--- _id: '6430' abstract: - lang: eng text: "A proxy re-encryption (PRE) scheme is a public-key encryption scheme that allows the holder of a key pk to derive a re-encryption key for any other key \U0001D45D\U0001D458′. This re-encryption key lets anyone transform ciphertexts under pk into ciphertexts under \U0001D45D\U0001D458′ without having to know the underlying message, while transformations from \U0001D45D\U0001D458′ to pk should not be possible (unidirectional). Security is defined in a multi-user setting against an adversary that gets the users’ public keys and can ask for re-encryption keys and can corrupt users by requesting their secret keys. Any ciphertext that the adversary cannot trivially decrypt given the obtained secret and re-encryption keys should be secure.\r\n\r\nAll existing security proofs for PRE only show selective security, where the adversary must first declare the users it wants to corrupt. This can be lifted to more meaningful adaptive security by guessing the set of corrupted users among the n users, which loses a factor exponential in Open image in new window , rendering the result meaningless already for moderate Open image in new window .\r\n\r\nJafargholi et al. (CRYPTO’17) proposed a framework that in some cases allows to give adaptive security proofs for schemes which were previously only known to be selectively secure, while avoiding the exponential loss that results from guessing the adaptive choices made by an adversary. We apply their framework to PREs that satisfy some natural additional properties. Concretely, we give a more fine-grained reduction for several unidirectional PREs, proving adaptive security at a much smaller loss. The loss depends on the graph of users whose edges represent the re-encryption keys queried by the adversary. For trees and chains the loss is quasi-polynomial in the size and for general graphs it is exponential in their depth and indegree (instead of their size as for previous reductions). Fortunately, trees and low-depth graphs cover many, if not most, interesting applications.\r\n\r\nOur results apply e.g. to the bilinear-map based PRE schemes by Ateniese et al. (NDSS’05 and CT-RSA’09), Gentry’s FHE-based scheme (STOC’09) and the LWE-based scheme by Chandran et al. (PKC’14)." alternative_title: - LNCS article_processing_charge: No author: - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Chethan full_name: Kamath Hosdurg, Chethan id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87 last_name: Kamath Hosdurg - first_name: Karen full_name: Klein, Karen id: 3E83A2F8-F248-11E8-B48F-1D18A9856A87 last_name: Klein - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 citation: ama: 'Fuchsbauer G, Kamath Hosdurg C, Klein K, Pietrzak KZ. Adaptively secure proxy re-encryption. In: Vol 11443. Springer Nature; 2019:317-346. doi:10.1007/978-3-030-17259-6_11' apa: 'Fuchsbauer, G., Kamath Hosdurg, C., Klein, K., & Pietrzak, K. Z. (2019). Adaptively secure proxy re-encryption (Vol. 11443, pp. 317–346). Presented at the PKC: Public-Key Cryptograhy, Beijing, China: Springer Nature. https://doi.org/10.1007/978-3-030-17259-6_11' chicago: Fuchsbauer, Georg, Chethan Kamath Hosdurg, Karen Klein, and Krzysztof Z Pietrzak. “Adaptively Secure Proxy Re-Encryption,” 11443:317–46. Springer Nature, 2019. https://doi.org/10.1007/978-3-030-17259-6_11. ieee: 'G. Fuchsbauer, C. Kamath Hosdurg, K. Klein, and K. Z. Pietrzak, “Adaptively secure proxy re-encryption,” presented at the PKC: Public-Key Cryptograhy, Beijing, China, 2019, vol. 11443, pp. 317–346.' ista: 'Fuchsbauer G, Kamath Hosdurg C, Klein K, Pietrzak KZ. 2019. Adaptively secure proxy re-encryption. PKC: Public-Key Cryptograhy, LNCS, vol. 11443, 317–346.' mla: Fuchsbauer, Georg, et al. Adaptively Secure Proxy Re-Encryption. Vol. 11443, Springer Nature, 2019, pp. 317–46, doi:10.1007/978-3-030-17259-6_11. short: G. Fuchsbauer, C. Kamath Hosdurg, K. Klein, K.Z. Pietrzak, in:, Springer Nature, 2019, pp. 317–346. conference: end_date: 2019-04-17 location: Beijing, China name: 'PKC: Public-Key Cryptograhy' start_date: 2019-04-14 date_created: 2019-05-13T08:13:46Z date_published: 2019-04-06T00:00:00Z date_updated: 2023-09-08T11:33:20Z day: '06' department: - _id: KrPi doi: 10.1007/978-3-030-17259-6_11 ec_funded: 1 intvolume: ' 11443' language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2018/426 month: '04' oa: 1 oa_version: Preprint page: 317-346 project: - _id: 258AA5B2-B435-11E9-9278-68D0E5697425 call_identifier: H2020 grant_number: '682815' name: Teaching Old Crypto New Tricks publication_identifier: eissn: - '16113349' isbn: - '9783030172589' issn: - '03029743' publication_status: published publisher: Springer Nature quality_controlled: '1' related_material: record: - id: '10035' relation: dissertation_contains status: public scopus_import: '1' status: public title: Adaptively secure proxy re-encryption type: conference user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1 volume: 11443 year: '2019' ... --- _id: '6941' abstract: - lang: eng text: "Bitcoin has become the most successful cryptocurrency ever deployed, and its most distinctive feature is that it is decentralized. Its underlying protocol (Nakamoto consensus) achieves this by using proof of work, which has the drawback that it causes the consumption of vast amounts of energy to maintain the ledger. Moreover, Bitcoin mining dynamics have become less distributed over time.\r\n\r\nTowards addressing these issues, we propose SpaceMint, a cryptocurrency based on proofs of space instead of proofs of work. Miners in SpaceMint dedicate disk space rather than computation. We argue that SpaceMint’s design solves or alleviates several of Bitcoin’s issues: most notably, its large energy consumption. SpaceMint also rewards smaller miners fairly according to their contribution to the network, thus incentivizing more distributed participation.\r\n\r\nThis paper adapts proof of space to enable its use in cryptocurrency, studies the attacks that can arise against a Bitcoin-like blockchain that uses proof of space, and proposes a new blockchain format and transaction types to address these attacks. Our prototype shows that initializing 1 TB for mining takes about a day (a one-off setup cost), and miners spend on average just a fraction of a second per block mined. Finally, we provide a game-theoretic analysis modeling SpaceMint as an extensive game (the canonical game-theoretic notion for games that take place over time) and show that this stylized game satisfies a strong equilibrium notion, thereby arguing for SpaceMint ’s stability and consensus." alternative_title: - LNCS article_processing_charge: No author: - first_name: Sunoo full_name: Park, Sunoo last_name: Park - first_name: Albert full_name: Kwon, Albert last_name: Kwon - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Peter full_name: Gazi, Peter id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87 last_name: Gazi - first_name: Joel F full_name: Alwen, Joel F id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87 last_name: Alwen - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 citation: ama: 'Park S, Kwon A, Fuchsbauer G, Gazi P, Alwen JF, Pietrzak KZ. SpaceMint: A cryptocurrency based on proofs of space. In: 22nd International Conference on Financial Cryptography and Data Security. Vol 10957. Springer Nature; 2018:480-499. doi:10.1007/978-3-662-58387-6_26' apa: 'Park, S., Kwon, A., Fuchsbauer, G., Gazi, P., Alwen, J. F., & Pietrzak, K. Z. (2018). SpaceMint: A cryptocurrency based on proofs of space. In 22nd International Conference on Financial Cryptography and Data Security (Vol. 10957, pp. 480–499). Nieuwpoort, Curacao: Springer Nature. https://doi.org/10.1007/978-3-662-58387-6_26' chicago: 'Park, Sunoo, Albert Kwon, Georg Fuchsbauer, Peter Gazi, Joel F Alwen, and Krzysztof Z Pietrzak. “SpaceMint: A Cryptocurrency Based on Proofs of Space.” In 22nd International Conference on Financial Cryptography and Data Security, 10957:480–99. Springer Nature, 2018. https://doi.org/10.1007/978-3-662-58387-6_26.' ieee: 'S. Park, A. Kwon, G. Fuchsbauer, P. Gazi, J. F. Alwen, and K. Z. Pietrzak, “SpaceMint: A cryptocurrency based on proofs of space,” in 22nd International Conference on Financial Cryptography and Data Security, Nieuwpoort, Curacao, 2018, vol. 10957, pp. 480–499.' ista: 'Park S, Kwon A, Fuchsbauer G, Gazi P, Alwen JF, Pietrzak KZ. 2018. SpaceMint: A cryptocurrency based on proofs of space. 