Showing papers on "Plaintext published in 2013"
TL;DR: This paper gives the formal model of ABE with verifiable outsourced decryption and proposes a concrete scheme that is both secure and verifiable, without relying on random oracles and shows an implementation of the scheme and result of performance measurements, which indicates a significant reduction on computing resources imposed on users.
Abstract: Attribute-based encryption (ABE) is a public-key-based one-to-many encryption that allows users to encrypt and decrypt data based on user attributes. A promising application of ABE is flexible access control of encrypted data stored in the cloud, using access polices and ascribed attributes associated with private keys and ciphertexts. One of the main efficiency drawbacks of the existing ABE schemes is that decryption involves expensive pairing operations and the number of such operations grows with the complexity of the access policy. Recently, Green et al. proposed an ABE system with outsourced decryption that largely eliminates the decryption overhead for users. In such a system, a user provides an untrusted server, say a cloud service provider, with a transformation key that allows the cloud to translate any ABE ciphertext satisfied by that user's attributes or access policy into a simple ciphertext, and it only incurs a small computational overhead for the user to recover the plaintext from the transformed ciphertext. Security of an ABE system with outsourced decryption ensures that an adversary (including a malicious cloud) will not be able to learn anything about the encrypted message; however, it does not guarantee the correctness of the transformation done by the cloud. In this paper, we consider a new requirement of ABE with outsourced decryption: verifiability. Informally, verifiability guarantees that a user can efficiently check if the transformation is done correctly. We give the formal model of ABE with verifiable outsourced decryption and propose a concrete scheme. We prove that our new scheme is both secure and verifiable, without relying on random oracles. Finally, we show an implementation of our scheme and result of performance measurements, which indicates a significant reduction on computing resources imposed on users.
498 citations
Proceedings Article•
14 Aug 2013TL;DR: In this article, the authors propose an architecture that provides secure deduplicated storage resisting brute-force attacks, and realize it in a system called DupLESS, where clients encrypt under message-based keys obtained from a key-server via an oblivious PRF protocol.
Abstract: Cloud storage service providers such as Dropbox, Mozy, and others perform deduplication to save space by only storing one copy of each file uploaded. Should clients conventionally encrypt their files, however, savings are lost. Message-locked encryption (the most prominent manifestation of which is convergent encryption) resolves this tension. However it is inherently subject to brute-force attacks that can recover files falling into a known set. We propose an architecture that provides secure deduplicated storage resisting brute-force attacks, and realize it in a system called DupLESS. In DupLESS, clients encrypt under message-based keys obtained from a key-server via an oblivious PRF protocol. It enables clients to store encrypted data with an existing service, have the service perform deduplication on their behalf, and yet achieves strong confidentiality guarantees. We show that encryption for deduplicated storage can achieve performance and space savings close to that of using the storage service with plaintext data.
485 citations
19 May 2013
TL;DR: The first order-preserving scheme that achieves ideal security was proposed in this article, where the ciphertexts for a small number of plaintext values change over time, and it was shown that mutable ciphertext is needed for ideal security.
Abstract: Order-preserving encryption - an encryption scheme where the sort order of ciphertexts matches the sort order of the corresponding plaintexts - allows databases and other applications to process queries involving order over encrypted data efficiently. The ideal security guarantee for order-preserving encryption put forth in the literature is for the ciphertexts to reveal no information about the plaintexts besides order. Even though more than a dozen schemes were proposed, all these schemes leak more information than order. This paper presents the first order-preserving scheme that achieves ideal security. Our main technique is mutable ciphertexts, meaning that over time, the ciphertexts for a small number of plaintext values change, and we prove that mutable ciphertexts are needed for ideal security. Our resulting protocol is interactive, with a small number of interactions. We implemented our scheme and evaluated it on microbenchmarks and in the context of an encrypted MySQL database application. We show that in addition to providing ideal security, our scheme achieves 1 - 2 orders of magnitude higher performance than the state-of-the-art order-preserving encryption scheme, which is less secure than our scheme.
