## CryptoDB

### Daniel Slamanig

#### Publications

Year
Venue
Title
2019
ASIACRYPT
Structure-preserving signatures on equivalence classes (SPS-EQ) introduced at ASIACRYPT 2014 are a variant of SPS where a message is considered as a projective equivalence class, and a new representative of the same class can be obtained by multiplying a vector by a scalar. Given a message and corresponding signature, anyone can produce an updated and randomized signature on an arbitrary representative from the same equivalence class. SPS-EQ have proven to be a very versatile building block for many cryptographic applications.In this paper, we present the first EUF-CMA secure SPS-EQ scheme under standard assumptions. So far only constructions in the generic group model are known. One recent candidate under standard assumptions are the weakly secure equivalence class signatures by Fuchsbauer and Gay (PKC’18), a variant of SPS-EQ satisfying only a weaker unforgeability and adaption notion. Fuchsbauer and Gay show that this weaker unforgeability notion is sufficient for many known applications of SPS-EQ. Unfortunately, the weaker adaption notion is only proper for a semi-honest (passive) model and as we show in this paper, makes their scheme unusable in the current models for almost all of their advertised applications of SPS-EQ from the literature.We then present a new EUF-CMA secure SPS-EQ scheme with a tight security reduction under the SXDH assumption providing the notion of perfect adaption (under malicious keys). To achieve the strongest notion of perfect adaption under malicious keys, we require a common reference string (CRS), which seems inherent for constructions under standard assumptions. However, for most known applications of SPS-EQ we do not require a trusted CRS (as the CRS can be generated by the signer during key generation). Technically, our construction is inspired by a recent work of Gay et al. (EUROCRYPT’18), who construct a tightly secure message authentication code and translate it to an SPS scheme adapting techniques due to Bellare and Goldwasser (CRYPTO’89).
2018
EUROCRYPT
2018
PKC
We revisit the notion of proxy re-encryption ($\mathsf {PRE}$PRE), an enhanced public-key encryption primitive envisioned by Blaze et al. (Eurocrypt’98) and formalized by Ateniese et al. (NDSS’05) for delegating decryption rights from a delegator to a delegatee using a semi-trusted proxy. $\mathsf {PRE}$PRE notably allows to craft re-encryption keys in order to equip the proxy with the power of transforming ciphertexts under a delegator’s public key to ciphertexts under a delegatee’s public key, while not learning anything about the underlying plaintexts.We study an attractive cryptographic property for $\mathsf {PRE}$PRE, namely that of forward secrecy. In our forward-secret $\mathsf {PRE}$PRE (fs-$\mathsf {PRE}$PRE) definition, the proxy periodically evolves the re-encryption keys and permanently erases old versions while he delegator’s public key is kept constant. As a consequence, ciphertexts for old periods are no longer re-encryptable and, in particular, cannot be decrypted anymore at the delegatee’s end. Moreover, delegators evolve their secret keys too, and, thus, not even they can decrypt old ciphertexts once their key material from past periods has been deleted. This, as we will discuss, directly has application in short-term data/message-sharing scenarios.Technically, we formalize fs-$\mathsf {PRE}$PRE. Thereby, we identify a subtle but significant gap in the well-established security model for conventional $\mathsf {PRE}$PRE and close it with our formalization (which we dub fs-$\mathsf {PRE} ^+$PRE+). We present the first provably secure and efficient constructions of fs-$\mathsf {PRE}$PRE as well as $\mathsf {PRE}$PRE (implied by the former) satisfying the strong fs-$\mathsf {PRE} ^+$PRE+ and $\mathsf {PRE} ^+$PRE+ notions, respectively. All our constructions are instantiable in the standard model under standard assumptions and our central building block are hierarchical identity-based encryption ($\mathsf {HIBE}$HIBE) schemes that only need to be selectively secure.
2017
PKC
2015
EPRINT
2015
EPRINT
2015
EPRINT
2015
EPRINT
2015
CRYPTO
2014
EPRINT
2014
EPRINT
2014
ASIACRYPT