## CryptoDB

### Robert H. Deng

#### Publications

Year
Venue
Title
2016
PKC
2015
EPRINT
2015
EPRINT
2015
PKC
2014
EUROCRYPT
2011
PKC
2010
EPRINT
In this paper, we propose a new practical identity-based encryption scheme which is suitable for wireless sensor network (WSN). We call it \textit{Receiver-Bounded Online/Offline Identity-based Encryption} (RB-OOIBE). It splits the encryption process into two parts -- the offline and the online part. In the offline part, all heavy computations are done without the knowledge of the receiver's identity and the plaintext message. In the online stage, only light computations such as modular operation and symmetric key encryption are required, together with the receiver's identity and the plaintext message. Moreover, since each offline ciphertext can be re-used for the same receiver, the number of offline ciphertexts the encrypter holds only confines the number of receivers instead of the number of messages to be encrypted. In this way, a sensor node (with limited computation power and limited storage) in WSN can send encrypted data easily: A few offline ciphertexts can be computed in the manufacturing stage while the online part is light enough for the sensor to process. We propose an efficient construction for this new notion. The scheme can be proven selective-ID CCA secure in the standard model. Compared to previous online/offline identity-based encryption schemes, our scheme is exempt from a high storage requirement, which is proportional to the number of messages to be sent. The improvement is very significant if many messages are sent to few receivers.
2010
EPRINT
Formal RFID security and privacy frameworks are fundamental to the design and analysis of robust RFID systems. In this paper, we develop a new definitional framework for RFID privacy in a rigorous and precise manner. Our framework is based on a zero-knowledge (ZK) formulation [7, 5] and incorporates the notions of adaptive completeness and mutual authentication. We provide meticulous justification of the new framework and contrast it with existing ones in the literature. In particular, we prove that our framework is stronger than the ind-privacy model of [14], which answers an open question posed in [14] for developing stronger RFID privacy models. Along the way we also try to clarify certain confusions and rectify several defects in the existing frameworks. Based on the protocol of [16], we propose an efficient RFID mutual authentication protocol and analyze its security and privacy. The methodology used in our analysis is of independent interest and can be applied to analyze other RFID protocols within the new framework.
2010
EPRINT
Proxy re-encryption (PRE), introduced by Blaze, Bleumer and Strauss in Eurocrypt'98, allows a semi-trusted proxy to convert a ciphertext originally intended for Alice into an encryption of the same message intended for Bob. PRE has recently drawn great interest, and many interesting PRE schemes have been proposed. However, up to now, it is still an important question to come up with a chosen-ciphertext secure unidirectional PRE in the adaptive corruption model. To address this problem, we propose a new unidirectional PRE scheme, and prove its chosen-ciphertext security in the adaptive corruption model without random oracles. Compared with the best known unidirectional PRE scheme proposed by Libert and Vergnaud in PKC'08, our schemes enjoys the advantages of both higher efficiency and stronger security.
2008
EPRINT
This paper investigates the security of FTT (fully collusion resistant traitor tracing) schemes in terms of DOT (Denial Of Tracing) and framing. With DOT attack, a decoder is able to detect tracing activity, and then prolongs the tracing process such that the tracer is unable to complete tracing job in a realistic time duration and hence has to abort his effort. On the other hand, by merely embedding several bytes of non-volatile memory in the decoder, we demonstrate, for the FTT schemes, how the decoder can frame innocent users at will. Furthermore, we propose a countermeasure on the framing attack.
2006
EPRINT
Many theoretical PIR (Private Information Retrieval) constructions have been proposed in the past years. Though information theoretically secure, most of them are impractical to deploy due to the prohibitively high communication and computation complexity. The recent trend in outsourcing databases fuels the research on practical PIR schemes. In this paper, we propose a new PIR system by making use of trusted hardware. Our system is proven to be information theoretically secure. Furthermore, we derive the computation complexity lower bound for hardware-based PIR schemes and show that our construction meets the lower bounds for both the communication and computation costs, respectively.