463 citations
8 Apr 2013
TL;DR: New SNN methods are designed, which provide customizable tradeoff between efficiency and communication cost, and are as secure as the encryption scheme E used to encrypt the query and the database, where E can be any well-established encryption schemes.
Abstract: In this paper, we investigate the secure nearest neighbor (SNN) problem, in which a client issues an encrypted query point E(q) to a cloud service provider and asks for an encrypted data point in E(D) (the encrypted database) that is closest to the query point, without allowing the server to learn the plaintexts of the data or the query (and its result). We show that efficient attacks exist for existing SNN methods [21], [15], even though they were claimed to be secure in standard security models (such as indistinguishability under chosen plaintext or ciphertext attacks). We also establish a relationship between the SNN problem and the order-preserving encryption (OPE) problem from the cryptography field [6], [5], and we show that SNN is at least as hard as OPE. Since it is impossible to construct secure OPE schemes in standard security models [6], [5], our results imply that one cannot expect to find the exact (encrypted) nearest neighbor based on only E(q) and E(D). Given this hardness result, we design new SNN methods by asking the server, given only E(q) and E(D), to return a relevant (encrypted) partition E(G) from E(D) (i.e., G ⊆ D), such that that E(G) is guaranteed to contain the answer for the SNN query. Our methods provide customizable tradeoff between efficiency and communication cost, and they are as secure as the encryption scheme E used to encrypt the query and the database, where E can be any well-established encryption schemes.
269 citations
9 Sep 2013
TL;DR: Li et al. as discussed by the authors proposed CP-ABPRE with attribute-based re-encryption with any monotonic access structure, which is proved CCA secure under the decisional q-parallel bilinear Diffie-Hellman exponent assumption.
Abstract: Cipher text-Policy Attribute-Based Proxy Re-Encryption (CP-ABPRE) extends the traditional Proxy Re-Encryption (PRE) by allowing a semi-trusted proxy to transform a cipher text under an access policy to the one with the same plaintext under another access policy (i.e. attribute-based re-encryption). The proxy, however, learns nothing about the underlying plaintext. CP-ABPRE has many real world applications, such as fine-grained access control in cloud storage systems and medical records sharing among different hospitals. Previous CP-ABPRE schemes leave how to be secure against Chosen-Cipher text Attacks (CCA) as an open problem. This paper, for the first time, proposes a new CP-ABPRE to tackle the problem. The new scheme supports attribute-based re-encryption with any monotonic access structures. Despite our scheme is constructed in the random oracle model, it can be proved CCA secure under the decisional q-parallel bilinear Diffie-Hellman exponent assumption.
253 citations
4 Nov 2013
TL;DR: The OXT protocol is extended to support arbitrary boolean queries in all of the above models while withstanding adversarial non-colluding servers (D and E) and arbitrarily malicious clients, and while preserving the remarkable performance of the protocol.
Abstract: In the setting of searchable symmetric encryption (SSE), a data owner D outsources a database (or document/file collection) to a remote server E in encrypted form such that D can later search the collection at E while hiding information about the database and queries from E. Leakage to E is to be confined to well-defined forms of data-access and query patterns while preventing disclosure of explicit data and query plaintext values. Recently, Cash et al. presented a protocol, OXT, which can run arbitrary boolean queries in the SSE setting and which is remarkably efficient even for very large databases.In this paper we investigate a richer setting in which the data owner D outsources its data to a server E but D is now interested to allow clients (third parties) to search the database such that clients learn the information D authorizes them to learn but nothing else while E still does not learn about the data or queried values as in the basic SSE setting. Furthermore, motivated by a wide range of applications, we extend this model and requirements to a setting where, similarly to private information retrieval, the client's queried values need to be hidden also from the data owner D even though the latter still needs to authorize the query. Finally, we consider the scenario in which authorization can be enforced by the data owner D without D learning the policy, a setting that arises in court-issued search warrants.We extend the OXT protocol of Cash et al. to support arbitrary boolean queries in all of the above models while withstanding adversarial non-colluding servers (D and E) and arbitrarily malicious clients, and while preserving the remarkable performance of the protocol.
