Bilinear Diffie-Hellman Research Articles

Deniable authenticated encryption for e-mail applications

ABSTRACTIn this paper, we introduce a deniable electronic mail authenticated encryption service. Our design meets the security requirement of the current Pretty Good Privacy and Secure/Multipurpose Internet Mail Extensions to provide message confidentiality and message authentication without the undesired non-repudiation, which can protect the individual privacy of the sender when communication occurs in open channels. Our scheme is based on the bilinear pairings, which is provably secure in the random oracle model under the bilinear Diffie-Hellman and computational Diffie-Hellman assumptions. In addition, our scheme needs a little high communication overhead. However, this extra cost is reasonable for the properties of deniable authentication, confidentiality, and ciphertext anonymity.

A keyword searchable attribute-based encryption scheme with attribute update for cloud storage.

Ciphertext-policy attribute-based encryption (CP-ABE) scheme is a new type of data encryption primitive, which is very suitable for data cloud storage for its fine-grained access control. Keyword-based searchable encryption scheme enables users to quickly find interesting data stored in the cloud server without revealing any information of the searched keywords. In this work, we provide a keyword searchable attribute-based encryption scheme with attribute update for cloud storage, which is a combination of attribute-based encryption scheme and keyword searchable encryption scheme. The new scheme supports the user's attribute update, especially in our new scheme when a user's attribute need to be updated, only the user's secret key related with the attribute need to be updated, while other user's secret key and the ciphertexts related with this attribute need not to be updated with the help of the cloud server. In addition, we outsource the operation with high computation cost to cloud server to reduce the user's computational burden. Moreover, our scheme is proven to be semantic security against chosen ciphertext-policy and chosen plaintext attack in the general bilinear group model. And our scheme is also proven to be semantic security against chosen keyword attack under bilinear Diffie-Hellman (BDH) assumption.

Decentralized attribute-based encryption and data sharing scheme in cloud storage

In this paper, we consider the problems of data sharing between multiple distrusted authorities. Prior solutions rely on trusted third parties such as CAs, or are susceptible to collusion between malicious authorities, which can comprise the security of honest ones. In this paper, we propose a new multi-authority data sharing scheme — Decentralized Multi-Authority ABE (DMA), which is derived from CP-ABE that is resilient to these types of misbehavior. Our system distinguishes between a data owner (DO) principal and attribute authorities (AAs): the DO owns the data but allows AAs to arbitrate access by providing attribute labels to users. The data is protected by policy encryption over these attributes. Unlike prior systems, attributes generated by AAs are not user-specific, and neither is the system susceptible to collusion between users who try to escalate their access by sharing keys. We prove our scheme correct under the Decisional Bilinear Diffie-Hellman (DBDH) assumption; we also include a complete end-to-end implementation that demonstrates the practical efficacy of our technique.

Certificateless Aggregate Deniable Authentication Protocol for Ad Hoc Networks

Deniable authentication allows a receiver to identify the source of a given message, but cannot prove the source of a given message to any third party. It can be employed in electronic voting (e-voting) systems, electronic tendering (e-tendering) systems and secure networks negotiation. These applications can be well realised in ad hoc networks. Therefore, deniable authentication is an essential security requirement for ad hoc networks. Aggregate deniable authentication is a method for combining n authenticator of n distinct messages from n distinct users into one single authenticator. This feature is very attractive in bandwidth-limited ad hoc networks. In this paper, we present an efficient certificateless aggregate deniable authentication protocol. Our protocol is based on certificateless public key cryptography that has neither the public key certificates management problem in traditional public key infrastructure (PKI) cryptography nor the key escrow problem in identity-based cryptography. The security of our protocol can be proven in the random oracle model under the bilinear Diffie-Hellman (BDH) and computational Diffie-Hellman (CDH) problems. In addition, our protocol adopts aggregate verification that can speed up the verification of authenticators. Our protocol is very suitable for ad hoc networks.

