Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via
To receive your credentials via mail again, please click here.
You can also access the full news archive.
Our method is based on the researches in key-leakage resilience. It thus gives an interesting and rather surprised connection between the rich domain of key-leakage resilient cryptography and Pirates 2.0. We first formalize the notion of key-leakage resilient revoke system and then identify sufficient conditions so that a key-leakage resilient revoke scheme can resist Pirates 2.0 in any form. We finally propose a construction of a secure key-leakage resilient identity-based revoke system that fulfills the required conditions. The main ingredient in the construction relies on the identity-based encryption with wildcards ($\\WIBE$) and our construction of key-leakage resilient $\\WIBE$ could be useful in its own right.
interactive proofs of knowledge over multiple parties. Interactive proofs of knowledge (PoK) are widely used
primitives of cryptographic protocols, including important user-centric protocols, such as identification schemes,
electronic cash (e-cash), and anonymous credentials.
We present a security model for threshold proofs of knowledge and develop threshold versions of well-known
primitives such as range proofs, zero-knowledge proofs for preimages of homomorphisms (which generalizes PoKs
of discrete logarithms, representations, p-th roots, etc.), as well as OR statements. These building blocks are proven
secure in our model.
Furthermore, we apply the developed primitives and techniques in the context of user-centric protocols. In particular,
we construct distributed-user variants of Brands\' e-cash system and the bilinear anonymous credential scheme by
Camenisch and Lysyanskaya. Distributing the user party in such protocols has several practical advantages: First, the
security of a user can be increased by sharing secrets and computations over multiple devices owned by the user. In
this way, losing control of a single device does not result in a security breach. Second, this approach also allows
groups of users to jointly control an application (e.g., a joint e-cash account), not giving a single user full control.
The distributed versions of the protocols we propose in this paper are relatively efficient (when compared to a general
MPC approach). In comparison to the original protocols only the prover\'s (or user\'s) side is modified while the other
side stays untouched. In particular, it is oblivious to the other party whether it interacts with a distributed prover (or
user) or one as defined in the original protocol.
In this paper, we consider encapsulation of several ephemeral keys, for various groups and thus various channels, in one header only, and we call this new primitive Multi-Channel Broadcast Encryption: one can hope for a much shorter global overhead and a short zapping time since the decoder already has the information to decrypt any available channel at once. Our candidates are private variants of the Boneh-Gentry-Waters scheme, with a constant-size global header, independently of the number of channels. In order to prove the CCA security of the scheme, we introduce a new dummy-helper technique and implement it in the random oracle model.
by means of rigorous programming language techniques and verification
methods. EasyCrypt is a framework that realizes the verified security
paradigm and supports the machine-checked construction and
verification of cryptographic proofs using state-of-the-art SMT
solvers, automated theorem provers and interactive proof assistants.
Previous experiments have shown that EasyCrypt is effective for a
posteriori validation of cryptographic systems. In this paper, we
report on the first application of verified security to a novel
cryptographic construction, with strong security properties and
interesting practical features. Specifically, we use EasyCrypt to
prove the IND-CCA security of a redundancy-free public-key encryption
scheme based on trapdoor one-way permutations. Somewhat surprisingly,
we show that even with a zero-length redundancy, Boneh\'s SAEP scheme
(an OAEP-like construction with a single-round Feistel network rather
than two) converts a trapdoor one-way permutation into an
IND-CCA-secure scheme, provided the permutation satisfies two
additional properties. We then prove that the Rabin function and RSA
with short exponent enjoy these properties, and thus can be used to
instantiate the construction we propose to obtain efficient encryption
schemes. The reduction that justifies the security of our construction
is tight enough to achieve practical security with reasonable key
As a central technical building block, we devise the first structure-preserving signature scheme with a tight security reduction. (This signature scheme may be of independent interest.) Combining this scheme with Groth-Sahai proofs yields a tightly simulation-sound non-interactive zero-knowledge proof system for group equations. If we use this proof system in the Naor-Yung double encryption scheme, we obtain a tightly IND-CCA secure public-key encryption scheme from the Decision Linear assumption.
We point out that our techniques are not specific to public-key encryption security. Rather, we view our signature scheme and proof system as general building blocks that can help to achieve a tight security reduction.