22nd International Conference on Financial Cryptography and Data Security. FC: Financial Cryptography and Data Security, LNCS, vol. 10957, 480–499.' mla: 'Park, Sunoo, et al. “SpaceMint: A Cryptocurrency Based on Proofs of Space.” 22nd International Conference on Financial Cryptography and Data Security, vol. 10957, Springer Nature, 2018, pp. 480–99, doi:10.1007/978-3-662-58387-6_26.' short: S. Park, A. Kwon, G. Fuchsbauer, P. Gazi, J.F. Alwen, K.Z. Pietrzak, in:, 22nd International Conference on Financial Cryptography and Data Security, Springer Nature, 2018, pp. 480–499. conference: end_date: 2018-03-02 location: Nieuwpoort, Curacao name: 'FC: Financial Cryptography and Data Security' start_date: 2018-02-26 date_created: 2019-10-14T06:35:38Z date_published: 2018-12-07T00:00:00Z date_updated: 2023-09-19T15:02:13Z day: '07' department: - _id: KrPi doi: 10.1007/978-3-662-58387-6_26 ec_funded: 1 external_id: isi: - '000540656400026' intvolume: ' 10957' isi: 1 language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2015/528 month: '12' oa: 1 oa_version: Submitted Version page: 480-499 project: - _id: 258AA5B2-B435-11E9-9278-68D0E5697425 call_identifier: H2020 grant_number: '682815' name: Teaching Old Crypto New Tricks publication: 22nd International Conference on Financial Cryptography and Data Security publication_identifier: eissn: - 1611-3349 isbn: - '9783662583869' - '9783662583876' issn: - 0302-9743 publication_status: published publisher: Springer Nature quality_controlled: '1' scopus_import: '1' status: public title: 'SpaceMint: A cryptocurrency based on proofs of space' type: conference user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1 volume: 10957 year: '2018' ... --- _id: '1233' abstract: - lang: eng text: About three decades ago it was realized that implementing private channels between parties which can be adaptively corrupted requires an encryption scheme that is secure against selective opening attacks. Whether standard (IND-CPA) security implies security against selective opening attacks has been a major open question since. The only known reduction from selective opening to IND-CPA security loses an exponential factor. A polynomial reduction is only known for the very special case where the distribution considered in the selective opening security experiment is a product distribution, i.e., the messages are sampled independently from each other. In this paper we give a reduction whose loss is quantified via the dependence graph (where message dependencies correspond to edges) of the underlying message distribution. In particular, for some concrete distributions including Markov distributions, our reduction is polynomial. acknowledgement: G. Fuchsbauer and K. Pietrzak are supported by the European Research Council, ERC Starting Grant (259668-PSPC). F. Heuer is funded by a Sofja Kovalevskaja Award of the Alexander von Humboldt Foundation and DFG SPP 1736, Algorithms for BIG DATA. E. Kiltz is supported by a Sofja Kovalevskaja Award of the Alexander von Humboldt Foundation, the German Israel Foundation, and ERC Project ERCC (FP7/615074). alternative_title: - LNCS author: - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Felix full_name: Heuer, Felix last_name: Heuer - first_name: Eike full_name: Kiltz, Eike last_name: Kiltz - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 citation: ama: 'Fuchsbauer G, Heuer F, Kiltz E, Pietrzak KZ. Standard security does imply security against selective opening for markov distributions. In: Vol 9562. Springer; 2016:282-305. doi:10.1007/978-3-662-49096-9_12' apa: 'Fuchsbauer, G., Heuer, F., Kiltz, E., & Pietrzak, K. Z. (2016). Standard security does imply security against selective opening for markov distributions (Vol. 9562, pp. 282–305). Presented at the TCC: Theory of Cryptography Conference, Tel Aviv, Israel: Springer. https://doi.org/10.1007/978-3-662-49096-9_12' chicago: Fuchsbauer, Georg, Felix Heuer, Eike Kiltz, and Krzysztof Z Pietrzak. “Standard Security Does Imply Security against Selective Opening for Markov Distributions,” 9562:282–305. Springer, 2016. https://doi.org/10.1007/978-3-662-49096-9_12. ieee: 'G. Fuchsbauer, F. Heuer, E. Kiltz, and K. Z. Pietrzak, “Standard security does imply security against selective opening for markov distributions,” presented at the TCC: Theory of Cryptography Conference, Tel Aviv, Israel, 2016, vol. 9562, pp. 282–305.' ista: 'Fuchsbauer G, Heuer F, Kiltz E, Pietrzak KZ. 2016. Standard security does imply security against selective opening for markov distributions. TCC: Theory of Cryptography Conference, LNCS, vol. 9562, 282–305.' mla: Fuchsbauer, Georg, et al. Standard Security Does Imply Security against Selective Opening for Markov Distributions. Vol. 9562, Springer, 2016, pp. 282–305, doi:10.1007/978-3-662-49096-9_12. short: G. Fuchsbauer, F. Heuer, E. Kiltz, K.Z. Pietrzak, in:, Springer, 2016, pp. 282–305. conference: end_date: 2016-01-13 location: Tel Aviv, Israel name: 'TCC: Theory of Cryptography Conference' start_date: 2016-01-10 date_created: 2018-12-11T11:50:51Z date_published: 2016-01-01T00:00:00Z date_updated: 2021-01-12T06:49:16Z day: '01' department: - _id: KrPi doi: 10.1007/978-3-662-49096-9_12 ec_funded: 1 intvolume: ' 9562' language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2015/853 month: '01' oa: 1 oa_version: Submitted Version page: 282 - 305 project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography publication_status: published publisher: Springer publist_id: '6100' quality_controlled: '1' scopus_import: 1 status: public title: Standard security does imply security against selective opening for markov distributions type: conference user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87 volume: 9562 year: '2016' ... --- _id: '1592' abstract: - lang: eng text: A modular approach to constructing cryptographic protocols leads to simple designs but often inefficient instantiations. On the other hand, ad hoc constructions may yield efficient protocols at the cost of losing conceptual simplicity. We suggest a new design paradigm, structure-preserving cryptography, that provides a way to construct modular protocols with reasonable efficiency while retaining conceptual simplicity. A cryptographic scheme over a bilinear group is called structure-preserving if its public inputs and outputs consist of elements from the bilinear groups and their consistency can be verified by evaluating pairing-product equations. As structure-preserving schemes smoothly interoperate with each other, they are useful as building blocks in modular design of cryptographic applications. This paper introduces structure-preserving commitment and signature schemes over bilinear groups with several desirable properties. The commitment schemes include homomorphic, trapdoor and length-reducing commitments to group elements, and the structure-preserving signature schemes are the first ones that yield constant-size signatures on multiple group elements. A structure-preserving signature scheme is called automorphic if the public keys lie in the message space, which cannot be achieved by compressing inputs via a cryptographic hash function, as this would destroy the mathematical structure we are trying to preserve. Automorphic signatures can be used for building certification chains underlying privacy-preserving protocols. Among a vast number of applications of structure-preserving protocols, we present an efficient round-optimal blind-signature scheme and a group signature scheme with an efficient and concurrently secure protocol for enrolling new members. acknowledgement: The authors would like to thank the anonymous reviewers of this paper. We also would like to express our appreciation to the program committee and the anonymous reviewers for CRYPTO 2010. The first author thanks Sherman S. M. Chow for his comment on group signatures in Sect. 7.1. author: - first_name: Masayuki full_name: Abe, Masayuki last_name: Abe - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Jens full_name: Groth, Jens last_name: Groth - first_name: Kristiyan full_name: Haralambiev, Kristiyan last_name: Haralambiev - first_name: Miyako full_name: Ohkubo, Miyako last_name: Ohkubo citation: ama: Abe M, Fuchsbauer G, Groth J, Haralambiev K, Ohkubo M. Structure preserving signatures and commitments to group elements. Journal of Cryptology. 