Certificateless aggregate deniable authentication protocol for ad hoc networks

Deniable authentication allows a receiver to identify the source of a given message, but cannot prove the source of a given message to any third party. It can be employed in electronic voting (e-voting) systems, electronic tendering (e-tendering) systems and secure networks negotiation. These applications can be well realised in ad hoc networks. Therefore, deniable authentication is an essential security requirement for ad hoc networks. Aggregate deniable authentication is a method for combining n authenticator of n distinct messages from n distinct users into one single authenticator. This feature is very attractive in bandwidth-limited ad hoc networks. In this paper, we present an efficient certificateless aggregate deniable authentication protocol. Our protocol is based on certificateless public key cryptography that has neither the public key certificates management problem in traditional public key infrastructure (PKI) cryptography nor the key escrow problem in identity-based cryptography. The security of our protocol can be proven in the random oracle model under the bilinear Diffie-Hellman (BDH) and computational Diffie-Hellman (CDH) problems. In addition, our protocol adopts aggregate verification that can speed up the verification of authenticators. Our protocol is very suitable for ad hoc networks.

Certificateless multi-signcryption scheme in standard model

A signcryption scheme can realise the security objectives of encryption and signature simultaneously, which has lower computational cost and communication overhead than the sign-then-encrypt approach. To adapt multi-user settings and solve key escrow problem of ID-based multi-signcryption schemes, we defined the formal model of certificateless multi-signcryption scheme and proposed a certificateless multi-signcryption scheme in the standard model. The scheme is proved secure against adaptive chosen ciphertext attacks and adaptive chosen message attacks under decisional bilinear Diffie-Hellman assumption and computational Diffie-Hellman assumption respectively.

Secure Attribute-Based Signature Scheme With Multiple Authorities for Blockchain in Electronic Health Records Systems

Electronic Health Records (EHRs) are entirely controlled by hospitals instead of patients, which complicates seeking medical advices from different hospitals. Patients face a critical need to focus on the details of their own healthcare and restore management of their own medical data. The rapid development of blockchain technology promotes population healthcare, including medical records as well as patient-related data. This technology provides patients with comprehensive, immutable records, and access to EHRs free from service providers and treatment websites. In this paper, to guarantee the validity of EHRs encapsulated in blockchain, we present an attribute-based signature scheme with multiple authorities, in which a patient endorses a message according to the attribute while disclosing no information other than the evidence that he has attested to it. Furthermore, there are multiple authorities without a trusted single or central one to generate and distribute public/private keys of the patient, which avoids the escrow problem and conforms to the mode of distributed data storage in the blockchain. By sharing the secret pseudorandom function seeds among authorities, this protocol resists collusion attack out of N from N -1 corrupted authorities. Under the assumption of the computational bilinear Diffie-Hellman, we also formally demonstrate that, in terms of the unforgeability and perfect privacy of the attribute-signer, this attribute-based signature scheme is secure in the random oracle model. The comparison shows the efficiency and properties between the proposed method and methods proposed in other studies.

A revocable certificateless encryption scheme with high performance

Featuring no key escrow and no certificate, certificateless public key cryptography (CLPKC) has received much attention. A necessary problem in CLPKC is how to revoke a compromised/misbehaving user, which still remains to be efficiently solved: all existing methods are not practical for use owing to either enormous computation (secret channels), or a costly mediator. In this paper, we present a new approach for revocation in CLPKC and give a revocable certificateless encryption (RCLE) scheme. In the new scheme, a user's private key contains three parts: an initial partial private key, a time key and a secret value. The time key is updated at every time period and is transmitted over a public channel. Our construction offers higher performance than previous solutions. Based on the bilinear Diffie-Hellman problem, our RCLE scheme is provably secure in the random oracle model.