2003
EPRINT
In distributed networks, a target party $T$ could be a person never meet with a source party $S$, therefore $S$ may not hold any prior evaluation of trustworthiness of $T$. To get permit to access $S$, $T$ should be somewhat trusted by $S$. Consequently, we should study the approach to evaluate trustworthiness of $T$. To attack the problem, we view individual participant in distributed networks as a node of a delegation graph $G$ and map a delegation path from target party $T$ to source party $S$ in networks into an edge in the correspondent transitive closure of graph $G$. Based on the transitive closure property of the graph $G$, we decompose the problem to three related questions below: -how to evaluate trustworthiness of participants in an edge? -how to compute trustworthiness of participants in a path? -how to evaluate the trustworthiness of a target participant in a transitive closure graph? We attack the above three questions by first computing trustworthiness of participants in distributed and authenticated channel. Then we present a practical approach to evaluate trustworthiness by removing the assumption of the authenticated channel in distributed networks.
2003
EPRINT
A proxy signature scheme allows an entity to delegate his/her signing capability to another entity in such a way that the latter can sign messages on behalf of the former. Such schemes have been suggested for use in a number of applications, particularly in distributed computing where delegation of rights is quite common. Followed by the first schemes introduced by Mambo, Usuda and Okamoto in 1996, a number of new schemes and improvements have been proposed. In this paper, we present a security analysis of four such schemes newly proposed in [15,16]. By successfully identifying several interesting forgery attacks, we show that all the four schemes are insecure. Consequently, the fully distributed proxy scheme in [11] is also insecure since it is based on the (insecure) LKK scheme [14,15]. In addition, we point out the reasons why the security proofs provided in [15] are invalid.
2002
EPRINT
Undeniable signature is an intriguing concept introduced by Chaum and Antwerpen at Crypto'89. In 1999, Lee and Hwang presented two group-oriented undeniable signature schemes with a trusted center. Their schemes are natural generalizations of Chaum's zero-knowledge undeniable signature scheme proposed in 1990. However, we find that the Lee-Hwang schemes are insecure. In this paper, we demonstrate five attacks on their schemes: four of them are universal forgery, in which one dishonest member (maybe collude with a verifier) can get a valid signature on any chosen massage, and another attack allows a dishonest member to prevent honest members from generating valid signatures but his cheating behavior is undetected. We also suggest heuristic improvements to overcome some of the problems involved in these attacks.
2002
EPRINT
In non-repudiation services where digital signatures usually serve as irrefutable cryptographic evidence for dispute resolution, trusted time-stamping and certificate revocation services, although very costly in practice, must be available, to prevent big loss due to compromising of the signing key. In [IR02], a new concept called intrusion-resilient signature} was proposed to get rid of trusted time-stamping and certificate revocation services and a concrete scheme was presented. In this paper, we put forward a new scheme that can achieve the same effect in a much more efficient way. In our scheme, forward-secure signature serves as a building block that enables signature validation without trusted time-stamping, and a one-way hash chain is employed to control the validity of public-key certificates without the CA's involvement for certificate revocation. We adopt a model similar to the intrusion-resilient signature in [IR02], where time is divided into predefined short periods and a user has two modules, signer and home base. The signer generates forward-secure signatures on his own while the home base manages the validity of the signer's public-key certificate with a one-way hash chain. The signature verifier can check the validity of signatures without retrieving the certificate revocation information from the CA. Our scheme is more robust in the sense that loss of synchronization between the signer and the home base could be recovered in the next time period while it is unrecoverable in [IR02]. To facilitate the implementation of our signature validation scheme, we further present a new forward-secure signature scheme which is more efficient than all of the existing forward-secure signature schemes.
2001
PKC
2001
PKC
2000
PKC
1999
PKC
1998
ASIACRYPT
1998
ASIACRYPT
1998
PKC

PKC 2004
Asiacrypt 2003