International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Siu Ming Yiu

Publications

Year
Venue
Title
2012
EUROCRYPT
2010
EPRINT
Non-Transferable Proxy Re-Encryption
A proxy re-encryption (PRE) scheme allows a proxy to reencrypt a ciphertext for Alice (delegator) to a ciphertext for Bob (delegatee) without seeing the underlying plaintext. With the help of the proxy, Alice can delegate the decryption right to any delegatee. However, existing PRE schemes generally suffer from one of the followings. Some schemes fail to provide the non-transferability property in which the proxy and the delegatee can collude to further delegate the decryption right to anyone. Other schemes assume the existence of a fully trusted private key generator (PKG) to generate the re-encryption key to be used by the proxy for encrypting a given ciphertext for a target delegatee. But this poses two problems in PRE schemes: the PKG in their schemes may decrypt all ciphertexts (referred as the key escrow problem) and the PKG can generate re-encryption key for arbitrary delegatees (we refer it as the PKG despotism problem). In this paper, we provide a more satisfactory solution to the problems. We follow the idea of using PKG to generate a re-encryption key to achieve the non-transferability property. To tackle the PKG despotisum problem in our scheme, if the PKG generates a re-encryption key for an unauthorized party, the delegator is able to retrieve the master secret of the PKG. We also show that with a tamper-proof hardware device, we can guarantee that the PKG cannot transfer decryption right to unauthorized delegatee. In addition, we solve the key escrow problem as well.
2007
EPRINT
Structural Identity-Based Encryption
Man Ho Au Siu-Ming Yiu
In this paper, we introduce the concept of structural identity-based encryption (SIBE). Similar to hierarchical identity-based encryption (HIBE), entities in the system are organized into hierarchy. An entity in SIBE can decrypt ciphertext for all its ancestors. It can be seen as an opposite of HIBE, where an entity can decrypt the ciphertext for all its descendants. We formalize the notion and security requirements, propose an efficient construction and show that our construction is secure under appropriate assumptions in the random oracle model.
2004
EPRINT
Identity Based Threshold Ring Signature
In threshold ring signature schemes, any group of $t$ entities spontaneously conscripting arbitrarily $n-t$ entities to generate a publicly verifiable $t$-out-of-$n$ signature on behalf of the whole group, yet the actual signers remain anonymous. The spontaneity of these schemes is desirable for ad-hoc groups such as mobile ad-hoc networks. In this paper, we present an identity based (ID-based) threshold ring signature scheme. The scheme is provably secure in the random oracle model and provides trusted authority compatibility. To the best of authors' knowledge, our scheme is the first ID-based threshold ring signature scheme which is also the most efficient (in terms of number of pairing operations required) ID-based ring signature scheme (when $t = 1$) and threshold ring signature scheme from pairings.
2004
EPRINT
Signcryption in Hierarchical Identity Based Cryptosystem
In many situations we want to enjoy confidentiality, authenticity and non-repudiation of message simultaneously. One approach to achieve this objective is to "sign-then-encrypt" the message, or we can employ special cryptographic scheme like signcryption. Two open problems about identity-based (ID-based) signcryption were proposed in \cite{CryptoePrint:2003:023}. The first one is to devise an efficient forward-secure signcryption scheme with public verifiability and public ciphertext authenticity, which is promptly closed by \cite{LNCS2971:ICISC2003:CYHC}. Another one which still remains open is to devise a hierarchical ID-based signcryption scheme that allows the user to receive signcrypted messages from sender who is under another sub-tree of the hierarchy. This paper aims at solving this problem by proposing two concrete constructions of hierarchical ID-based signcryption.

Program Committees