241 citations
26 Feb 2013
TL;DR: The Peikert-Vaikuntanathan-Waters (PVW) method of packing many plaintext elements in a single Regev-type ciphertext, can be used for performing SIMD homomorphic operations on packed ciphertext.
Abstract: In this short note we observe that the Peikert-Vaikuntanathan-Waters (PVW) method of packing many plaintext elements in a single Regev-type ciphertext, can be used for performing SIMD homomorphic operations on packed ciphertext. This provides an alternative to the Smart-Vercauteren (SV) ciphertext-packing technique that relies on polynomial-CRT. While the SV technique is only applicable to schemes that rely on ring-LWE (or other hardness assumptions in ideal lattices), the PVW method can be used also for cryptosystems whose security is based on standard LWE (or more broadly on the hardness of “General-LWE”).
207 citations
Proceedings Article•
14 Aug 2013TL;DR: C ciphertext-only plaintext recovery attacks against TLS when RC4 is selected for encryption are presented, building on recent advances in the statistical analysis of RC4, and on new findings announced in this paper.
Abstract: The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data in transit across untrusted networks. TLS has become the de facto protocol standard for secured Internet and mobile applications. TLS supports several symmetric encryption options, including a scheme based on the RC4 stream cipher. In this paper, we present ciphertext-only plaintext recovery attacks against TLS when RC4 is selected for encryption. Our attacks build on recent advances in the statistical analysis of RC4, and on new findings announced in this paper. Our results are supported by an experimental evaluation of the feasibility of the attacks. We also discuss countermeasures.
200 citations
1 Apr 2013
TL;DR: This paper presents a practical scheme which, advantageously, can accommodate large plaintext spaces, is efficient for both encryption and decryption/aggregation and can operate in an off-line/on-line mode.
Abstract: Suppose that a set of multiple users uploads in every time period encrypted values of some data. The considered problem is how an untrusted data aggregator can compute the sum of all users’ values but nothing more. A solution was recently given by Shi et al. (NDSS 2011). However, as advocated by the authors, the proposed encryption scheme suffers from some limitations. In particular, its usage is restricted to small plaintext spaces. This paper presents a practical scheme which, advantageously, can accommodate large plaintext spaces. Somewhat surprisingly, it comes with an efficient security reduction, regardless of the number of users. Furthermore, the proposed scheme requires a minimal number of interactions, is efficient for both encryption and decryption/aggregation and can operate in an off-line/on-line mode.
144 citations
Patent•
21 Nov 2013TL;DR: In this article, a decryption scheme for recover of a decrypted object without a cryptographic key is described, where first, logical operation(s) are conducted on data associated with a first data string expected at a first location within an object having the predetermined format and data within the encrypted object at the first location.
Abstract: A decryption scheme for recover of a decrypted object without a cryptographic key is described. First, logical operation(s) are conducted on data associated with a first data string expected at a first location within an object having the predetermined format and data within the encrypted object at the first location to recover data associated with a portion of a cryptographic key from the encrypted object. Thereafter, logical operation(s) are conducted on that data and a first portion of the encrypted object at a second location to produce a result. Responsive to the result including data associated with the plaintext version of the second data string, logical operation(s) are conducted on a second portion of the encrypted object and the data associated with the plaintext version of the second data string to recover data associated with the cryptographic key. Thereafter, the encrypted object may be decrypted using the cryptographic key.
134 citations
8 Apr 2013
TL;DR: The R̂-trees is presented, a hierarchical encrypted index that may be securely placed in the cloud, and searched efficiently, based on a mechanism the authors design for encrypted halfspace range queries in ℝd, using Asymmetric Scalar-product Preserving Encryption.