Fine-Grained Access Control Systems Suitable for Resource-Constrained Users in Cloud Computing

For the sake of practicability of cloud computing, fine-grained data access is frequently required in the sense that users with different attributes should be granted different levels of access privileges. However, most of existing access control solutions are not suitable for resource-constrained users because of large computation costs, which linearly increase with the complexity of access policies. In this paper, we present an access control system based on ciphertext-policy attribute-based encryption. The proposed access control system enjoys constant computation cost and is proven secure in the random oracle model under the decision Bilinear Diffie-Hellman Exponent assumption. Our access control system supports AND-gate access policies with multiple values and wildcards, and it can efficiently support direct user revocation. Performance comparisons indicate that the proposed solution is suitable for resource-constrained environment.

Attribute-Hiding Predicate Encryption With Equality Test in Cloud Computing

Public key encryption with equality test (PKE-ET) enables anyone to perform equivalence test between two messages encrypted under distinct public keys. Attribute-hiding predicate encryption is a paradigm for public key encryption that supports both attribute-hiding and fine-grained access control. In this paper, we first initialize the concept of attribute-hiding predicate encryption with equality test (AH-PE-ET) by incorporating the notions of PKE-ET and PE, and then propose a concrete AH-PE-ET scheme. Inheriting the merits of predicate encryption, versatile access control can be achieved such that the ciphertexts and the secret key are, respectively, associated with the descriptive attributes $x$ and the boolean functions $f$ and decryption can only be done if $f(x)$ returns true . In the AH-PE-ET scheme, one data receiver can calculate a trapdoor using his/her private key and delivers this trapdoor to an untrusted cloud server, who in turn compares the ciphertexts from this receiver with other receivers’ ciphertexts. During the comparison, the information about the trapdoor as well as the attributes associated with the ciphertexts will not be disclosed to this cloud server. Furthermore, it is also proven to be selectively secure against the chosen plaintext attack in the standard model under the decisional bilinear Diffie-Hellman assumption. Finally, the theoretical performance analysis and experimental simulation indicate the feasibility and practicability of our suggested scheme.

A revocable certificateless encryption scheme with high performance

Featuring no key escrow and no certificate, certificateless public key cryptography (CLPKC) has received much attention. A necessary problem in CLPKC is how to revoke a compromised/misbehaving user, which still remains to be efficiently solved: all existing methods are not practical for use owing to either enormous computation (secret channels), or a costly mediator. In this paper, we present a new approach for revocation in CLPKC and give a revocable certificateless encryption (RCLE) scheme. In the new scheme, a user's private key contains three parts: an initial partial private key, a time key and a secret value. The time key is updated at every time period and is transmitted over a public channel. Our construction offers higher performance than previous solutions. Based on the bilinear Diffie-Hellman problem, our RCLE scheme is provably secure in the random oracle model.

Searchable attribute-based encryption scheme with attribute revocation in cloud storage.

Attribute based encryption (ABE) is a good way to achieve flexible and secure access control to data, and attribute revocation is the extension of the attribute-based encryption, and the keyword search is an indispensable part for cloud storage. The combination of both has an important application in the cloud storage. In this paper, we construct a searchable attribute-based encryption scheme with attribute revocation in cloud storage, the keyword search in our scheme is attribute based with access control, when the search succeeds, the cloud server returns the corresponding cipher text to user and the user can decrypt the cipher text definitely. Besides, our scheme supports multiple keywords search, which makes the scheme more practical. Under the assumption of decisional bilinear Diffie-Hellman exponent (q-BDHE) and decisional Diffie-Hellman (DDH) in the selective security model, we prove that our scheme is secure.

Sequence aware functional encryption and its application in searchable encryption

As a new broad vision of public-key encryption systems, functional encryption provides a promising solution for many challenging security problems such as expressive access control and searching on encrypted data. In this paper, we present two Sequence Aware Function Encryption (SAFE) schemes. Such a scheme is very useful in many forensics applications where the order (or pattern) of the attributes forms an important characteristic of an attribute sequence. Our first scheme supports the matching of two bit strings, while the second scheme can support the matching of general characters. These two schemes are constructed based on the standard Decision Linear and Decision Bilinear Diffie-Hellman assumptions. In addition, we show that our SAFE schemes can also provide the additional feature of attribute-hiding, which is desirable in forensics applications. Moreover, we give an interesting application of SAFE schemes in constructing Sequential Aware Keyword Search (SAKS) schemes.