2016;29(2):363-421. doi:10.1007/s00145-014-9196-7 apa: Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., & Ohkubo, M. (2016). Structure preserving signatures and commitments to group elements. Journal of Cryptology. Springer. https://doi.org/10.1007/s00145-014-9196-7 chicago: Abe, Masayuki, Georg Fuchsbauer, Jens Groth, Kristiyan Haralambiev, and Miyako Ohkubo. “Structure Preserving Signatures and Commitments to Group Elements.” Journal of Cryptology. Springer, 2016. https://doi.org/10.1007/s00145-014-9196-7. ieee: M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, and M. Ohkubo, “Structure preserving signatures and commitments to group elements,” Journal of Cryptology, vol. 29, no. 2. Springer, pp. 363–421, 2016. ista: Abe M, Fuchsbauer G, Groth J, Haralambiev K, Ohkubo M. 2016. Structure preserving signatures and commitments to group elements. Journal of Cryptology. 29(2), 363–421. mla: Abe, Masayuki, et al. “Structure Preserving Signatures and Commitments to Group Elements.” Journal of Cryptology, vol. 29, no. 2, Springer, 2016, pp. 363–421, doi:10.1007/s00145-014-9196-7. short: M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, M. Ohkubo, Journal of Cryptology 29 (2016) 363–421. date_created: 2018-12-11T11:52:54Z date_published: 2016-04-01T00:00:00Z date_updated: 2021-01-12T06:51:49Z day: '01' department: - _id: KrPi doi: 10.1007/s00145-014-9196-7 intvolume: ' 29' issue: '2' language: - iso: eng month: '04' oa_version: None page: 363 - 421 publication: Journal of Cryptology publication_status: published publisher: Springer publist_id: '5579' quality_controlled: '1' scopus_import: 1 status: public title: Structure preserving signatures and commitments to group elements type: journal_article user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87 volume: 29 year: '2016' ... --- _id: '1225' abstract: - lang: eng text: At Crypto 2015 Fuchsbauer, Hanser and Slamanig (FHS) presented the first standard-model construction of efficient roundoptimal blind signatures that does not require complexity leveraging. It is conceptually simple and builds on the primitive of structure-preserving signatures on equivalence classes (SPS-EQ). FHS prove the unforgeability of their scheme assuming EUF-CMA security of the SPS-EQ scheme and hardness of a version of the DH inversion problem. Blindness under adversarially chosen keys is proven under an interactive variant of the DDH assumption. We propose a variant of their scheme whose blindness can be proven under a non-interactive assumption, namely a variant of the bilinear DDH assumption. We moreover prove its unforgeability assuming only unforgeability of the underlying SPS-EQ but no additional assumptions as needed for the FHS scheme. alternative_title: - LNCS author: - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Christian full_name: Hanser, Christian last_name: Hanser - first_name: Chethan full_name: Kamath Hosdurg, Chethan id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87 last_name: Kamath Hosdurg - first_name: Daniel full_name: Slamanig, Daniel last_name: Slamanig citation: ama: 'Fuchsbauer G, Hanser C, Kamath Hosdurg C, Slamanig D. Practical round-optimal blind signatures in the standard model from weaker assumptions. In: Vol 9841. Springer; 2016:391-408. doi:10.1007/978-3-319-44618-9_21' apa: 'Fuchsbauer, G., Hanser, C., Kamath Hosdurg, C., & Slamanig, D. (2016). Practical round-optimal blind signatures in the standard model from weaker assumptions (Vol. 9841, pp. 391–408). Presented at the SCN: Security and Cryptography for Networks, Amalfi, Italy: Springer. https://doi.org/10.1007/978-3-319-44618-9_21' chicago: Fuchsbauer, Georg, Christian Hanser, Chethan Kamath Hosdurg, and Daniel Slamanig. “Practical Round-Optimal Blind Signatures in the Standard Model from Weaker Assumptions,” 9841:391–408. Springer, 2016. https://doi.org/10.1007/978-3-319-44618-9_21. ieee: 'G. Fuchsbauer, C. Hanser, C. Kamath Hosdurg, and D. Slamanig, “Practical round-optimal blind signatures in the standard model from weaker assumptions,” presented at the SCN: Security and Cryptography for Networks, Amalfi, Italy, 2016, vol. 9841, pp. 391–408.' ista: 'Fuchsbauer G, Hanser C, Kamath Hosdurg C, Slamanig D. 2016. Practical round-optimal blind signatures in the standard model from weaker assumptions. SCN: Security and Cryptography for Networks, LNCS, vol. 9841, 391–408.' mla: Fuchsbauer, Georg, et al. Practical Round-Optimal Blind Signatures in the Standard Model from Weaker Assumptions. Vol. 9841, Springer, 2016, pp. 391–408, doi:10.1007/978-3-319-44618-9_21. short: G. Fuchsbauer, C. Hanser, C. Kamath Hosdurg, D. Slamanig, in:, Springer, 2016, pp. 391–408. conference: end_date: 2016-09-02 location: Amalfi, Italy name: 'SCN: Security and Cryptography for Networks' start_date: 2016-08-31 date_created: 2018-12-11T11:50:49Z date_published: 2016-08-11T00:00:00Z date_updated: 2023-02-23T10:08:16Z day: '11' department: - _id: KrPi doi: 10.1007/978-3-319-44618-9_21 ec_funded: 1 intvolume: ' 9841' language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2016/662 month: '08' oa: 1 oa_version: Submitted Version page: 391 - 408 project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography - _id: 258AA5B2-B435-11E9-9278-68D0E5697425 call_identifier: H2020 grant_number: '682815' name: Teaching Old Crypto New Tricks publication_status: published publisher: Springer publist_id: '6109' quality_controlled: '1' related_material: record: - id: '1647' relation: earlier_version status: public scopus_import: 1 status: public title: Practical round-optimal blind signatures in the standard model from weaker assumptions type: conference user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87 volume: 9841 year: '2016' ... --- _id: '1229' abstract: - lang: eng text: Witness encryption (WE) was introduced by Garg et al. [GGSW13]. A WE scheme is defined for some NP language L and lets a sender encrypt messages relative to instances x. A ciphertext for x can be decrypted using w witnessing x ∈ L, but hides the message if x ∈ L. Garg et al. construct WE from multilinear maps and give another construction [GGH+13b] using indistinguishability obfuscation (iO) for circuits. Due to the reliance on such heavy tools, WE can cur- rently hardly be implemented on powerful hardware and will unlikely be realizable on constrained devices like smart cards any time soon. We construct a WE scheme where encryption is done by simply computing a Naor-Yung ciphertext (two CPA encryptions and a NIZK proof). To achieve this, our scheme has a setup phase, which outputs public parameters containing an obfuscated circuit (only required for decryption), two encryption keys and a common reference string (used for encryption). This setup need only be run once, and the parame- ters can be used for arbitrary many encryptions. Our scheme can also be turned into a functional WE scheme, where