Abstract: We show how to execute range queries securely and efficiently on encrypted databases in the cloud. Current methods provide either security or efficiency, but not both. Many schemes even reveal the ordering of encrypted tuples, which, as we show, allows adversaries to estimate plaintext values accurately. We present the R-trees, a hierarchical encrypted index that may be securely placed in the cloud, and searched efficiently. It is based on a mechanism we design for encrypted halfspace range queries in ℝd, using Asymmetric Scalar-product Preserving Encryption. Data owners can tune the R-trees parameters to achieve desired security-efficiency tradeoffs. We also present extensive experiments to evaluate R-trees performance. Our results show that R-trees queries are efficient on encrypted databases, and reveal far less information than competing methods.
TL;DR: It is illustrated that the optical authentication operation with sparsity strategy can provide an additional security layer for the optical security system.
Abstract: We develop a phase-modulated optical system with sparse representation for information encoding and authentication The optical cryptosystem is developed with cascaded phase-only masks, and the plaintext is encoded into the cascaded phase-only masks based on an iterative phase retrieval algorithm during the encryption Two simple strategies are developed to generate sparse data: The sparse data are randomly generated from the extracted phase-only masks, and sparse data are randomly generated from the plaintext These two sparsity strategies are respectively used in the proposed optical security system, and the decrypted images cannot visually render information about the plaintext Optical authentication method is further applied to verify the decrypted images It is illustrated that the optical authentication operation with sparsity strategy can provide an additional security layer for the optical security system
TL;DR: Simulation results show that the proposed phase retrieval process has high convergence speed, and the encryption algorithm can avoid cross-talk; in addition, its encrypted capacity is considerably enhanced.
Abstract: A multiple-image encryption scheme is proposed based on the phase retrieval process and phase mask multiplexing in the fractional Fourier transform domain. First, each original gray-scale image is encoded into a phase only function by using the proposed phase retrieval process. Second, all the obtained phase functions are modulated into an interim, which is encrypted into the final ciphertext by using the fractional Fourier transform. From a plaintext image, a group of phase masks is generated in the encryption process. The corresponding decrypted image can be recovered from the ciphertext only with the correct phase mask group in the decryption process. Simulation results show that the proposed phase retrieval process has high convergence speed, and the encryption algorithm can avoid cross-talk; in addition, its encrypted capacity is considerably enhanced.
TL;DR: The proposed chaotic image encryption system, which is used frequency and time domain together, is more secure than most of single domain image encryption systems.
Abstract: We proposed an algorithm to encrypt an image in hybrid domain, frequency and time domains. The proposed method is a private key encryption system with two main units, chaotic phase-magnitude transformation unit and chaotic pixel substitution unit. Chaotic phase-magnitude transformation unit works in frequency domain and a 2-D DFT is performed on the plain image to change the domain. A chaotic function, the tent map, is used to generate the pseudo random image, which are combined with the plain image in frequency domain. Chaotic pixel substitution unit works in time domain Bernoulli map is applied to produce another pseudo random image that is mixing with the encrypted image nonlinearly. The performance of the proposed chaotic image encryption system is analysed using a computer simulation. The distribution of histogram of encrypted image is uniform. Chi-square value for encrypted image of our proposed method is considerably low. The MSE of the proposed encrypted image is big enough. The correlation coefficients of the proposed encrypted image in all three directions are sufficiently small. The total key length is large enough to resist the proposed system against any brute-force attack. The proposed scheme is robust against chosen plaintext attacks too. The proposed chaotic image encryption system, which is used frequency and time domain together, is more secure than most of single domain image encryption systems.
Posted Content•
TL;DR: COPE as mentioned in this paper is a parallelizable online authenticated cipher with nonce-misuse resistance, which performs two calls to the underlying block cipher per plaintext block and is fully parallelizable in both encryption and decryption.
