Catálogo de publicaciones - libros

Bilinear groups of composite order are groups with an efficient bilinear map where the group order is a product of two large primes. Such groups are constructed from pairing friendly curves over a finite field. Composite order bilinear groups were recently used in a number of interesting cryptographic constructions. This talk will survey three applications: 1 Private Information Retrieval 1 Anonymous Identity Based Encryption 1 Non-Interactive Zero Knowledge.

We study the problem of a public key encryption with conjunctive keyword search (PECK). The keyword searchable encryption enables a user to outsource his data to the storage of an untrusted server and to have the ability to selectively search his data without leaking information. The PECK scheme provides the document search containing each of several keywords over a public key setting. First, we construct an efficient PECK scheme whose security is proven over a decisional linear Diffie-Hellman assumption in the random oracle model. In comparison with previous schemes, our scheme has the shortest ciphertext size and private key size, and requires a comparable computation overhead. Second, we discuss problems related to the security proof of previous schemes and show they cannot guarantee complete security. Finally, we introduce a new concept called a multi-user PECK scheme, which can achieve an efficient computation and communication overhead and effectively manage the storage in a server for a number of users.

At FC’05, Dodis and Yum introduced a new cryptographic tool called time capsule signature (TCS) which allows signers to generate ”future signatures” that only become valid from a specific future time t (chosen at signature generation) when a trusted entity (called Time Server ) discloses some trapdoor information for period t . In addition, time capsule signatures endow signers with the ability to make their signatures valid before the pre-determined time t . Full signatures that were completed by their original issuer should be indistinguishable from those that automatically became valid after the release of the timespecific trapdoor. Time capsule signatures were showed to be generically constructible from another primitive called identity-based trapdoor hardto- invert relation (ID-THIR) . The only known instantiations of the latter either rely on the idealized random oracle model or are too inefficient for real-world applications. In this paper, we devise the first efficient IDTHIR (and thus TCS ) construction which is secure in the standard model (i.e. without the random oracle heuristic).

This paper puts forward new efficient constructions for public-key broadcast encryption that simultaneously enjoy the following properties: receivers are stateless; encryption is collusion-secure for arbitrarily large collusions of users and security is tight in the standard model; new users can join dynamically i.e. without modification of user decryption keys nor ciphertext size and little or no alteration of the encryption key.We also show how to permanently revoke any subgroup of users. Most importantly, our constructions achieve the optimal bound of O (1)-size either for ciphertexts or decryption keys, where the hidden constant relates to a couple of elements of a pairing-friendly group. Our broadcast-KEM trapdoor technique, which has independent interest, also provides a dynamic broadcast encryption system improving all previous efficiency measures (for both execution time and sizes) in the private-key setting.

The concept of Certificateless Public Key Encryption (CLPKE) eliminates the use of certificates in certified Public Key Encryption (PKE) scheme and the key-escrow problem in Identity Based Encryption (IBE) scheme. Al-Riyami and Paterson first proposed a CL-PKE scheme and proved its security in their security model ( AP -model) using idealized random oracles. Several generic constructions were also proposed to construct a CL-PKE scheme by composing the standard PKE and IBE schemes. Recently, it was proved that some generic constructions are not secure against chosen ciphertext attacks in light of the security goals in the AP -model. In this paper, we show that all the known generic constructions are not secure against chosen ciphertext attacks, in the AP -model or a weaker security model than the AP -model. We also propose a CL-PKE scheme which is provably secure against chosen ciphertext attacks without random oracles. Our construction is proven secure in the selective-ID security model, reflecting the feature of CL-PKE scheme.

In 2003, Al-Riyami and Paterson introduced a new public key encryption paradigm called Certificateless Public Key Encryption (CL-PKE), which like Identity-Based Encryption (IBE) is certificatefree, and meanwhile which unlike IBE but similar to certificate-based encryption is key-escrow-free. In this paper, based on a heuristic observation on some existing IBE schemes and PKE schemes, we propose a general approach to build a CL-PKE solution, which makes use of a simple combination of an IBE scheme, a Diffie-Hellman type key establishment algorithm and a secure hash-function. Following this approach we construct two efficient concrete CL-PKE schemes and formally analyse their security in the random oracle model.

We survey recent research on pairings on hyperelliptic curves and present a comparison of the performance characteristics of pairings on elliptic curves and hyperelliptic curves. Our analysis indicates that hyperelliptic curves are not more efficient than elliptic curves for general pairing applications.

We compute in a direct (not algorithmic) way the zeta function of all supersingular curves of genus 2 over a finite field k , with many geometric automorphisms. We display these computations in an appendix where we select a family of representatives of all these curves up to ${\overline{k}}$ -isomorphism and we exhibit equations and the zeta function of all their ${\overline{k}}/k$ -twists. As an application we obtain a direct computation of the cryptographic exponent of the Jacobians of these curves.

We provide the first explicit construction of genus 2 curves over finite fields whose Jacobians are ordinary, have large prime-order subgroups, and have small embedding degree. Our algorithm is modeled on the Cocks-Pinch method for constructing pairing-friendly elliptic curves [5], and works for arbitrary embedding degrees k and prime subgroup orders r . The resulting abelian surfaces are defined over prime fields ${{\mathbb F}}_q$ with q  ≈  r ^4. We also provide an algorithm for constructing genus 2 curves over prime fields ${{\mathbb F}}_q$ with ordinary Jacobians J having the property that $J[r] \subset J({{\mathbb F}}_{q})$ or $J[r] \subset J({{\mathbb F}}_{q^k})$ for any even k .

In this paper we describe an efficient implementation of the Tate and Ate pairings using Barreto-Naehrig pairing-friendly curves, on both a standard PC and on a 32-bit smartcard. First we introduce a sub-family of such curves with a particularly simple representation. Next we consider the issues that arise in the efficient implemention of field arithmetic in ${{\mathbb{F}}_{p^{12}}}$ , which is crucial to good performance. Various optimisations are suggested, including a novel approach to the ‘final exponentiation’, which is faster and requires less memory than the methods previously recommended.