Decisional Linear Assumption Research Articles

A logarithmic-sized accountable ring signature scheme in the standard model

Ring signature and group signature are two major cryptographic primitives providing users anonymity and authentication simultaneously. While both primitives enable any user to sign messages as a member of a set of users, the feature of ring signature is that a signer can choose a group in an ad-hoc manner, which is called a ring, by itself. Conversely, in group signature, a group membership is managed by some trusted third party, which is called a group manager, and an (appropriate) accountability is provided for the group manager to identify illegal anonymous signers. Accountable ring signature (ARS) is a cryptographic primitive combining the features of ring signature and group signature. ARS allows signers to choose their groups (rings) in an ad-hoc manner, and at the same time, maintain accountability by forcing them to select a designated opener who can identify them.In this paper, we propose the first ARS scheme with O(log⁡n) signature size in the standard model (without depending on the random oracle methodology), where n is the size of a ring. More precisely, we propose a new generic construction of ARS based on (standard) signature, (standard) public key encryption, non-interactive zero-knowledge proof system, somewhere perfectly binding hash function, and public key encryption with non-interactive opening. All building blocks for our ARS scheme can be obtained under the decisional linear (DLIN) assumption over bilinear groups.

FABRIC: Fast and Secure Unbounded Cross-System Encrypted Data Sharing in Cloud Computing

Existing proxy re-encryption (PRE) schemes to secure cloud data sharing raise challenges such as supporting the heterogeneous system efficiently and achieving the unbounded feature. To address this problem, we proposed a fast and secure unbounded cross-domain proxy re-encryption scheme, named FABRIC, which enables the delegator to authorize the semi-trusted cloud server to convert one ciphertext of an identity-based encryption (IBE) scheme to another ciphertext of an attribute-based encryption (ABE) scheme. As the first scheme to achieve the feature mentioned above, FABRIC not only enjoys constant computation overhead in the encryption, decryption, and re-encryption phases when the quantity of attributes increases, but is also unbounded such that the new attributes or roles could be adopted into the system anytime. Furthermore, FABRIC achieves adaptive security under the decisional linear assumption (DLIN). Eventually, detailed theoretical and experimental analysis proved that FABRIC enjoys excellent performance in efficiency and practicality in the cloud computing scenario.

Scalable and Revocable Attribute-Based Data Sharing With Short Revocation List for IIoT

The cooperative works between connected smart devices in the Industrial Internet of Things (IIoT) have greatly made the growth in productivity and economics for the conventional industry. However, due to the introduction of the communication network, the budding IIoT also confronts the unprecedented cyber threats. To prevent the data from being intercepted by malicious intruders, we propose an efficient and fully secure data sharing work with a short revocation list (DS-SRL) for IIoT. The DS-SRL not only enables flexible access control to the massive data in IIoT but also provides a direct revocation approach for handling the potential issues of key disclosure and membership expiring in application scenarios. Particularly, compared with existing directly revocable ABE works, the revocation list in the DS-SRL scheme will keep constant size even with the increasing number of users. Thus, the consumption for computing and disseminating the revoke-related part of ciphertext are low. This resource-saving merit makes our DS-SRL scheme suitable for IIoT where the smart devices are weak in the ability of both processing and storage. The DS-SRL works without boundary such that the public parameters involved in the system require no predefinitions and can be dynamically adjusted after deployment. Furthermore, the proposed DS-SRL work is demonstrated to be fully secure under the decisional linear assumption. Hence, it owns high flexibility, scalability, and security, which are essential and desirable in real-life applications. Finally, the superior feasibility, efficiency, as well as effectiveness of our DS-SRL work are fairly confirmed by the detailed performance evaluation.

Unbounded and Efficient Revocable Attribute-Based Encryption With Adaptive Security for Cloud-Assisted Internet of Things

Existing attribute-based encryption (ABE) schemes with revocation to secure the cloud-assisted Internet of Things (IoTs) raise challenges, such as eliminating the need for predefined public parameters in system initialization, performing the encryption and decryption operations efficiently, and achieving adaptive security under standard security assumption. In this article, we address these challenges by proposing an unbounded and efficient revocable ABE scheme with adaptive security for cloud-assisted IoTs. Distinct from the previous approaches in this field, our scheme not only efficiently realizes access control over encrypted data in a fine-grained and revocable way but also is proved to be adaptively secure under standard decision linear assumption. Meanwhile, the parameters do not need to be predefined in the system initialization and thus, our scheme satisfies the unbounded property. Moreover, the monotonic span program (MSP) is elegantly utilized as the access structure to reduce the number of bilinear pairing and exponentiation operations for encryption and decryption. Theoretical performance analysis and experiment evaluation disclose that our proposed scheme owns outstanding feasibility, efficiency, and effectiveness.