Abstract: Online ciphers encrypt an arbitrary number of plaintext blocks and output ciphertext blocks which only depend on the preceding plaintext blocks. All online ciphers proposed so far are essentially serial, which significantly limits their performance on parallel architectures such as modern general-purpose CPUs or dedicated hardware. We propose the first parallelizable online cipher, COPE. It performs two calls to the underlying block cipher per plaintext block and is fully parallelizable in both encryption and decryption. COPE is proven secure against chosen-plaintext attacks assuming the underlying block cipher is a strong PRP. We then extend COPE to create COPA, the first parallelizable, online authenticated cipher with nonce-misuse resistance. COPA only requires two extra block cipher calls to provide integrity. The privacy and integrity of the scheme is proven secure assuming the underlying block cipher is a strong PRP. Our implementation with Intel AES-NI on a Sandy Bridge CPU architecture shows that both COPE and COPA are about 5 times faster than their closest competition: TC1, TC3, and McOE-G. This high factor of advantage emphasizes the paramount role of parallelizability on up-to-date computing platforms.
1 Jan 2013
TL;DR: These attacks build on recent advances in the statistical analysis of RC4, and on new ndings announced in this paper, and are supported by an experimental evaluation of the feasibility of the attacks.
Abstract: The Transport Layer Security (TLS) protocol aims to provide condentiality and integrity of data in transit across untrusted networks. TLS has become the de facto protocol standard for secured Internet and mobile applications. TLS supports several symmetric encryption options, including a scheme based on the RC4 stream cipher. In this paper, we present ciphertext-only plaintext recovery attacks against TLS when RC4 is selected for encryption. Variants of these attacks also apply to WPA, a prominent IEEE standard for wireless network encryption. Our attacks build on recent advances in the statistical analysis of RC4, and on new ndings announced in this paper. Our results are supported by an experimental evaluation of the feasibility of the attacks. We also discuss countermeasures.
TL;DR: This work presents a private face verification system that can be executed in the server without interaction, working with encrypted feature vectors for both the templates and the probe face, and opens the door to completely private and noninteractive outsourcing of face verification.
Abstract: Face recognition is one of the foremost applications in computer vision, which often involves sensitive signals; privacy concerns have been raised lately and tackled by several recent privacy-preserving face recognition approaches. Those systems either take advantage of information derived from the database templates or require several interaction rounds between client and server, so they cannot address outsourced scenarios. We present a private face verification system that can be executed in the server without interaction, working with encrypted feature vectors for both the templates and the probe face. We achieve this by combining two significant contributions: 1) a novel feature model for Gabor coefficients' magnitude driving a Lloyd-Max quantizer, used for reducing plaintext cardinality with no impact on performance; 2) an extension of a quasi-fully homomorphic encryption able to compute, without interaction, the soft scores of an SVM operating on quantized and encrypted parameters, features and templates. We evaluate the private verification system in terms of time and communication complexity, and in verification accuracy in widely known face databases (XM2VTS, FERET, and LFW). These contributions open the door to completely private and noninteractive outsourcing of face verification.
Posted Content•
TL;DR: Li et al. as discussed by the authors proposed CP-ABPRE with attribute-based re-encryption with any monotonic access structure and proved it secure under the decisional q-parallel bilinear Diffie-Hellman exponent assumption.
Abstract: Ciphertext-Policy Attribute-Based Proxy Re-Encryption (CP-ABPRE) extends the traditional Proxy Re-Encryption (PRE) by allowing a semi-trusted proxy to transform a ciphertext under an access policy to the one with the same plaintext under another access policy (i.e.attribute-based re-encryption). The proxy, however, learns nothing about the underlying plaintext. CP-ABPRE has many real world applications, such as fine-grained access control in cloud storage systems and medical records sharing among different hospitals. Previous CP-ABPRE schemes leave how to be secure against chosen-ciphertext attacks (CCA) as an open problem. This paper, for the first time, proposes a new CP-ABPRE to tackle the problem. The new scheme supports attribute-based re-encryption with any monotonic access structures. Despite our scheme is constructed in the random oracle model, it can be proved CCA secure under the decisional q-parallel bilinear Diffie-Hellman exponent assumption.