a message is encrypted w.r.t. a statement and a function f, and decryption with a witness w yields f (m, w). Our construction is inspired by the functional encryption scheme by Garg et al. and we prove (selective) security assuming iO and statistically simulation-sound NIZK. We give a construction of the latter in bilinear groups and combining it with ElGamal encryption, our ciphertexts are of size 1.3 kB at a 128-bit security level and can be computed on a smart card. acknowledgement: Research supported by the European Research Council, ERC starting grant (259668-PSPC) and ERC consolidator grant (682815 - TOCNeT). alternative_title: - LNCS author: - first_name: Hamza M full_name: Abusalah, Hamza M id: 40297222-F248-11E8-B48F-1D18A9856A87 last_name: Abusalah - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 citation: ama: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. Offline witness encryption. In: Vol 9696. Springer; 2016:285-303. doi:10.1007/978-3-319-39555-5_16' apa: 'Abusalah, H. M., Fuchsbauer, G., & Pietrzak, K. Z. (2016). Offline witness encryption (Vol. 9696, pp. 285–303). Presented at the ACNS: Applied Cryptography and Network Security, Guildford, UK: Springer. https://doi.org/10.1007/978-3-319-39555-5_16' chicago: Abusalah, Hamza M, Georg Fuchsbauer, and Krzysztof Z Pietrzak. “Offline Witness Encryption,” 9696:285–303. Springer, 2016. https://doi.org/10.1007/978-3-319-39555-5_16. ieee: 'H. M. Abusalah, G. Fuchsbauer, and K. Z. Pietrzak, “Offline witness encryption,” presented at the ACNS: Applied Cryptography and Network Security, Guildford, UK, 2016, vol. 9696, pp. 285–303.' ista: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. 2016. Offline witness encryption. ACNS: Applied Cryptography and Network Security, LNCS, vol. 9696, 285–303.' mla: Abusalah, Hamza M., et al. Offline Witness Encryption. Vol. 9696, Springer, 2016, pp. 285–303, doi:10.1007/978-3-319-39555-5_16. short: H.M. Abusalah, G. Fuchsbauer, K.Z. Pietrzak, in:, Springer, 2016, pp. 285–303. conference: end_date: 2016-06-22 location: Guildford, UK name: 'ACNS: Applied Cryptography and Network Security' start_date: 2016-06-19 date_created: 2018-12-11T11:50:50Z date_published: 2016-06-09T00:00:00Z date_updated: 2023-09-07T12:30:22Z day: '09' ddc: - '005' - '600' department: - _id: KrPi doi: 10.1007/978-3-319-39555-5_16 ec_funded: 1 file: - access_level: open_access checksum: 34fa9ce681da845a1ba945ba3dc57867 content_type: application/pdf creator: system date_created: 2018-12-12T10:17:20Z date_updated: 2020-07-14T12:44:39Z file_id: '5273' file_name: IST-2017-765-v1+1_838.pdf file_size: 515000 relation: main_file file_date_updated: 2020-07-14T12:44:39Z has_accepted_license: '1' intvolume: ' 9696' language: - iso: eng month: '06' oa: 1 oa_version: Submitted Version page: 285 - 303 project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography - _id: 258AA5B2-B435-11E9-9278-68D0E5697425 call_identifier: H2020 grant_number: '682815' name: Teaching Old Crypto New Tricks publication_status: published publisher: Springer publist_id: '6105' pubrep_id: '765' quality_controlled: '1' related_material: record: - id: '83' relation: dissertation_contains status: public scopus_import: 1 status: public title: Offline witness encryption type: conference user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87 volume: 9696 year: '2016' ... --- _id: '1236' abstract: - lang: eng text: 'A constrained pseudorandom function F: K × X → Y for a family T ⊆ 2X of subsets of X is a function where for any key k ∈ K and set S ∈ T one can efficiently compute a constrained key kS which allows to evaluate F (k, ·) on all inputs x ∈ S, while even given this key, the outputs on all inputs x ∉ S look random. At Asiacrypt’13 Boneh and Waters gave a construction which supports the most general set family so far. Its keys kc are defined for sets decided by boolean circuits C and enable evaluation of the PRF on any x ∈ X where C(x) = 1. In their construction the PRF input length and the size of the circuits C for which constrained keys can be computed must be fixed beforehand during key generation. We construct a constrained PRF that has an unbounded input length and whose constrained keys can be defined for any set recognized by a Turing machine. The only a priori bound we make is on the description size of the machines. We prove our construction secure assuming publiccoin differing-input obfuscation. As applications of our constrained PRF we build a broadcast encryption scheme where the number of potential receivers need not be fixed at setup (in particular, the length of the keys is independent of the number of parties) and the first identity-based non-interactive key exchange protocol with no bound on the number of parties that can agree on a shared key.' acknowledgement: Supported by the European Research Council, ERC Starting Grant (259668-PSPC). alternative_title: - LNCS author: - first_name: Hamza M full_name: Abusalah, Hamza M id: 40297222-F248-11E8-B48F-1D18A9856A87 last_name: Abusalah - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 citation: ama: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. Constrained PRFs for unbounded inputs. In: Vol 9610. Springer; 2016:413-428. doi:10.1007/978-3-319-29485-8_24' apa: 'Abusalah, H. M., Fuchsbauer, G., & Pietrzak, K. Z. (2016). Constrained PRFs for unbounded inputs (Vol. 9610, pp. 413–428). Presented at the CT-RSA: Topics in Cryptology, San Francisco, CA, USA: Springer. https://doi.org/10.1007/978-3-319-29485-8_24' chicago: Abusalah, Hamza M, Georg Fuchsbauer, and Krzysztof Z Pietrzak. “Constrained PRFs for Unbounded Inputs,” 9610:413–28. Springer, 2016. https://doi.org/10.1007/978-3-319-29485-8_24. ieee: 'H. M. Abusalah, G. Fuchsbauer, and K. Z. Pietrzak, “Constrained PRFs for unbounded inputs,” presented at the CT-RSA: Topics in Cryptology, San Francisco, CA, USA, 2016, vol. 9610, pp. 413–428.' ista: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. 2016. Constrained PRFs for unbounded inputs. CT-RSA: Topics in Cryptology, LNCS, vol. 9610, 413–428.' mla: Abusalah, Hamza M., et al. Constrained PRFs for Unbounded Inputs. Vol. 9610, Springer, 2016, pp. 413–28, doi:10.1007/978-3-319-29485-8_24. short: H.M. Abusalah, G. Fuchsbauer, K.Z. Pietrzak, in:, Springer, 2016, pp. 413–428. conference: end_date: 2016-03-04 location: San Francisco, CA, USA name: 'CT-RSA: Topics in Cryptology' start_date: 2016-02-29 date_created: 2018-12-11T11:50:52Z date_published: 2016-02-02T00:00:00Z date_updated: 2023-09-07T12:30:22Z day: '02' ddc: - '005' - '600' department: - _id: KrPi doi: 10.1007/978-3-319-29485-8_24 ec_funded: 1 file: - access_level: open_access checksum: 3851cee49933ae13b1272e516f213e13 content_type: application/pdf creator: system date_created: 2018-12-12T10:08:05Z date_updated: 2020-07-14T12:44:41Z file_id: '4664' file_name: IST-2017-764-v1+1_279.pdf file_size: 495176 relation: main_file file_date_updated: 2020-07-14T12:44:41Z has_accepted_license: '1' intvolume: ' 9610' language: - iso: eng month: '02' oa: 1 oa_version: Submitted Version page: 413 - 428 project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography publication_status: published publisher: Springer publist_id: '6097' pubrep_id: '764' quality_controlled: '1' related_material: record: - id: '83' relation: dissertation_contains status: public scopus_import: 1 status: public title: Constrained PRFs for unbounded inputs type: conference user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87 volume: 9610 year: '2016' ... --- _id: '1235' abstract: - lang: eng text: 'A constrained pseudorandom function (CPRF) F: K×X → Y for a family T of subsets of χ is a function where for any key k ∈ K and set S ∈ T one can efficiently compute a short constrained key kS, which allows to evaluate F(k, ·) on all inputs x ∈ S, while the outputs on all inputs x /∈ S look random even given kS. Abusalah et