Tightly secure ring signatures in the standard model

Ring signatures allow a user to sign messages as a member of a set of users, which is called the ring. This primitive ensures that nobody can detect which member in the ring signs the message. Libert, Peters, and Qian (2018) [24] proposed the first tightly secure ring signature scheme with O(log⁡n) signature size in the random oracle model, where n is the size of a ring. To our knowledge, a tightly secure ring signature scheme has never been reported without depending on the random oracle methodology. In this paper, we propose two generic constructions of tightly secure ring signatures in the standard model. Our first (resp., second) construction is secure in the common reference string model (resp., the plain model). Both of our constructions are secure under the decisional linear assumption over the pairing groups. Our first generic construction has a more efficient instantiation than our second one. While our second generic construction does not have an efficient instantiation, its signature size achieves O(log⁡n) asymptotically, which is the same as one of the Libert et al.'s scheme.

Obfuscating encrypted threshold signature algorithm and its applications in cloud computing.

Current cloud computing causes serious restrictions to safeguarding users’ data privacy. Since users’ sensitive data is submitted in unencrypted forms to remote machines possessed and operated by untrusted service providers, users’ sensitive data may be leaked by service providers. Program obfuscation shows the unique advantages that it can provide for cloud computing. In this paper, we construct an encrypted threshold signature functionality, which can outsource the threshold signing rights of users to cloud server securely by applying obfuscation, while revealing no more sensitive information. The obfuscator is proven to satisfy the average case virtual black box property and existentially unforgeable under the decisional linear (DLIN) assumption and computational Diffie-Hellman (CDH) assumption in the standard model. Moreover, we implement our scheme using the Java pairing-based cryptography library on a laptop.

Efficient functional encryption for inner product with simulation-based security

Functional encryption (FE) is a novel paradigm for encryption scheme which allows tremendous flexibility in accessing encrypted information. In FE, a user can learn specific function of encrypted messages by restricted functional key and reveal nothing else about the messages. Inner product encryption (IPE) is a special type of functional encryption where the decryption algorithm, given a ciphertext related to a vector x and a secret key related to a vector y, computes the inner product x·y. In this paper, we construct an efficient private-key functional encryption (FE) for inner product with simulation-based security, which is much stronger than indistinguishability-based security, under the External Decisional Linear assumption in the standard model. Compared with the existing schemes, our construction is faster in encryption and decryption, and the master secret key, secret keys and ciphertexts are shorter.

Efficient Attribute-Based Signatures for Unbounded Arithmetic Branching Programs

This paper presents the first attribute-based signature (ABS) scheme in which the correspondence between signers and signatures is captured in an arithmetic model of computation. Specifically, we design a fully secure, i.e., adaptively unforgeable and perfectly signer-private ABS scheme for signing policies realizable by arithmetic branching programs (ABP), which are a quite expressive model of arithmetic computations. On a more positive note, the proposed scheme places no bound on the size and input length of the supported signing policy ABP’s, and at the same time, supports the use of an input attribute for an arbitrary number of times inside a signing policy ABP, i.e., the so called unbounded multi-use of attributes. The size of our public parameters is constant with respect to the sizes of the signing attribute vectors and signing policies available in the system. The construction is built in (asymmetric) bilinear groups of prime order, and its unforgeability is derived in the standard model under (asymmetric version of) the well-studied decisional linear (DLIN) assumption coupled with the existence of standard collision resistant hash functions. Due to the use of the arithmetic model as opposed to the boolean one, our ABS scheme not only excels significantly over the existing state-of-the-art constructions in terms of concrete efficiency, but also achieves improved applicability in various practical scenarios. Our principal technical contributions are (a) extending and refining the techniques of Okamoto and Takashima [PKC 2011, PKC 2013], which were originally developed in the context of boolean span programs, to the arithmetic setting; and (b) innovating new ideas to allow unbounded multi-use of attributes inside ABP’s, which themselves are of unbounded size and input length.