Multi-message and multi-receiver heterogeneous signcryption scheme for ad-hoc networks

ABSTRACTSecurity is a significant issue for ad-hoc networks. Heterogeneous signcryption schemes proposed in recent years satisfy privacy and authentication of messages and reduce cost of computation and communication in a logical step. In this article, we present a new efficient heterogeneous signcryption scheme that shifts between the public key infrastructure (PKI) and the identity-based cryptosystem (IBC). The proposed scheme is suitable for broadcast communication conditions in which senders can signcrypt multiple messages for multiple receivers simultaneously in the ad-hoc networks. This scheme is proved to satisfy confidentiality and unforgeability on the basis of the assumptions of bilinear Diffie-Hellman problem (BDHP), q-Diffie-Hellman inversion problem (q-DHIP), q-bilinear Diffie-Hellman inversion problem (q-BDHIP), and computational Diffie-Hellman problem (CDHP) in the random oracle model. We discuss the efficiency of our scheme theoretically. In the efficiency analysis phase, we show that our scheme is practical and efficient. In the performance analysis phase, we present additional tests, data, and explanations to prove that our scheme can be applied in ad-hoc networks. Finally, we apply our scheme to a simulated ad-hoc network.

IMPLEMENTING CLOUD REVOCATION AUTHORITY WITH IDENTITY BASED ENCRYPTION AND ITS APPLICATIONS

Identity-based encryption(IBE) is a public key cryptosystem(encoding and decoding) and eliminates the demands of public key infrastructure(PKI) and certificate administration in conventional public key settings. Due to the absence of PKI, the revocation problem is a critical issue in IBE settings. Several revocable IBE schemes have been proposed regarding this issue. Quite recently, by embedding an outsourcing computation technique into IBE, a revocable IBE scheme with a key-update cloud service provider (KU-CSP) was proposed.However, their scheme has two shortcomings. One is that the computation and communication costs are higher than previous revocable IBE schemes. The other shortcoming is lack of scalability in the sense that the KU-CSP must keep a secret value for each user. In the article, we propose a new revocable IBE scheme with a cloud revocation authority (CRA) to solve the two shortcomings namely, the performance is significantly improved and the CRA holds only a system secret for all the users. For security analysis, we demonstrate that the proposed scheme is semantically secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. Finally,we extend the proposed revocable IBE scheme to present a CRA-aided authentication scheme with period-limited privileges for managing a large number of various cloud services.

Related-key secure key encapsulation from extended computational bilinear Diffie–Hellman

As a special type of fault injection attacks, Related-Key Attacks (RKAs) allow an adversary to manipulate a cryptographic key and subsequently observe the outcomes of the cryptographic scheme under these modified keys. In the real life, related-key attacks are already practical enough to be implemented on cryptographic devices. To avoid cryptographic devices suffering from related-key attacks, it is necessary to design a cryptographic scheme that resists against such attacks. This paper proposes an efficient RKA-secure Key Encapsulation Mechanism (KEM), in which the adversary can modify the secret key sk to any value f(sk), as long as, f is a polynomial function of a bounded degree d. Especially, the polynomial-RKA security can be reduced to a hard search problem, namely d-extended computational Bilinear Diffie-Hellman (BDH) problem, in the standard model. Our construction essentially refines the security of Haralambiev et al.’s BDH-based KEM scheme from chosen-ciphertext security to related-key security. The main technique applied in our scheme is the re-computation of the public key in the decryption algorithm so that any (non-trivial) modification to the secret key can be detected.