al. recently constructed the first constrained PRF for inputs of arbitrary length whose sets S are decided by Turing machines. They use their CPRF to build broadcast encryption and the first ID-based non-interactive key exchange for an unbounded number of users. Their constrained keys are obfuscated circuits and are therefore large. In this work we drastically reduce the key size and define a constrained key for a Turing machine M as a short signature on M. For this, we introduce a new signature primitive with constrained signing keys that let one only sign certain messages, while forging a signature on others is hard even when knowing the coins for key generation.' acknowledgement: H. Abusalah—Research supported by the European Research Council, ERC starting grant (259668-PSPC) and ERC consolidator grant (682815 - TOCNeT). alternative_title: - LNCS author: - first_name: Hamza M full_name: Abusalah, Hamza M id: 40297222-F248-11E8-B48F-1D18A9856A87 last_name: Abusalah - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer citation: ama: 'Abusalah HM, Fuchsbauer G. Constrained PRFs for unbounded inputs with short keys. In: Vol 9696. Springer; 2016:445-463. doi:10.1007/978-3-319-39555-5_24' apa: 'Abusalah, H. M., & Fuchsbauer, G. (2016). Constrained PRFs for unbounded inputs with short keys (Vol. 9696, pp. 445–463). Presented at the ACNS: Applied Cryptography and Network Security, Guildford, UK: Springer. https://doi.org/10.1007/978-3-319-39555-5_24' chicago: Abusalah, Hamza M, and Georg Fuchsbauer. “Constrained PRFs for Unbounded Inputs with Short Keys,” 9696:445–63. Springer, 2016. https://doi.org/10.1007/978-3-319-39555-5_24. ieee: 'H. M. Abusalah and G. Fuchsbauer, “Constrained PRFs for unbounded inputs with short keys,” presented at the ACNS: Applied Cryptography and Network Security, Guildford, UK, 2016, vol. 9696, pp. 445–463.' ista: 'Abusalah HM, Fuchsbauer G. 2016. Constrained PRFs for unbounded inputs with short keys. ACNS: Applied Cryptography and Network Security, LNCS, vol. 9696, 445–463.' mla: Abusalah, Hamza M., and Georg Fuchsbauer. Constrained PRFs for Unbounded Inputs with Short Keys. Vol. 9696, Springer, 2016, pp. 445–63, doi:10.1007/978-3-319-39555-5_24. short: H.M. Abusalah, G. Fuchsbauer, in:, Springer, 2016, pp. 445–463. conference: end_date: 2016-06-22 location: Guildford, UK name: 'ACNS: Applied Cryptography and Network Security' start_date: 2016-06-19 date_created: 2018-12-11T11:50:52Z date_published: 2016-01-01T00:00:00Z date_updated: 2023-09-07T12:30:22Z day: '01' department: - _id: KrPi doi: 10.1007/978-3-319-39555-5_24 ec_funded: 1 intvolume: ' 9696' language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2016/279.pdf month: '01' oa: 1 oa_version: Submitted Version page: 445 - 463 project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography - _id: 258AA5B2-B435-11E9-9278-68D0E5697425 call_identifier: H2020 grant_number: '682815' name: Teaching Old Crypto New Tricks publication_status: published publisher: Springer publist_id: '6098' quality_controlled: '1' related_material: record: - id: '83' relation: dissertation_contains status: public scopus_import: 1 status: public title: Constrained PRFs for unbounded inputs with short keys type: conference user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87 volume: 9696 year: '2016' ... --- _id: '1474' abstract: - lang: eng text: Cryptographic access control offers selective access to encrypted data via a combination of key management and functionality-rich cryptographic schemes, such as attribute-based encryption. Using this approach, publicly available meta-data may inadvertently leak information on the access policy that is enforced by cryptography, which renders cryptographic access control unusable in settings where this information is highly sensitive. We begin to address this problem by presenting rigorous definitions for policy privacy in cryptographic access control. For concreteness we set our results in the model of Role-Based Access Control (RBAC), where we identify and formalize several different flavors of privacy, however, our framework should serve as inspiration for other models of access control. Based on our insights we propose a new system which significantly improves on the privacy properties of state-of-the-art constructions. Our design is based on a novel type of privacy-preserving attribute-based encryption, which we introduce and show how to instantiate. We present our results in the context of a cryptographic RBAC system by Ferrara et al. (CSF'13), which uses cryptography to control read access to files, while write access is still delegated to trusted monitors. We give an extension of the construction that permits cryptographic control over write access. Our construction assumes that key management uses out-of-band channels between the policy enforcer and the users but eliminates completely the need for monitoring read/write access to the data. article_processing_charge: No author: - first_name: Anna full_name: Ferrara, Anna last_name: Ferrara - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Bin full_name: Liu, Bin last_name: Liu - first_name: Bogdan full_name: Warinschi, Bogdan last_name: Warinschi citation: ama: 'Ferrara A, Fuchsbauer G, Liu B, Warinschi B. Policy privacy in cryptographic access control. In: IEEE; 2015:46-60. doi:10.1109/CSF.2015.11' apa: 'Ferrara, A., Fuchsbauer, G., Liu, B., & Warinschi, B. (2015). Policy privacy in cryptographic access control (pp. 46–60). Presented at the CSF: Computer Security Foundations, Verona, Italy: IEEE. https://doi.org/10.1109/CSF.2015.11' chicago: Ferrara, Anna, Georg Fuchsbauer, Bin Liu, and Bogdan Warinschi. “Policy Privacy in Cryptographic Access Control,” 46–60. IEEE, 2015. https://doi.org/10.1109/CSF.2015.11. ieee: 'A. Ferrara, G. Fuchsbauer, B. Liu, and B. Warinschi, “Policy privacy in cryptographic access control,” presented at the CSF: Computer Security Foundations, Verona, Italy, 2015, pp. 46–60.' ista: 'Ferrara A, Fuchsbauer G, Liu B, Warinschi B. 2015. Policy privacy in cryptographic access control. CSF: Computer Security Foundations, 46–60.' mla: Ferrara, Anna, et al. Policy Privacy in Cryptographic Access Control. IEEE, 2015, pp. 46–60, doi:10.1109/CSF.2015.11. short: A. Ferrara, G. Fuchsbauer, B. Liu, B. Warinschi, in:, IEEE, 2015, pp. 46–60. conference: end_date: 2015-07-17 location: Verona, Italy name: 'CSF: Computer Security Foundations' start_date: 2015-07-13 date_created: 2018-12-11T11:52:14Z date_published: 2015-09-04T00:00:00Z date_updated: 2021-01-12T06:50:59Z day: '04' department: - _id: KrPi doi: 10.1109/CSF.2015.11 ec_funded: 1 language: - iso: eng main_file_link: - open_access: '1' url: http://epubs.surrey.ac.uk/808055/ month: '09' oa: 1 oa_version: Submitted Version page: 46-60 project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography publication_status: published publisher: IEEE publist_id: '5722' quality_controlled: '1' status: public title: Policy privacy in cryptographic access control type: conference user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87 year: '2015' ... --- _id: '1646' abstract: - lang: eng text: 'A pseudorandom function (PRF) is a keyed function F : K × X → Y where, for a random key k ∈ K, the function F(k, ·) is indistinguishable from a uniformly random function, given black-box access. A key-homomorphic PRF has the additional feature that for any keys k, k'' and any input x, we have F(k+k'', x) = F(k, x)⊕F(k'', x) for some group operations +,⊕ on K and Y, respectively. A constrained PRF for a family of setsS ⊆ P(X) has the property that, given any key k and set S ∈ S, one can efficiently compute a “constrained” key kS that enables evaluation of F(k, x) on all inputs x ∈ S, while the values F(k, x) for x /∈ S remain pseudorandom even given kS. In this paper we construct PRFs that are simultaneously constrained and key homomorphic, where the homomorphic