A Fully Secure KP-ABE Scheme on Prime-Order Bilinear Groups through Selective Techniques

Key-policy attribute-based encryption (KP-ABE) is the cryptographic primitive which enables fine grained access control while still providing end-to-end encryption. Although traditional encryption schemes can provide end-to-end encryption, users have to either share the same decryption keys or the data have to be stored in multiple instances which are encrypted with different keys. Both of these options are undesirable. However, KP-ABE can provide less key overhead compared to the traditional encryption schemes. While there are a lot of KP-ABE schemes, none of them simultaneously supports multiuse of attributes, adaptive security, monotone span programs, and static security assumption. Hence, we propose a fully secure KP-ABE scheme for monotone span programs in prime-order group. This scheme uses selective security proof techniques to obtain the requisite ingredients for full security proof. This strengthens the correlation between selective and full security models and enables the transition of the best qualities in selective security models to fully secure systems. The security proof is based on decisional linear assumption and three-party Diffie–Hellman assumption.

Secure Fine-Grained Keyword Search With Efficient User Revocation and Traitor Tracing in the Cloud

Fine-grained searching is an important feature in multi-user cloud environment and a combination of attribute-based encryption (ABE) and searchable encryption (SE) is used to facilitate it. This combination provides a powerful tool where multiple data owners can share their data with multiple data users in an independent and differential manner. In this article, the authors have used key-policy design framework of attribute-based encryption to construct the multi-keyword search scheme where access rights assigned to a data user are associated with his/her secret key. This leads to a situation where a data user can abuse his secret key to distribute it illegally to the unauthorized users to perform search over the shared data which is not intended for him/her. Therefore, to track such kind of key abusers the authors have embedded an extra functionality of tracing the traitors. For this purpose, each user is assigned a unique identity in the form of binary string where each bit represents an attribute related to his identity. In addition to the normal attributes, the access structure of a user also possesses identity-related attributes which are hidden from the user along with some normal attributes. Hence, the proposed scheme supports partial anonymity. Further, in the event of user revocation the proposed scheme efficiently handles the system update process by delegating the computationally intensive tasks to the cloud server. Finally, the proposed scheme is proved secure under Decisional Bilinear Diffie-Hellman (DBDH) assumption and decision linear assumption in the selective security model.

Adaptively Simulation-Secure Attribute-Hiding Predicate Encryption

This paper demonstrates how to achieve simulation-based strong attribute hiding against adaptive adversaries for predicate encryption (PE) schemes supporting expressive predicate families under standard computational assumptions in bilinear groups. Our main result is a simulation-based adaptively strongly partially-hiding PE (PHPE) scheme for predicates computing arithmetic branching programs (ABP) on public attributes, followed by an inner-product predicate on private attributes. This simultaneously generalizes attribute-based encryption (ABE) for boolean formulas and ABP's as well as strongly attribute-hiding PE schemes for inner products. The proposed scheme is proven secure for any a priori bounded number of ciphertexts and an unbounded (polynomial) number of decryption keys, which is the best possible in the simulation-based adaptive security framework. This directly implies that our construction also achieves indistinguishability-based strongly partially-hiding security against adversaries requesting an unbounded (polynomial) number of ciphertexts and decryption keys. The security of the proposed scheme is derived under (asymmetric version of) the well-studied decisional linear (DLIN) assumption. Our work resolves an open problem posed by Wee in TCC 2017, where his result was limited to the semi-adaptive setting. Moreover, our result advances the current state of the art in both the fields of simulation-based and indistinguishability-based strongly attribute-hiding PE schemes. Our main technical contribution lies in extending the strong attribute hiding methodology of Okamoto and Takashima [EUROCRYPT 2012, ASIACRYPT 2012] to the framework of simulation-based security and beyond inner products.

Expressive Attribute-Based Encryption with Constant-Size Ciphertexts from the Decisional Linear Assumption

We propose a key-policy attribute-based encryption (KP-ABE) scheme with constant-size ciphertexts, whose selective security is proven under the decisional linear (DLIN) assumption in the standard model. The proposed scheme also has semi-adaptively security, which is a recently proposed notion of security. The access structure is expressive, that is given by non-monotone span programs. It also has fast decryption, i.e., a decryption includes only a constant number of pairing operations. As an application of our KP-ABE construction, we also propose a fully secure attribute-based signatures with constant-size secret (signing) keys from the DLIN. For achieving the above results, we employ a hierarchical reduction technique on dual pairing vector spaces and a modified form of pairwise independence lemma specific to our proposed schemes.