An efficient signcryption for data access control in cloud computing

Data storage is one of main services in cloud computing. How to ensure the confidentiality and authorized access of data is the central issue of data storage. In this paper, we propose a novel data access control scheme that can simultaneously achieve confidentiality and authentication for cloud computing. In this scheme, users store encrypted data in the cloud. When a user wants to access the data, the data owner delegates the cloud to re-encrypt the data and only the authorized user can decrypt the data. The cloud can not get any plaintext information about the data. In addition, the authorized user can verify the integrity and authentication of the data. We realize the data access control scheme by proposing an identity-based signcryption (IBSC) scheme with proxy re-encryption. We prove that the IBSC scheme has the indistinguishability against adaptive chosen ciphertext attack under the decisional bilinear Diffie-Hellman problem and existential unforgeability against adaptive chosen message attack under the computational Diffie-Hellman problem in the random oracle model.

SIBSC: Separable Identity-Based Signcryption for Resource-Constrained Devices

To provide better overall performance, identity (ID)-based signcryption (IBSC) has been constructed by combining ID-based signature (IBS) and ID-based encryption (IBE) in a secure manner. Undoubtedly, the IBSC fulfills the authentication and the confidentiality by signature and encryption, respectively. All the previously proposed IBSC schemes are inseparable in the sense that the two-layer sign-then-encrypt procedure must be performed only by the same entity. However, the entities, such as wireless sensors and smart cards, are resource-constrained and become time consuming in executing the two-layer sign-then-encrypt procedure. Nowadays, the usage of mobile cloud computing is gaining expanding interest which provides scalable and virtualized services over the Internet or wireless networks while users with resource-constrained devices can enjoy the advantages of mobile cloud computing environments. Hence, we aim to reduce the computational cost for resource-constrained devices by employing a third party. In this article, we present the first separable ID-based signcryption (SIBSC) scheme in which the signing and encrypting layers are performed by the device and a third party, respectively. Under the computation Diffie–Hellman (CDH) and bilinear Diffie–Hellman (BDH) assumptions, we demonstrate that the proposed SIBSC scheme offers the provable security of authentication and confidentiality while retaining communication performance.

Key-Policy Attribute-Based Encryption With Equality Test in Cloud Computing

The privacy of users must be considered as the utmost priority in distributed networks. To protect the identities of users, attribute-based encryption (ABE) was presented by Sahai et al. ABE has been widely used in many scenarios, particularly in cloud computing. In this paper, public key encryption with equality test is concatenated with key-policy ABE (KP-ABE) to present KP-ABE with equality test (KP-ABEwET). The proposed scheme not only offers fine-grained authorization of ciphertexts but also protects the identities of users. In contrast to ABE with keyword search, KP-ABEwET can test whether the ciphertexts encrypted by different public keys contain the same information. Moreover, the authorization process of the presented scheme is more flexible than that of Ma et al. ’s scheme. Furthermore, the proposed scheme achieves one-way against chosen-ciphertext attack based on the bilinear Diffie-Hellman (BDH) assumption. In addition, a new computational problem called the twin-decision BDH problem (tDBDH) is proposed in this paper. tDBDH is proved to be as hard as the decisional BDH problem. Finally, for the first time, the security model of authorization is provided, and the security of authorization based on the tDBDH assumption is proven in the random oracle model.

Computational Soundness of Asymmetric Bilinear Pairing-Based Protocols

Asymmetric bilinear maps using Type-3 pairings are known to be advantageous in several points (e.g., the speed and the size of a group element) to symmetric bilinear maps using Type-1 pairings. Kremer and Mazare introduce a symbolic model to analyze protocols based on bilinear maps, and show that the symbolic model is computationally sound. However, their model only covers symmetric bilinear maps. In this paper, we propose a new symbolic model to capture asymmetric bilinear maps. Our model allows us to analyze security of various protocols based on asymmetric bilinear maps (e.g., Scott’s client-server ID-based key exchange). Also, we show computational soundness of our symbolic model under the decisional bilinear Diffie-Hellman assumption.