property holds even for constrained keys. We first show that the multilinear map-based bit-fixing and circuit-constrained PRFs of Boneh and Waters (Asiacrypt 2013) can be modified to also be keyhomomorphic. We then show that the LWE-based key-homomorphic PRFs of Banerjee and Peikert (Crypto 2014) are essentially already prefix-constrained PRFs, using a (non-obvious) definition of constrained keys and associated group operation. Moreover, the constrained keys themselves are pseudorandom, and the constraining and evaluation functions can all be computed in low depth. As an application of key-homomorphic constrained PRFs,we construct a proxy re-encryption schemewith fine-grained access control. This scheme allows storing encrypted data on an untrusted server, where each file can be encrypted relative to some attributes, so that only parties whose constrained keys match the attributes can decrypt. Moreover, the server can re-key (arbitrary subsets of) the ciphertexts without learning anything about the plaintexts, thus permitting efficient and finegrained revocation.' alternative_title: - LNCS article_processing_charge: No author: - first_name: Abishek full_name: Banerjee, Abishek last_name: Banerjee - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Chris full_name: Peikert, Chris last_name: Peikert - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 - first_name: Sophie full_name: Stevens, Sophie last_name: Stevens citation: ama: 'Banerjee A, Fuchsbauer G, Peikert C, Pietrzak KZ, Stevens S. Key-homomorphic constrained pseudorandom functions. In: 12th Theory of Cryptography Conference. Vol 9015. Springer Nature; 2015:31-60. doi:10.1007/978-3-662-46497-7_2' apa: 'Banerjee, A., Fuchsbauer, G., Peikert, C., Pietrzak, K. Z., & Stevens, S. (2015). Key-homomorphic constrained pseudorandom functions. In 12th Theory of Cryptography Conference (Vol. 9015, pp. 31–60). Warsaw, Poland: Springer Nature. https://doi.org/10.1007/978-3-662-46497-7_2' chicago: Banerjee, Abishek, Georg Fuchsbauer, Chris Peikert, Krzysztof Z Pietrzak, and Sophie Stevens. “Key-Homomorphic Constrained Pseudorandom Functions.” In 12th Theory of Cryptography Conference, 9015:31–60. Springer Nature, 2015. https://doi.org/10.1007/978-3-662-46497-7_2. ieee: A. Banerjee, G. Fuchsbauer, C. Peikert, K. Z. Pietrzak, and S. Stevens, “Key-homomorphic constrained pseudorandom functions,” in 12th Theory of Cryptography Conference, Warsaw, Poland, 2015, vol. 9015, pp. 31–60. ista: 'Banerjee A, Fuchsbauer G, Peikert C, Pietrzak KZ, Stevens S. 2015. Key-homomorphic constrained pseudorandom functions. 12th Theory of Cryptography Conference. TCC: Theory of Cryptography Conference, LNCS, vol. 9015, 31–60.' mla: Banerjee, Abishek, et al. “Key-Homomorphic Constrained Pseudorandom Functions.” 12th Theory of Cryptography Conference, vol. 9015, Springer Nature, 2015, pp. 31–60, doi:10.1007/978-3-662-46497-7_2. short: A. Banerjee, G. Fuchsbauer, C. Peikert, K.Z. Pietrzak, S. Stevens, in:, 12th Theory of Cryptography Conference, Springer Nature, 2015, pp. 31–60. conference: end_date: 2015-03-25 location: Warsaw, Poland name: 'TCC: Theory of Cryptography Conference' start_date: 2015-03-23 date_created: 2018-12-11T11:53:14Z date_published: 2015-03-01T00:00:00Z date_updated: 2022-02-03T08:41:46Z day: '01' ddc: - '000' - '004' department: - _id: KrPi doi: 10.1007/978-3-662-46497-7_2 ec_funded: 1 file: - access_level: open_access checksum: 3c5093bda5783c89beaacabf1aa0e60e content_type: application/pdf creator: system date_created: 2018-12-12T10:15:17Z date_updated: 2020-07-14T12:45:08Z file_id: '5136' file_name: IST-2016-679-v1+1_180.pdf file_size: 450665 relation: main_file file_date_updated: 2020-07-14T12:45:08Z has_accepted_license: '1' intvolume: ' 9015' language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2015/180 month: '03' oa: 1 oa_version: Submitted Version page: 31 - 60 project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography publication: 12th Theory of Cryptography Conference publication_identifier: isbn: - 978-3-662-46496-0 publication_status: published publisher: Springer Nature publist_id: '5505' pubrep_id: '679' quality_controlled: '1' scopus_import: '1' status: public title: Key-homomorphic constrained pseudorandom functions type: conference user_id: 8b945eb4-e2f2-11eb-945a-df72226e66a9 volume: 9015 year: '2015' ... --- _id: '1648' abstract: - lang: eng text: Generalized Selective Decryption (GSD), introduced by Panjwani [TCC’07], is a game for a symmetric encryption scheme Enc that captures the difficulty of proving adaptive security of certain protocols, most notably the Logical Key Hierarchy (LKH) multicast encryption protocol. In the GSD game there are n keys k1,..., kn, which the adversary may adaptively corrupt (learn); moreover, it can ask for encryptions Encki (kj) of keys under other keys. The adversary’s task is to distinguish keys (which it cannot trivially compute) from random. Proving the hardness of GSD assuming only IND-CPA security of Enc is surprisingly hard. Using “complexity leveraging” loses a factor exponential in n, which makes the proof practically meaningless. We can think of the GSD game as building a graph on n vertices, where we add an edge i → j when the adversary asks for an encryption of kj under ki. If restricted to graphs of depth ℓ, Panjwani gave a reduction that loses only a factor exponential in ℓ (not n). To date, this is the only non-trivial result known for GSD. In this paper we give almost-polynomial reductions for large classes of graphs. Most importantly, we prove the security of the GSD game restricted to trees losing only a quasi-polynomial factor n3 log n+5. Trees are an important special case capturing real-world protocols like the LKH protocol. Our new bound improves upon Panjwani’s on some LKH variants proposed in the literature where the underlying tree is not balanced. Our proof builds on ideas from the “nested hybrids” technique recently introduced by Fuchsbauer et al. [Asiacrypt’14] for proving the adaptive security of constrained PRFs. alternative_title: - LNCS author: - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Zahra full_name: Jafargholi, Zahra last_name: Jafargholi - first_name: Krzysztof Z full_name: Pietrzak, Krzysztof Z id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 citation: ama: 'Fuchsbauer G, Jafargholi Z, Pietrzak KZ. A quasipolynomial reduction for generalized selective decryption on trees. In: Vol 9215. Springer; 2015:601-620. doi:10.1007/978-3-662-47989-6_29' apa: 'Fuchsbauer, G., Jafargholi, Z., & Pietrzak, K. Z. (2015). A quasipolynomial reduction for generalized selective decryption on trees (Vol. 9215, pp. 601–620). Presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA, USA: Springer. https://doi.org/10.1007/978-3-662-47989-6_29' chicago: Fuchsbauer, Georg, Zahra Jafargholi, and Krzysztof Z Pietrzak. “A Quasipolynomial Reduction for Generalized Selective Decryption on Trees,” 9215:601–20. Springer, 2015. https://doi.org/10.1007/978-3-662-47989-6_29. ieee: 'G. Fuchsbauer, Z. Jafargholi, and K. Z. Pietrzak, “A quasipolynomial reduction for generalized selective decryption on trees,” presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA, USA, 2015, vol. 9215, pp. 601–620.' ista: 'Fuchsbauer G, Jafargholi Z, Pietrzak KZ. 2015. A quasipolynomial reduction for generalized selective decryption on trees. CRYPTO: International Cryptology Conference, LNCS, vol. 9215, 601–620.' mla: Fuchsbauer, Georg, et al. A Quasipolynomial Reduction for Generalized Selective Decryption on Trees. Vol. 9215, Springer, 2015, pp. 601–20, doi:10.1007/978-3-662-47989-6_29. short: G. Fuchsbauer, Z. Jafargholi, K.Z. Pietrzak, in:, Springer, 2015, pp. 601–620. conference: end_date: 2015-08-20 location: Santa Barbara, CA, USA name: 'CRYPTO: International Cryptology Conference' start_date: 2015-08-16 date_created: 2018-12-11T11:53:14Z date_published: 