Catálogo de publicaciones - libros

In many financial or legal scenarios (such as trading stocks, wills and safe-deposit boxes), we want to ensure that a certain task (reading the buy/sell instruction, obtaining the property, or opening the box in emergencies respectively) cannot be performed until a certain time or a certain pre-defined condition occurs. Token-controlled public key encryption TCE, introduced in [2], is a handy tool for these situations. Roughly speaking, messages are encrypted by a public key together with a secret token in TCE, such that the receiver holding the corresponding private key cannot decrypt until the token is released. TCE is also useful in rapid distribution of information and sealed-bid auctions, etc.

In Financial Cryptography 2006, Galindo and Herranz [15] proposed a generic construction of TCE in the random oracle model. However, we show that it is insecure against insider attack, namely, a malicious user without the token can learn partial information about the message.

We propose a strengthened definition of security, and also new privacy requirements. It turns out that [15] is also insecure against outsider attack in our new definition. We then give a new generic construction provably secure in the standard model, which is nearly as efficient as a standard public key encryption scheme.

We define new algorithmic problems and discuss their properties (in particular, we present a careful study of their computational complexity). We apply the new problems to design public key encryption protocols with semantic security relative to their decisional variants. We then show how to provide efficient schemes that are semantically secure under adaptive chosen ciphertext attacks in the random oracle model. Finally, we show that the ideas developed in this extended abstract can be used to design the most efficient known cryptosystem with semantic security under non-adaptive chosen ciphertext attacks in the standard security model.

At Asiacrypt 2002, Katz and Yung presented two threshold cryptosystems based on factoring, a threshold version of Goldwasser-Micali’s probabilistic encryption assuming that , and a threshold Rabin signature scheme assuming that and . In this paper, we show a generalized condition on and to obtain a threshold version of Goldwasser-Micali, and a threshold Rabin-type signature scheme due to Kurosawa and Ogata [7] for and Note that our set of (,) is disjoint from that of Katz-Yung threshold Rabin signature scheme.

ElGamal scheme has been the first encryption scheme based on discrete logarithm. One of its main advantage is that it is simple, natural and efficient, but also that its security is clearly understood. However, one of its — often forgotten — disadvantages is that this scheme requires the encoding of messages into group elements, in order to be semantically secure. Unfortunately, this need prevents the scheme to be fully practical.

In this paper, we propose a new way to deal with the problem of message encoding, which offers several advantages though some disadvantages. Our scheme is based on a quite simple combination of the standard ElGamal scheme with a message encoding inspired by the Naccache-Stern cryptosystem. We consider our solution as a new step towards the open problem of designing a discrete-logarithm based encryption scheme with the property of being additively homomorphic. Unfortunately, our construction is still not a complete solution. We hope however that it might give clues for a possible full solution.

Differential uniformity is an important property of cryptographic building blocks used in the design of symmetric ciphers. In this paper it is proved that certain canonical mappings on elliptic curves are differentially uniform. The main observation of this paper is that the impersonation attack against the implicit certificate scheme of Ateniese and de Medeiros does not work if a differentially uniform mapping is used in the scheme. This phenomenon is analyzed in the slightly more general context of a partially blind signature scheme, which is a new cryptographic primitive that seems to gain security properties from differentially uniform mappings.

In the current work we propose two efficient formulas for computing the 5-fold (5) of an elliptic curve point . One formula is for curves over finite fields of even characteristic and the other is for curves over prime fields. Double base number systems (DBNS) have been gainfully exploited to compute scalar multiplication efficiently in ECC. Using the proposed point quintupling formulas one can use 2, 5 and 3, 5 (besides 2, 3) as bases of the double base number system. In the current work we propose a scalar multiplication algorithm, which uses a representation of the scalar using three bases 2, 3 and 5 and computes the scalar multiplication very efficiently. The proposed scheme is faster than all sequential scalar multiplication algorithms reported in literature.

Security in relational database systems pursues two conflicting interests: confidentiality and availability. In order to effect a compromise between these interests, two techniques have evolved. On the one hand, controlled query evaluation always preserves confidentiality, but leads to undecidable inference problems in general. On the other hand, access control features simple access decisions, but possibly cannot avoid unwanted information flows. This paper introduces a form of access control that, in combination with restricting the query language, results in an efficient access control mechanism under preservation of confidentiality. Moreover, we justify the necessity of our restrictions and give an outlook on how to use our result as building block for a less restrictive but still secure system.

A negative database is a privacy-preserving storage system that allows to efficiently test if an entry is present, but makes it hard to enumerate all encoded entries. We improve significantly over previous work presented at ISC 2006 by Esponda  [9], by showing constructions for negative databases reducible to the security of well understood primitives, such as cryptographic hash functions or the hardness of the Discrete-Logarithm problem. Our constructions require only storage in the number of entries in the database, and linear query time (compared to storage and query time, where is a security parameter.) Our claims are supported by both proofs of security and experimental performance measurements.