D., Price, W.L. (eds.) Advances in Cryptology—EUROCRYPT’87, vol. 304 of Lecture Notes in Computer Science. Springer, pp. 203–216 (1988)

13.

Damgård, I.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) Advances in Cryptology—CRYPTO’91, vol. 576 of Lecture Notes in Computer Science. Springer, pp. 445–456 (1992)

14.

Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)MathSciNetMATHCrossRef

15.

Delerablée, C.: Identity-based broadcast encryption with constant size ciphertexts and private keys. In: Kurosawa, K. (ed.) Advances in Cryptology—ASIACRYPT 2007, vol. 4833 of Lecture Notes in Computer Science. Springer, pp. 200–215 (2007)

16.

Dent, A.W.: The hardness of the dhk problem in the generic group model. Cryptology ePrint Archive, Report 2006/156, 2006. http://eprint.iacr.org/2006/156

17.

Dodis, Y., Fazio, N.: Public-key broadcast encryption for stateless receivers. In: ACM Digital Rights Management–DRM ’02. Springer, Heidelberg, pp. 61–80 (2002). LNCS 2696

18.

Dodis, Y., Fazio, N.: Public key trace and revoke scheme secure against adaptive chosen ciphertext attack. In: Desmedt, Y. (ed.) PKC 2003: 6th International Workshop on Theory and Practice in Public Key Cryptography, vol. 2567 of Lecture Notes in Computer Science. Springer, pp. 100–115 (2003)

19.

Desmedt, Y., Phan, D.H.: A CCA secure hybrid Damgård’s ElGamal encryption. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008: 2nd International Conference on Provable Security, vol. 5324 of Lecture Notes in Computer Science. Springer, pp. 68–82 (2008)

20.

Delerablée, C., Paillier, P., Pointcheval, D.: Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) PAIRING 2007: 1st International Conference on Pairing-based Cryptography, vol. 4575 of Lecture Notes in Computer Science. Springer, pp. 39–59 (2007)

21.

Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.). Advances in Cryptology—CRYPTO’93, vol. 773 of Lecture Notes in Computer Science. Springer, pp. 480–491 (1994)

22.

Goldreich, O., Goldwasser, S., Halevi, S.: Collision-free hashing from lattice problems. Cryptology ePrint Archive, Report 1996/009, http://eprint.iacr.org/1996/009 (1996)

23.

Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N.P. (ed.) Advances in Cryptology—EUROCRYPT 2008, vol. 4965 of Lecture Notes in Computer Science. Springer, pp. 415–432 (2008)

24.

Gentry, C., Waters, B.: Adaptive security in broadcast encryption systems (with short ciphertexts). In: Joux, A., (ed.) Advances in Cryptology—EUROCRYPT 2009, vol. 5479 of Lecture Notes in Computer Science. Springer, pp. 171–188 (2009)

25.

Hada, S., Tanaka, T.: On the existence of 3-round zero-knowledge protocols. In: Krawczyk, H. (ed.) Advances in Cryptology—CRYPTO’98, vol. 1462 of Lecture Notes in Computer Science. Springer, pp. 408–423 (1998)

26.

Kiltz, E.: Chosen-ciphertext security from tag-based encryption. In: Halevi, S., Rabin, T. (eds.) TCC 2006: 3rd Theory of Cryptography Conference, vol. 3876 of Lecture Notes in Computer Science. Springer, pp. 581–600 (2006)

27.

Lindell, Y.: A simpler construction of cca2-secure public-key encryption under general assumptions. In: Biham, E. (ed.) Advances in Cryptology—EUROCRYPT 2003, vol. 2656 of Lecture Notes in Computer Science. Springer, pp. 241–254 (2003)

28.

Lewko, A.B., Sahai, A., Waters, B.: Revocation systems with very small private keys. In: 2010 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, pp. 273–285 (2010)

29.

Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: The non-committing encryption case. In: Yung, M. (ed.) Advances in Cryptology—CRYPTO 2002, vol. 2442 of Lecture Notes in Computer Science. Springer, pp. 111–126 (2002)

30.

Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) Advances in Cryptology—CRYPTO 2001, vol. 2139 of Lecture Notes in Computer Science. Springer, pp. 41–62 (2001)

31.

Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: 21st Annual ACM Symposium on Theory of Computing. ACM Press, pp. 33–43 (1989)

32.

Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: 22nd Annual ACM Symposium on Theory of Computing. ACM Press (1990)

33.

Phan, D.H., Pointcheval, D., Strefler, M.: Adaptively secure broadcast encryption with forward secrecy. Cryptology ePrint Archive, Report 2011/463, 2011. http://eprint.iacr.org/2011/463

34.

Phan, D.H., Pointcheval, D., Strefler, M.: Security notions for broadcast encryption. In: Lopez, J., Tsudik, G. (eds.) ACNS ’11, vol. 6715 of, Lecture Notes in Computer Science, pp. 377–394 (2011)

35.

Phan, D.H., Pointcheval, D., Shahandashti, S.F., Strefler, M.: Adaptive cca broadcast encryption with constant-size secret keys and ciphertexts. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP, vol. 7372 of Lecture Notes in Computer Science. Springer, pp. 308–321 (2012)

36.

Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: 22nd Annual ACM Symposium on Theory of Computing. ACM Press, pp. 387–394 (1990)

37.

Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B.K., Meier, W. (eds.) Fast Software Encryption—FSE 2004, vol. 3017 of Lecture Notes in Computer Science. Springer, pp. 371–388 (2004)

38.

Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: 40th Annual Symposium on Foundations of Computer Science. IEEE Computer Society Press, pp. 543–553 (1999)

39.

Shoup, V.: On the deterministic complexity of factoring polynomials over finite fields. Inf. Process. Lett. 33(5), 261–267 (1990)MathSciNetMATHCrossRef

40.

Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) Advances in Cryptology—EUROCRYPT’97, vol. 1233 of Lecture Notes in Computer Science. Springer, pp. 256–266 (1997)

41.

Simon, D.R.: Finding collisions on a one-way street: Can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) Advances in Cryptology—EUROCRYPT’98, vol. 1403 of Lecture Notes in Computer Science. Springer, pp. 334–345 (1998)

42.

Waters, B.: Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions. In: Halevi, S. (ed.) Advances in Cryptology—CRYPTO 2009, vol. 5677 of Lecture Notes in Computer Science. Springer, pp. 619–636 (2009)

Titel: Adaptive CCA broadcast encryption with constant-size secret keys and ciphertexts
verfasst von: Duong-Hieu Phan
David Pointcheval
Siamak F. Shahandashti
Mario Strefler
Publikationsdatum: 01.08.2013
Verlag: Springer Berlin Heidelberg
Erschienen in: International Journal of Information Security / Ausgabe 4/2013
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-013-0190-0

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2013

An optimistic fair exchange protocol with active intermediaries

Security policies enforcement using finite and pushdown edit automata

A shuffle to achieve high efficiency through pre-computation and batch verification

Less is more: relaxed yet composable security notions for key exchange