2015-08-01T00:00:00Z date_updated: 2021-01-12T06:52:14Z day: '01' ddc: - '004' department: - _id: KrPi doi: 10.1007/978-3-662-47989-6_29 ec_funded: 1 file: - access_level: open_access checksum: 99b76b3263d5082554d0a9cbdeca3a22 content_type: application/pdf creator: system date_created: 2018-12-12T10:13:31Z date_updated: 2020-07-14T12:45:08Z file_id: '5015' file_name: IST-2016-674-v1+1_389.pdf file_size: 505618 relation: main_file file_date_updated: 2020-07-14T12:45:08Z has_accepted_license: '1' intvolume: ' 9215' language: - iso: eng license: https://creativecommons.org/licenses/by/4.0/ month: '08' oa: 1 oa_version: Submitted Version page: 601 - 620 project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography publication_status: published publisher: Springer publist_id: '5502' pubrep_id: '674' quality_controlled: '1' scopus_import: 1 status: public title: A quasipolynomial reduction for generalized selective decryption on trees tmp: image: /images/cc_by.png legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0) short: CC BY (4.0) type: conference user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87 volume: 9215 year: '2015' ... --- _id: '1647' abstract: - lang: eng text: Round-optimal blind signatures are notoriously hard to construct in the standard model, especially in the malicious-signer model, where blindness must hold under adversarially chosen keys. This is substantiated by several impossibility results. The only construction that can be termed theoretically efficient, by Garg and Gupta (Eurocrypt’14), requires complexity leveraging, inducing an exponential security loss. We present a construction of practically efficient round-optimal blind signatures in the standard model. It is conceptually simple and builds on the recent structure-preserving signatures on equivalence classes (SPSEQ) from Asiacrypt’14. While the traditional notion of blindness follows from standard assumptions, we prove blindness under adversarially chosen keys under an interactive variant of DDH. However, we neither require non-uniform assumptions nor complexity leveraging. We then show how to extend our construction to partially blind signatures and to blind signatures on message vectors, which yield a construction of one-show anonymous credentials à la “anonymous credentials light” (CCS’13) in the standard model. Furthermore, we give the first SPS-EQ construction under noninteractive assumptions and show how SPS-EQ schemes imply conventional structure-preserving signatures, which allows us to apply optimality results for the latter to SPS-EQ. alternative_title: - LNCS article_processing_charge: No author: - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Christian full_name: Hanser, Christian last_name: Hanser - first_name: Daniel full_name: Slamanig, Daniel last_name: Slamanig citation: ama: 'Fuchsbauer G, Hanser C, Slamanig D. Practical round-optimal blind signatures in the standard model. In: Vol 9216. Springer; 2015:233-253. doi:10.1007/978-3-662-48000-7_12' apa: 'Fuchsbauer, G., Hanser, C., & Slamanig, D. (2015). Practical round-optimal blind signatures in the standard model (Vol. 9216, pp. 233–253). Presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United States: Springer. https://doi.org/10.1007/978-3-662-48000-7_12' chicago: Fuchsbauer, Georg, Christian Hanser, and Daniel Slamanig. “Practical Round-Optimal Blind Signatures in the Standard Model,” 9216:233–53. Springer, 2015. https://doi.org/10.1007/978-3-662-48000-7_12. ieee: 'G. Fuchsbauer, C. Hanser, and D. Slamanig, “Practical round-optimal blind signatures in the standard model,” presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United States, 2015, vol. 9216, pp. 233–253.' ista: 'Fuchsbauer G, Hanser C, Slamanig D. 2015. Practical round-optimal blind signatures in the standard model. CRYPTO: International Cryptology Conference, LNCS, vol. 9216, 233–253.' mla: Fuchsbauer, Georg, et al. Practical Round-Optimal Blind Signatures in the Standard Model. Vol. 9216, Springer, 2015, pp. 233–53, doi:10.1007/978-3-662-48000-7_12. short: G. Fuchsbauer, C. Hanser, D. Slamanig, in:, Springer, 2015, pp. 233–253. conference: end_date: 2015-08-20 location: Santa Barbara, CA, United States name: 'CRYPTO: International Cryptology Conference' start_date: 2015-08-16 date_created: 2018-12-11T11:53:14Z date_published: 2015-08-01T00:00:00Z date_updated: 2023-02-21T16:44:51Z day: '01' department: - _id: KrPi doi: 10.1007/978-3-662-48000-7_12 ec_funded: 1 intvolume: ' 9216' language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2015/626.pdf month: '08' oa: 1 oa_version: Submitted Version page: 233 - 253 project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography publication_status: published publisher: Springer publist_id: '5503' quality_controlled: '1' related_material: record: - id: '1225' relation: later_version status: public scopus_import: 1 status: public title: Practical round-optimal blind signatures in the standard model type: conference user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87 volume: 9216 year: '2015' ... --- _id: '1651' abstract: - lang: eng text: Cryptographic e-cash allows off-line electronic transactions between a bank, users and merchants in a secure and anonymous fashion. A plethora of e-cash constructions has been proposed in the literature; however, these traditional e-cash schemes only allow coins to be transferred once between users and merchants. Ideally, we would like users to be able to transfer coins between each other multiple times before deposit, as happens with physical cash. “Transferable” e-cash schemes are the solution to this problem. Unfortunately, the currently proposed schemes are either completely impractical or do not achieve the desirable anonymity properties without compromises, such as assuming the existence of a trusted “judge” who can trace all coins and users in the system. This paper presents the first efficient and fully anonymous transferable e-cash scheme without any trusted third parties. We start by revising the security and anonymity properties of transferable e-cash to capture issues that were previously overlooked. For our construction we use the recently proposed malleable signatures by Chase et al. to allow the secure and anonymous transfer of coins, combined with a new efficient double-spending detection mechanism. Finally, we discuss an instantiation of our construction. acknowledgement: Work done as an intern in Microsoft Research Redmond and as a student at Brown University, where supported by NSF grant 0964379. Supported by the European Research Council, ERC Starting Grant (259668-PSPC). alternative_title: - LNCS article_processing_charge: No author: - first_name: Foteini full_name: Baldimtsi, Foteini last_name: Baldimtsi - first_name: Melissa full_name: Chase, Melissa last_name: Chase - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Markulf full_name: Kohlweiss, Markulf last_name: Kohlweiss citation: ama: 'Baldimtsi F, Chase M, Fuchsbauer G, Kohlweiss M. Anonymous transferable e-cash. In: Public-Key Cryptography - PKC 2015. Vol 9020. Springer; 2015:101-124. doi:10.1007/978-3-662-46447-2_5' apa: 'Baldimtsi, F., Chase, M., Fuchsbauer, G., & Kohlweiss, M. (2015). Anonymous transferable e-cash. In Public-Key Cryptography - PKC 2015 (Vol. 9020, pp. 101–124). Gaithersburg, MD, United States: Springer. https://doi.org/10.1007/978-3-662-46447-2_5' chicago: Baldimtsi, Foteini, Melissa Chase, Georg Fuchsbauer, and Markulf Kohlweiss. “Anonymous Transferable E-Cash.” In Public-Key Cryptography - PKC 2015, 9020:101–24. Springer, 2015. https://doi.org/10.1007/978-3-662-46447-2_5. ieee: F. Baldimtsi, M. Chase, G. Fuchsbauer, and M. Kohlweiss, “Anonymous transferable e-cash,” in Public-Key Cryptography - PKC 2015, Gaithersburg, MD, United States, 2015, vol. 9020, pp. 101–124. ista: 'Baldimtsi F, Chase M, Fuchsbauer G, Kohlweiss M. 2015. Anonymous