22 Jun 2013
TL;DR: In this demonstration the functionality of Cipherbase is outlined --- a full fledged SQL database system that supports the full generality of a database system while providing high data confidentiality.
Abstract: Data confidentiality is one of the main concerns for users of public cloud services. The key problem is protecting sensitive data from being accessed by cloud administrators who have root privileges and can remotely inspect the memory and disk contents of the cloud servers. While encryption is the basic mechanism that can leveraged to provide data confidentiality, providing an efficient database-as-a-service that can run on encrypted data raises several interesting challenges. In this demonstration we outline the functionality of Cipherbase --- a full fledged SQL database system that supports the full generality of a database system while providing high data confidentiality. Cipherbase has a novel architecture that tightly integrates custom-designed trusted hardware for performing operations on encrypted data securely such that an administrator cannot get access to any plaintext corresponding to sensitive data.
TL;DR: There is a fatal flaw in the proposed cryptosystem that the generated keystream remains unchanged when encrypting every image, and the plaintext could be recovered by applying chosen plaintext attack.
Abstract: Recently, a parallel sub-image encryption method with high-dimensional chaos has been proposed. But there is a fatal flaw in the cryptosystem that the generated keystream remains unchanged when encrypting every image. Based on this point, we could recover the plaintext by applying chosen plaintext attack. Therefore the proposed cryptosystem is not supposed to be used in image transmission system. Experimental results show the feasibility of our attack.
11 Mar 2013
TL;DR: Several new biases in the initial (1st to 257th) bytes of the RC4 keystream, which are substantially stronger than known biases are introduced, which enable a plaintext recovery attack using a strong bias set of initial bytes.
Abstract: This paper investigates the practical security of RC4 in broadcast setting where the same plaintext is encrypted with different user keys We introduce several new biases in the initial (1st to 257th) bytes of the RC4 keystream, which are substantially stronger than known biases Combining the new biases with the known ones, a cumulative list of strong biases in the first 257 bytes of the RC4 keystream is constructed We demonstrate a plaintext recovery attack using our strong bias set of initial bytes by the means of a computer experiment Almost all of the first 257 bytes of the plaintext can be recovered, with probability more than 08, using only \(2^{32}\) ciphertexts encrypted by randomly-chosen keys We also propose an efficient method to extract later bytes of the plaintext, after the 258th byte The proposed method exploits our bias set of first 257 bytes in conjunction with the digraph repetition bias proposed by Mantin in EUROCRYPT 2005, and sequentially recovers the later bytes of the plaintext after recovering the first 257 bytes Once the possible candidates for the first 257 bytes are obtained by our bias set, the later bytes can be recovered from about \(2^{34}\) ciphertexts with probability close to 1
TL;DR: The results demonstrate that the proposed phase retrieval algorithm possesses a rapid convergence rate during image decryption, and high security can be achieved in the proposed optical cryptosystem.
Abstract: Image encryption with optical means has attracted attention due to its inherent multidimensionality and degrees of freedom, including phase, amplitude, polarization, and wavelength. In this paper, we propose an optical encoding system based on multiple intensity samplings of the complex-amplitude wavefront with axial translation of the image sensor. The optical encoding system is developed based on a single optical path, where multiple diffraction patterns, i.e., ciphertexts, are sequentially recorded through the axial translation of a CCD camera. During image decryption, an iterative phase retrieval algorithm is proposed for extracting the plaintext from ciphertexts. The results demonstrate that the proposed phase retrieval algorithm possesses a rapid convergence rate during image decryption, and high security can be achieved in the proposed optical cryptosystem. In addition, other advantages of the proposed method, such as high robustness against ciphertext contaminations, are also analyzed.
25 Feb 2013
TL;DR: This is the first leakage-resilient CS-type cryptosystem whose plaintext length is independent of the key leakage parameter, and is also the most efficient IND-CCA2 PKE scheme resilient to up to logq−ω(logκ) leakage.
