## CryptoDB

### Lucas C.K. Hui

#### Publications

Year
Venue
Title
2010
EPRINT
A proxy re-encryption (PRE) scheme allows a proxy to reencrypt a ciphertext for Alice (delegator) to a ciphertext for Bob (delegatee) without seeing the underlying plaintext. With the help of the proxy, Alice can delegate the decryption right to any delegatee. However, existing PRE schemes generally suffer from one of the followings. Some schemes fail to provide the non-transferability property in which the proxy and the delegatee can collude to further delegate the decryption right to anyone. Other schemes assume the existence of a fully trusted private key generator (PKG) to generate the re-encryption key to be used by the proxy for encrypting a given ciphertext for a target delegatee. But this poses two problems in PRE schemes: the PKG in their schemes may decrypt all ciphertexts (referred as the key escrow problem) and the PKG can generate re-encryption key for arbitrary delegatees (we refer it as the PKG despotism problem). In this paper, we provide a more satisfactory solution to the problems. We follow the idea of using PKG to generate a re-encryption key to achieve the non-transferability property. To tackle the PKG despotisum problem in our scheme, if the PKG generates a re-encryption key for an unauthorized party, the delegator is able to retrieve the master secret of the PKG. We also show that with a tamper-proof hardware device, we can guarantee that the PKG cannot transfer decryption right to unauthorized delegatee. In addition, we solve the key escrow problem as well.
2004
EPRINT
In threshold ring signature schemes, any group of $t$ entities spontaneously conscripting arbitrarily $n-t$ entities to generate a publicly verifiable $t$-out-of-$n$ signature on behalf of the whole group, yet the actual signers remain anonymous. The spontaneity of these schemes is desirable for ad-hoc groups such as mobile ad-hoc networks. In this paper, we present an identity based (ID-based) threshold ring signature scheme. The scheme is provably secure in the random oracle model and provides trusted authority compatibility. To the best of authors' knowledge, our scheme is the first ID-based threshold ring signature scheme which is also the most efficient (in terms of number of pairing operations required) ID-based ring signature scheme (when $t = 1$) and threshold ring signature scheme from pairings.
2004
EPRINT
In many situations we want to enjoy confidentiality, authenticity and non-repudiation of message simultaneously. One approach to achieve this objective is to "sign-then-encrypt" the message, or we can employ special cryptographic scheme like signcryption. Two open problems about identity-based (ID-based) signcryption were proposed in \cite{CryptoePrint:2003:023}. The first one is to devise an efficient forward-secure signcryption scheme with public verifiability and public ciphertext authenticity, which is promptly closed by \cite{LNCS2971:ICISC2003:CYHC}. Another one which still remains open is to devise a hierarchical ID-based signcryption scheme that allows the user to receive signcrypted messages from sender who is under another sub-tree of the hierarchy. This paper aims at solving this problem by proposing two concrete constructions of hierarchical ID-based signcryption.
2000
PKC

#### Coauthors

H. W. Chan (1)
C. F. Chong (1)
K. P. Chow (1)
Sherman S. M. Chow (2)
Yi-Jun He (1)
Wai Wan Tsang (1)
Xiaoyun Wang (1)
Siu Ming Yiu (3)
Tsz Hon Yuen (1)