*18:17* [Pub][ePrint]
Efficient Adaptively Secure IBBE from Standard Assumptions, by Somindu C. Ramanna and Palash Sarkar
This paper describes the first construction of efficient identity-based broadcast encryption (IBBE) schemes whichcan be proved secure against adaptive-identity attacks based on standard assumptions. The constructions are

obtained by extending the currently known most efficient identity-based encryption scheme proposed by Jutla

and Roy in 2013. Ciphertext size and user storage compare favourably to previously known constructions. The

new constructions fill both a practical and a theoretical gap in the literature on efficient IBBE schemes.

*18:17* [Pub][ePrint]
Using Indistinguishability Obfuscation via UCEs, by Christina Brzuska and Arno Mittelbach
We provide the first standard model construction for a powerful class of Universal Computational Extractors (UCEs; Bellare et al. Crypto 2013) based on indistinguishability obfuscation. Our construction suffices to instantiate correlation-secure hash functions and universal one-way functions. For many cryptographic primitives and in particular for correlation-secure hash functions all known constructions are in the random-oracle model. Indeed, recent negative results by Wichs (ITCS 2013) rule out a large class of techniques to prove the security of correlation-secure hash functions in the standard model. Our construction is based on puncturable PRFs (Sahai und Waters; STOC 2014) and indistinguishability obfuscation. However, our proof also relies on point obfuscation under auxiliary inputs (AIPO). This is crucial in light of Wichs\' impossibility result. Namely, Wichs proves that it is often hard to reduce two-stage games (such as UCEs) to a \"one-stage assumption\" such as DDH. In contrast, AIPOs and their underlying assumptions are inherently two-stage and, thus, allow us to circumvent Wichs\' impossibility result.

Our positive result is also noteworthy insofar as Brzuska, Farshim and Mittelbach (Crypto 2014) have shown recently, that iO and some variants of UCEs are mutually exclusive. Our results, hence, validate some of the new UCE notions that emerged as a response to the iO-attack.

*18:17* [Pub][ePrint]
Privacy-Enhanced Participatory Sensing with Collusion-Resistance and Data Aggregation, by Felix Günther and Mark Manulis and Andreas Peter
Participatory sensing enables new paradigms and markets for information collection based on the ubiquitous availability of smartphones, but also introduces privacy challenges for participating users and their data. In this work, we review existing security models for privacy-preserving participatory sensing and propose several improvements that are both of theoretical and practical significance.We first address an important drawback of prior work, namely the lack of consideration of collusion attacks that are highly relevant for such multi-user settings. We explain why existing security models are insufficient and why previous protocols become insecure in the presence of colluding parties. We remedy this problem by providing new security and privacy definitions that guarantee meaningful forms of collusion resistance. We propose new collusion-resistant participatory sensing protocols satisfying our definitions: a generic construction that uses anonymous identity-based encryption (IBE) and its practical instantiation based on the Boneh-Franklin IBE scheme.

We then extend the functionality of participatory sensing by adding the ability to perform aggregation on the data submitted by the users, without sacrificing their privacy. We realize this through an additively-homomorphic IBE scheme which in turn is constructed by slightly modifying the Boneh-Franklin IBE scheme. From a practical point of view, the resulting scheme is suitable for calculations with small sensor readings/values such as temperature measurements, noise levels, or prices, which is sufficient for many applications of participatory sensing.

*12:17* [Pub][ePrint]
Redefining the Transparency Order, by Kaushik Chakraborty and Subhamoy Maitra and Sumanta Sarkar and Bodhisatwa Mazumdar and Debdeep Mukhopadhyay
In this paper, we consider the multi-bit Differential Power Analysis (DPA) in the Hamming weight model. In this regard, we revisit the definition of Transparency Order (TO) from the work of Prouff (FSE 2005) and find that the definition has certain limitations. Although this work has been quite well referred in the literature, surprisingly, these limitations remained unexplored for almost a decade. The existing definition of TO (by Prouff) for an S-box$F: \\F_2^n \\rightarrow \\F_2^m$ considers maximization on $\\beta \\in \\F_2^m$. However, we show that the expression suggested by Prouff is always maximum when $\\beta$ is either all-zero or all-one, that makes the maximization over all $\\beta \\in \\F_2^m$ redundant. Digging TO deeper, we note that the existing definition of TO assumes certain cross-correlation terms between the co-ordinate Boolean functions of $F$ as zero. This is not true in general and thus we need to accommodate these terms in the definition. Further the definition is based on the assumption that the co-ordinate functions in

the S-boxes are balanced (which is indeed logical for practical S-boxes), but unfortunately the measure has been calculated for bent functions (which are not balanced) in Prouff\'s paper and subsequent works. We analyse the definition from scratch, modify it and finally provide a substantially improved and logical definition that can theoretically capture DPA in Hamming weight model for hardware implementation with precharge logic. In this regard, our analysis comes with numerical data for AES S-Box and the family of S-Boxes described in the context of Prince.