Decentralized Attribute-Based Encryption and Signatures

This paper presents decentralized multi-authority attribute-based encryption and signature (DMA-ABE and DMA-ABS) schemes, in which no central authority exists and no global coordination is required except for the setting of a parameter for a prime order bilinear group and a hash function, which can be available from public documents, e.g., ISO and FIPS official documents. In the proposed DMA-ABE and DMA-ABS schemes, every process can be executed in a fully decentralized manner; any party can become an authority and issue a piece for a secret key to a user without interacting with any other party, and each user obtains a piece of his/her secret key from the associated authority without interacting with any other party. While enjoying such fully decentralized processes, the proposed schemes are still secure against collusion attacks, i.e., multiple pieces issued to a user by different authorities can form a collusion resistant secret key, composed of these pieces, of the user. The proposed ABE scheme is the first DMA-ABE for non-monotone relations (and more general relations), which is adaptively secure under the decisional linear (DLIN) assumption in the random oracle model. This paper also proposes the first DMA-ABS scheme for non-monotone relations (and more general relations), which is fully secure, adaptive-predicate unforgeable and perfect private, under the DLIN assumption in the random oracle model. DMA-ABS is a generalized notion of ring signatures. The efficiency of the proposed DMA-ABE and DMA-ABS schemes is comparable to those of the existing practical ABE and ABS schemes with comparable relations and security.

Efficient authentication protocol with anonymity and key protection for mobile Internet users

To preserve user privacy and guarantee data confidentiality on the mobile Internet, it is crucial to secure communication between the mobile devices held by users and a remote server. In real applications, a serious threat against communication security is exposure of secret keys, due to the compromise of the mobile devices storing the key. One method of preserving key exposure is to use protected hardware or smart-cards, but they are costly and impractical. Another method is to utilize secret sharing to share secret key across multiple devices. Nevertheless, secret sharing schemes guarantee security only if the adversary cannot access at least one share in its entirety. In this paper, we present a remote authentication protocol, which resists key exposure. Further, we present a zero-knowledge protocol based on SDH assumption that can achieve anonymity. We formally prove our proposed solution is secure under the decision linear assumption and the qs-mSDH assumption in the random oracle model. Finally, we show our solution can achieve higher efficiency and stronger anonymity comparing with existing schemes, and thus the proposed solution is more suitable for real-world environments.

Improving Security and Privacy Attribute Based Data Sharing in Cloud Computing

Data sharing is a convenient and economic service supplied by cloud computing. Data contents privacy also emerges from it since the data is outsourced to some cloud servers. To protect the valuable and sensitive information, various techniques are used to enhance access control on the shared data. In these techniques, Ciphertext-policy attribute-based encryption (CP-ABE) can make it more convenient and secure. Traditional CP-ABE focuses on data confidentiality merely, while the user's personal privacy protection is an important issue at present. CP-ABE with hidden access policy ensures data confidentiality and guarantees that user's privacy is not revealed as well. However, most of the existing schemes are inefficient in communication overhead and computation cost. Moreover, most of those works take no consideration about authority verification or the problem of privacy leakage in authority verification phase. To tackle the problems mentioned above, a privacy preserving CP-ABE scheme with efficient authority verification is introduced in this paper. Additionally, the secret keys of it achieve constant size. Meanwhile, the proposed scheme achieves the selective security under the decisional $n$ -BDHE problem and decisional linear assumption. The computational results confirm the merits of the presented scheme.

An efficient KP design framework of attribute‐based searchable encryption for user level revocation in cloud

SummaryAttribute‐based searchable encryption (ABSE) is the combination of attribute‐based encryption (ABE) and searchable encryption with the inherent benefits of fine‐grained access control and expressive searching capabilities in multiuser setting. In this paper, we have used the key‐policy (KP) design framework of ABE and named the scheme KP‐ABSE. The proposed KP‐ABSE scheme efficiently supports user revocation where the computationally intensive tasks are delegated to the cloud server. Furthermore, the proposed scheme generates constant‐size user secret keys and trapdoors and has constant number of pairing operations, which in other schemes typically varies with the number of attributes associated with them. Thus, the proposed scheme reduces computational and storage costs and supports fast searching. Finally, the proposed scheme can be proven secure under a decision linear assumption in a selective security model.

