Catálogo de publicaciones - libros

We revisit Shin ’s leakage-resilient password-based authenticated key establishment protocol (LR-AKEP) and the security model used to prove the security of LR-AKEP. By refining the Leak oracle in the security model, we show that LR-AKE (1) can, in fact, achieve a stronger notion of leakage-resilience than initially claimed and (2) also achieve an additional feature of traceability, not previously mentioned.

This paper defines perfect security against side channel attacks for a cryptosystem implementation, and discusses the implication of secure notions for a cryptosystem in provable security. Then we give some security notions for symmetric encryption against side channel attacks, UB-SCA (unbreakability in side channel attacks) and IND-CPA-SCA (indistinguishability of chosen plaintext attacks and side channel attacks). On the basis of these definitions, we propose and prove that IND-CPA + UB-SCA IND-CPA-SCA by reduction, and IND-CPA-SCA is stronger than IND-CPA or UB-SCA.

Security of commonly used block ciphers is typically measured in terms of their resistance to known attacks. While the provable security approach to block ciphers dates back to the first CRYPTO conference (1981), analysis of modern block cipher proposals basically do not benefit fully from this, except for a few cases. This paper considers the security of recently proposed PRP-RKA secure block ciphers and discusses how they relate to existing types of attacks on block ciphers.

We propose a secure threshold signature scheme without trusted dealer. Our construction is based on the recently proposed signature scheme of Waters in EUROCRYPT’05. The new threshold signature scheme is more efficient than the previous threshold signature schemes without random oracles. Meanwhile, the signature share generation and verification algorithms are non-interactive. Furthermore, it is the first threshold signature scheme based on the computational Diffie-Hellman (CDH) problem without random oracles.

An aggregate signature is a single short string that convinces any verifier that, for all 1 ≤  ≤ , signer signed message , where the signers and messages are distinct. The main motivation of aggregate signatures is compactness. In this paper, the concept of aggregate proxy signature (APS) is first proposed to compact the proxy signatures. Furthermore, a concrete APS scheme is constructed, which can be proved to be secure under the security model of APS. Additionally, as an application of APS, the concept of verifiably encrypted proxy signature (VEPS) is also first proposed in this paper, which can be used in contract signing. The VEPS allows the original signer to delegate another to sign the contract on its behalf. Finally, a VEPS construction is derived from the APS, which can be easily proved to be secure from the security of APS.

In a seminal paper of identity based encryption (IBE), Boneh and Franklin [4] mentioned an interesting transform from an IBE scheme to a signature scheme, which was observed by Naor. In this paper, we give formal security treatments for this transform and discover several implications and separations among security notions of IBE and transformed signature. For example, we show for such a successful transform, one-wayness of IBE is an essential condition. Additionally, we give a sufficient and necessary condition for converting a semantically secure IBE scheme into an existentially unforgeable signature scheme. Our results help establish strategies on design and automatic security proof of signature schemes from (possibly weak) IBE schemes. We also show some separation results which strongly support that one-wayness, rather than semantic security, of IBE captures an essential condition to achieve secure signature.

As such, public-key encryption with keyword search (a.k.a PEKS or searchable encryption) does not allow the recipient to decrypt keywords i.e. encryption is not invertible. This paper introduces searchable encryption schemes which enable decryption. An additional feature is that the decryption key and the trapdoor derivation key are , thereby complying with many contexts of application. We put forward a seemingly optimal construction for decryptable searchable encryption which makes use of one KEM, one IDKEM and a couple of hash functions. We define a proper security model for decryptable searchable encryption and show that basic security requirements on the underlying KEM and IDKEM are enough for our generic construction to be strongly secure in the random oracle model.