Abstract: Leakage-resilient public key encryption (PKE) schemes are designed to resist "memory attacks", i.e., the adversary recovers the cryptographic key in the memory adaptively, but subject to constraint that the total amount of leaked information about the key is bounded by some parameter λ. Among all the IND-CCA2 leakage-resilient PKE proposals, the leakage-resilient version of the Cramer-Shoup cryptosystem (CS-PKE), referred to as the KL-CS-PKE scheme proposed by Naor and Segev in Crypto09, is the most practical one. But, the key leakage parameter λ and plaintext length m of KL-CS-PKE are subject to λ+m≤logq−ω(logκ), where κ is security parameter and q is the prime order of the group on which the scheme is based. Such a dependence between λ and m is undesirable. For example, when λ (resp., m) approaches to logq, m (resp., λ) approaches to 0.
In this paper, we designed a new variant of CS-PKE that is resilient to key leakage chosen ciphertext attacks. Our proposal is λ≤logq−ω(logκ) leakage-resilient, and the leakage parameter λ is independent of the plaintext space that has the constant size q (exactly the same as that in CS-PKE). The performance of our proposal is almost as efficient as the original CS-PKE. As far as we know, this is the first leakage-resilient CS-type cryptosystem whose plaintext length is independent of the key leakage parameter, and is also the most efficient IND-CCA2 PKE scheme resilient to up to logq−ω(logκ) leakage.
TL;DR: Author modified the traditional Caesar cipher and fixed the key size as one and checked alphabet index to increase the value by one and if alphabet index is odd decrease the keyvalue by one.
Abstract: is the process of scrambling a message so that only the intended recipient can read it. With the fast progression of digital data exchange in electronic way, Information Security is becoming much more important in data storage and transmission. Caesar cipher is a mono alphabetic cipher. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter. In this paper, author modified the traditional Caesar cipher and fixed the key size as one. Another thing alphabet index is checked if the alphabet index is even then increase the value by one else alphabet index is odd decrease the key value by one. Encryption and scrambling of the letters in the Cipher Text.
25 Feb 2013
TL;DR: This paper presents a full CCA security definition for PRE, and proposes the first PRE scheme with this security in the standard model (i.e. without the random oracle idealization).
Abstract: Proxy re-encryption (PRE) realizes delegation of decryption rights, enabling a proxy holding a re-encryption key to convert a ciphertext originally intended for Alice into an encryption of the same message for Bob, and cannot learn anything about the encrypted plaintext. PRE is a very useful primitive, having many applications in distributed file systems, outsourced filtering of encrypted spam, access control over network storage, confidential email, digital right management, and so on. In CT-RSA2012, Hanaoka et al. proposed a chosen-ciphertext (CCA) security definition for PRE, and claimed that it is stronger than all the previous works. Their definition is a somewhat strengthened variant of the replayable-CCA one, however, it does not fully capture the CCA security notion. In this paper, we present a full CCA security definition which is extended from theirs. We then propose the first PRE scheme with this security in the standard model (i.e. without the random oracle idealization). Our scheme is efficient and relies on mild complexity assumptions in bilinear groups.
Patent•
26 Jun 2013
TL;DR: In this paper, a personal information encryption method in a logistics system based on two-dimensional codes is characterized by comprising the following steps that: step 1. object sending information is encrypted: the encryption is finished by senders, or collectors in the field, or objects are sent back to a logistics company and are encrypted; step 2. signing is carried out after receiving.