CCA-Secure Deterministic Identity-Based Encryption Scheme

Deterministic public-key encryption, encrypting a plaintext into a unique ciphertext without involving any randomness, was introduced by Bellare, Boldyreva, and O'Neill (CRYPTO 2007) as a realistic alternative to some inherent drawbacks in randomized public-key encryption. Bellare, Kiltz, Peikert and Waters (EUROCRYPT 2012) bring deterministic public-key encryption to the identity-based setting, and propose deterministic identity-based encryption scheme (DIBE). Although the construc- tions of chosen plaintext attack (CPA) secure DIBE scheme have been studied intensively, the construction of chosen ciphertext attack (CCA) secure DIBE scheme is still challenging problems. In this paper, we introduce the notion of identity-based all-but-one trapdoor functions (IB-ABO-TDF), which is an extension version of all-but-one lossy trapdoor function in the public-key setting. We give a instantiation of IB-ABO-TDF under decisional linear assumption. Based on an identity-based lossy trapdoor function and our IB-ABO-TDF, we present a generic construction of CCA-secure DIBE scheme.

Fully Secure Functional Encryption with a Large Class of Relations from the Decisional Linear Assumption

This paper presents a fully secure (adaptively secure) practical functional encryption scheme for a large class of relations, that are specified by non-monotone access structures combined with inner-product relations. The security is proven under a standard assumption, the decisional linear assumption, in the standard model. Our scheme is constructed on the concept of dual pairing vector spaces and a hierarchical reduction technique on this concept is employed for the security proof. The proposed functional encryption scheme covers, as special cases, (1) key-policy, ciphertext-policy and unified-policy attribute-based encryption with non-monotone access structures, (2) (hierarchical) attribute-hiding functional encryption with inner-product relations and functional encryption with nonzero inner-product relations and (3) spatial encryption and a more general class of encryption than spatial encryption.

Improved Construction for Inner Product Functional Encryption

Functional encryption (FE) is a vast new paradigm for encryption scheme which allows tremendous flexibility in accessing encrypted data. In a FE scheme, a user can learn specific function of encrypted messages by restricted functional key and reveals nothing else about the messages. Besides the standard notion of data privacy in FE, it should protect the privacy of the function itself which is also crucial for practical applications. In this paper, we construct a secret key FE scheme for the inner product functionality using asymmetric bilinear pairing groups of prime order. Compared with the existing similar schemes, our construction reduces both necessary storage and computational complexity by a factor of 2 or more. It achieves simulation-based security, security strength which is higher than that of indistinguishability-based security, against adversaries who get hold of an unbounded number of ciphertext queries and adaptive secret key queries under the External Decisional Linear (XDLIN) assumption in the standard model. In addition, we implement the secret key inner product scheme and compare the performance with the similar schemes.

Identity-Based Private Matching over Outsourced Encrypted Datasets

With wide use of cloud computing and storage services, sensitive information is increasingly centralized into the cloud to reduce the management costs, which raises concerns about data privacy. Encryption is a promising way to maintain the confidentiality of outsourced sensitive data, but it makes effective data utilization to be a very challenging task. In this paper, we focus on the problem of private matching over outsourced encrypted datasets in identity-based cryptosystem that can simplify the certificate management. To solve this problem, we propose an Identity-Based Private Matching scheme ( $\mathsf{IBPM}$ ), which realizes fine-grained authorization that enables the privileged cloud server to perform private matching operations without leaking any private data. We present the rigorous security proof under the Decisional Linear Assumption and Decisional Bilinear Diffie-Hellman Assumption. Furthermore, through the analysis of the asymptotic complexity and the experimental evaluation, we verify that the cost of our $\mathsf{IBPM}$ scheme is linear to the size of the dataset and it is more efficient than the existing work of Zheng and Xu [30] . Finally, we apply our $\mathsf{IBPM}$ scheme to build two efficient schemes, including identity-based fuzzy private matching as well as identity-based multi-keyword fuzzy search.