## CryptoDB

### Pil Joong Lee

#### Publications

Year
Venue
Title
2007
PKC
2007
EPRINT
This paper addresses the security of optimistic fair exchange in a multi-user setting. While the security of public key encryption and public key signature schemes in a single-user setting guarantees the security in a multi-user setting, we show that the situation is different in the optimistic fair exchange. First, we show how to break, in the multi-user setting, an optimistic fair exchange scheme provably secure in the single-user setting. This example separates the security of optimistic fair exchange between the single-user setting and the multi-user setting. We then define the formal security model of optimistic fair exchange in the multi-user setting, which is the first complete security model of optimistic fair exchange in the multi-user setting. We prove the existence of a generic construction meeting our multi-user security based on one-way functions in the random oracle model and trapdoor one-way permutations in the standard model. Finally, we revisit two well-known methodologies of optimistic fair exchange, which are based on the verifiably encrypted signature and the sequential two-party multisignature, respectively. Our result shows that these paradigms remain valid in the multi-user setting.
2005
EPRINT
To solve the problem of searching on encrypted data, many keyword search schemes have been proposed in recent years. The goal of such schemes is to enable a user to give an untrusted storage server the ability only to test whether an encrypted document contains a few keywords without learning anything else about the document. In this paper, we are concerned with decrypting the searched results as well as searching for desired documents. In the previously proposed schemes, except for the work by Waters et al.[WBDS04], a user decrypts searched documents using his private key, $A_{priv}$, or a symmetric key. Our another goal is to enable a user to give a proxy the ability to decrypt only the ciphertexts containing desired keywords, but not other ciphertexts. We propose a new mechanism, Searchable Keyword-Based Encryption (SKBE) which satisfies both the above goals. As a result of adding the delegation of decryption ability, our mechanism works more securely and efficiently in several applications, such as email gateways, secure audit logs, and decryption key delegation systems, than any of the previously proposed schemes. We formalize this mechanism, define its security model and propose an efficient construction whose security is proved in a random oracle model under the Bilinear Diffie-Hellman Inversion assumption. The scheme is constructed based on the Public Key Encryption with Conjunctive Field Keyword Search scheme in [PKL04] by using a hybrid encryption technique.
2005
EPRINT
In this paper, we present a broadcast encryption scheme with efficient transmission cost under the \emph{log-key} restriction. Given $n$ users and $r$ revoked users, our scheme has the transmission cost of $O(r)$ and requires the storage of $O(\log n)$ keys at each receiver. These are optimal complexities in broadcast encryptions using one-way hash functions (or pseudo-random generators.) To achieve these complexities, the stratified subset difference (SSD) scheme and the $\overline{B1}$ scheme were introduced by Goodrich et al. and Hwang et al. respectively. However, their schemes have the disadvantage that transmission cost increases linearly according to the number of stratifications. By assigning the related keys between stratifications, our scheme remedies the defect and achieves very efficient transmission cost even in an environment where the key storage is restricted. To the best of our knowledge, our scheme has the most efficient transmission cost in the existing schemes with log-key storage. In addition, our result is comparable to other schemes that allow a large key storage.
2004
EPRINT
The algorithm proposed by Ha and Moon [HM02] is a countermeasure against power analysis. The Ha-Moon algorithm has two drawbacks in that it requires an inversion and has a right-to-left approach. Recently, Yen, Chen, Moon and Ha improved the algorithm by removing these drawbacks [YCMH04]. Their new algorithm is inversion-free, has a left-to-right approach and employs a window method. They insisted that their algorithm leads to a more secure countermeasure in computing modular exponentiation against side-channel attacks. This algorithm, however, still has a similar weakness observed in [FMPV04,SPL04]. This paper shows that the improved Ha-Moon algorithm is vulnerable to differential power analysis even if we employ their method in selecting $s_i$.
2003
ASIACRYPT
2001
PKC
2000
CHES
1999
CHES
1998
ASIACRYPT
1997
CRYPTO
1995
CRYPTO
1995
EUROCRYPT
1994
CRYPTO
1993
CRYPTO
1992
AUSCRYPT
1990
AUSCRYPT
1988
EUROCRYPT
1987
CRYPTO

#### Program Committees

CHES 2007
CHES 2006
Eurocrypt 2006
Asiacrypt 2005
CHES 2005
Crypto 2004
Asiacrypt 2004 (Program chair)
Asiacrypt 2003
CHES 2003
Eurocrypt 2002
Asiacrypt 2002
CHES 2002
PKC 2001
Asiacrypt 2001
Asiacrypt 1999
Eurocrypt 1997
Asiacrypt 1996