Abstract: The invention discloses a personal information encryption method in a logistics system based on two-dimensional codes. The personal information encryption method in the logistics system based on two-dimensional codes is characterized by comprising the following steps that: step 1. object sending information is encrypted: the encryption is finished by senders, or collectors in the field, or objects are sent back to a logistics company and are encrypted; step 2. object sending information is encrypted by utilizing a system public key of a logistics company, and encryption two-dimensional codes are generated and are printed; packages are packed, encryption two-dimensional codes are only reserved externally, and no plaintext information is reserved; and step 3. signing is carried out after receiving. According to the invention, two signing modes are selectable, one is a two-dimensional code signing mode, and the other one is a random code signing mode; and if the two-dimensional signing mode is adopted, a receiver needs to have an ID number and public and private key pairs in the system. The personal information encryption method in the logistics system based on two-dimensional codes provided by the invention has the advantages that the encryption and safety of the user private information are ensured; packages are protected from being falsely received by other people, and denying of receiving is avoided after signing; off-line check can be realized, network support is not required, and the application is much flexible; and identity theft is also avoided.
TL;DR: This paper presents an equally contributory multiparty k-means clustering protocol for vertically partitioned data, in which each party equally contributes to k-measures clustering.
Patent•
30 Apr 2013TL;DR: In this article, the authors proposed a method to securely synchronize passwords that are changed at a source location (e.g., an on-premises directory service) to a target location, so that the same credentials may be used to log into the source or target location without necessarily having each domain controller handle the synchronization.
Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.
3 Jun 2013
TL;DR: This work proposes an approach that assures the confidentiality of the messages being published and subscriptions being issued while allowing the brokers to make routing decisions without decrypting individual messages and subscriptions, and without learning the context.
Abstract: Modern pub/sub systems perform message routing based on the message content and allow subscribers to receive messages related to their subscriptions and the current context. Both content and context encode sensitive information which should be protected from third-party brokers that make routing decisions. In this work, we address this issue by proposing an approach that assures the confidentiality of the messages being published and subscriptions being issued while allowing the brokers to make routing decisions without decrypting individual messages and subscriptions, and without learning the context. Further, subscribers with a frequently changing context, such as location, are able to issue and update subscriptions without revealing the subscriptions in plaintext to the broker and without the need to contact a trusted third party for each subscription change resulting from a change in the context. Our approach is based on a modified version of the Paillier additive homomorphic cryptosystem and a novel group key management scheme. The former construct is used to perform privacy preserving matching, and the latter construct is used to enforce fine-grained encryption-based access control on the messages being published. We optimize our approach in order to efficiently handle frequently changing contexts. We have implemented our approach in a prototype using an industry strength JMS broker middleware. The experimental results show that our approach is highly practical.
Posted Content•
TL;DR: In this article, the first hardware implementations of encryption primitives for FHE over the integers using FPGA technology are presented, where a super-size hardware multiplier architecture utilising the Integer-FFT multiplication algorithm is proposed, and a supersize hardware Barrett modular reduction module is designed incorporating the proposed multiplier.
Abstract: A fully homomorphic encryption (FHE) scheme is envisioned as being a key cryptographic tool in building a secure and reliable cloud computing environment, as it allows arbitrarily evaluation of a ciphertext without revealing the plaintext. However, existing FHE implementations remain impractical due to their very high time and resource costs. Of the proposed schemes that can perform FHE to date, a scheme known as FHE over the integers has the advantage of comparatively simpler theory, as well as the employment of a much shorter public key making its implementation somewhat more practical than other competing schemes. To the author’s knowledge, this paper presents the first hardware implementations of encryption primitives for FHE over the integers using FPGA technology. First of all, a super-size hardware multiplier architecture utilising the Integer-FFT multiplication algorithm is proposed, and a super-size hardware Barrett modular reduction module is designed incorporating the proposed multiplier. Next, two encryption primitives that are used in two schemes of FHE over the integers are designed employing the proposed super-size multiplier and modular reduction modules. Finally, the proposed designs are implemented and verified on the Xilinx Virtex-7 FPGA platform. Experimental results show that the speed improvement factors of up to 44.72 and 54.42 are available for the two FHE encryption schemes implemented in FPGA when compared to the corresponding software implementations. Meanwhile, the performance analysis shows that further improvement is speed of these FHE encryption primitives may still be possible.