transferable e-cash. Public-Key Cryptography - PKC 2015. PKC: Public Key Crypography, LNCS, vol. 9020, 101–124.' mla: Baldimtsi, Foteini, et al. “Anonymous Transferable E-Cash.” Public-Key Cryptography - PKC 2015, vol. 9020, Springer, 2015, pp. 101–24, doi:10.1007/978-3-662-46447-2_5. short: F. Baldimtsi, M. Chase, G. Fuchsbauer, M. Kohlweiss, in:, Public-Key Cryptography - PKC 2015, Springer, 2015, pp. 101–124. conference: end_date: 2015-04-01 location: Gaithersburg, MD, United States name: 'PKC: Public Key Crypography' start_date: 2015-03-30 date_created: 2018-12-11T11:53:15Z date_published: 2015-03-17T00:00:00Z date_updated: 2022-05-23T10:08:37Z day: '17' department: - _id: KrPi doi: 10.1007/978-3-662-46447-2_5 ec_funded: 1 intvolume: ' 9020' language: - iso: eng main_file_link: - open_access: '1' url: https://doi.org/10.1007/978-3-662-46447-2_5 month: '03' oa: 1 oa_version: Published Version page: 101 - 124 project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography publication: Public-Key Cryptography - PKC 2015 publication_identifier: isbn: - 978-3-662-46446-5 publication_status: published publisher: Springer publist_id: '5499' quality_controlled: '1' scopus_import: '1' status: public title: Anonymous transferable e-cash type: conference user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87 volume: 9020 year: '2015' ... --- _id: '1643' abstract: - lang: eng text: We extend the notion of verifiable random functions (VRF) to constrained VRFs, which generalize the concept of constrained pseudorandom functions, put forward by Boneh and Waters (Asiacrypt’13), and independently by Kiayias et al. (CCS’13) and Boyle et al. (PKC’14), who call them delegatable PRFs and functional PRFs, respectively. In a standard VRF the secret key sk allows one to evaluate a pseudorandom function at any point of its domain; in addition, it enables computation of a non-interactive proof that the function value was computed correctly. In a constrained VRF from the key sk one can derive constrained keys skS for subsets S of the domain, which allow computation of function values and proofs only at points in S. After formally defining constrained VRFs, we derive instantiations from the multilinear-maps-based constrained PRFs by Boneh and Waters, yielding a VRF with constrained keys for any set that can be decided by a polynomial-size circuit. Our VRFs have the same function values as the Boneh-Waters PRFs and are proved secure under the same hardness assumption, showing that verifiability comes at no cost. Constrained (functional) VRFs were stated as an open problem by Boyle et al. alternative_title: - LNCS author: - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer citation: ama: 'Fuchsbauer G. Constrained Verifiable Random Functions . In: Abdalla M, De Prisco R, eds. SCN 2014. Vol 8642. Springer; 2014:95-114. doi:10.1007/978-3-319-10879-7_7' apa: 'Fuchsbauer, G. (2014). Constrained Verifiable Random Functions . In M. Abdalla & R. De Prisco (Eds.), SCN 2014 (Vol. 8642, pp. 95–114). Amalfi, Italy: Springer. https://doi.org/10.1007/978-3-319-10879-7_7' chicago: Fuchsbauer, Georg. “Constrained Verifiable Random Functions .” In SCN 2014, edited by Michel Abdalla and Roberto De Prisco, 8642:95–114. Springer, 2014. https://doi.org/10.1007/978-3-319-10879-7_7. ieee: G. Fuchsbauer, “Constrained Verifiable Random Functions ,” in SCN 2014, Amalfi, Italy, 2014, vol. 8642, pp. 95–114. ista: 'Fuchsbauer G. 2014. Constrained Verifiable Random Functions . SCN 2014. SCN: Security and Cryptography for Networks, LNCS, vol. 8642, 95–114.' mla: Fuchsbauer, Georg. “Constrained Verifiable Random Functions .” SCN 2014, edited by Michel Abdalla and Roberto De Prisco, vol. 8642, Springer, 2014, pp. 95–114, doi:10.1007/978-3-319-10879-7_7. short: G. Fuchsbauer, in:, M. Abdalla, R. De Prisco (Eds.), SCN 2014, Springer, 2014, pp. 95–114. conference: end_date: 2014-09-05 location: Amalfi, Italy name: 'SCN: Security and Cryptography for Networks' start_date: 2014-09-03 date_created: 2018-12-11T11:53:13Z date_published: 2014-01-01T00:00:00Z date_updated: 2021-01-12T06:52:12Z day: '01' department: - _id: KrPi doi: 10.1007/978-3-319-10879-7_7 ec_funded: 1 editor: - first_name: Michel full_name: Abdalla, Michel last_name: Abdalla - first_name: Roberto full_name: De Prisco, Roberto last_name: De Prisco intvolume: ' 8642' language: - iso: eng main_file_link: - open_access: '1' url: http://eprint.iacr.org/2014/537 month: '01' oa: 1 oa_version: Submitted Version page: 95 - 114 project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography publication: SCN 2014 publication_status: published publisher: Springer publist_id: '5509' scopus_import: 1 status: public title: 'Constrained Verifiable Random Functions ' type: conference user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87 volume: 8642 year: '2014' ... --- _id: '1927' abstract: - lang: eng text: Constrained pseudorandom functions have recently been introduced independently by Boneh and Waters (Asiacrypt’13), Kiayias et al. (CCS’13), and Boyle et al. (PKC’14). In a standard pseudorandom function (PRF) a key k is used to evaluate the PRF on all inputs in the domain. Constrained PRFs additionally offer the functionality to delegate “constrained” keys kS which allow to evaluate the PRF only on a subset S of the domain. The three above-mentioned papers all show that the classical GGM construction (J.ACM’86) of a PRF from a pseudorandom generator (PRG) directly yields a constrained PRF where one can compute constrained keys to evaluate the PRF on all inputs with a given prefix. This constrained PRF has already found many interesting applications. Unfortunately, the existing security proofs only show selective security (by a reduction to the security of the underlying PRG). To achieve full security, one has to use complexity leveraging, which loses an exponential factor 2N in security, where N is the input length. The first contribution of this paper is a new reduction that only loses a quasipolynomial factor qlog N, where q is the number of adversarial queries. For this we develop a new proof technique which constructs a distinguisher by interleaving simple guessing steps and hybrid arguments a small number of times. This approach might be of interest also in other contexts where currently the only technique to achieve full security is complexity leveraging. Our second contribution is concerned with another constrained PRF, due to Boneh and Waters, which allows for constrained keys for the more general class of bit-fixing functions. Their security proof also suffers from a 2N loss, which we show is inherent. We construct a meta-reduction which shows that any “simple” reduction of full security from a noninteractive hardness assumption must incur an exponential security loss. acknowledgement: We are grateful to Mihir Bellare for his feedback on earlier versions of this paper. We are indebted to Vanishree Rao for her generous assistance in preparing this proceedings version. author: - first_name: Georg full_name: Georg Fuchsbauer id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Momchil full_name: Konstantinov, Momchil last_name: Konstantinov - first_name: Krzysztof Z full_name: Krzysztof Pietrzak id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87 last_name: Pietrzak orcid: 0000-0002-9139-1654 - first_name: Vanishree full_name: Rao, Vanishree last_name: Rao citation: ama: 'Fuchsbauer G, Konstantinov M, Pietrzak KZ, Rao V. Adaptive security of constrained PRFs. In: Vol 8874. Springer; 2014:173-192. doi:10.1145/2591796.2591825' apa: Fuchsbauer, G., Konstantinov, M., Pietrzak, K. Z., & Rao, V. (2014). Adaptive security of constrained PRFs (Vol. 8874, pp. 173–192). Presented at the Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer. https://doi.org/10.1145/2591796.2591825 chicago: Fuchsbauer, Georg, Momchil Konstantinov, Krzysztof Z Pietrzak, and Vanishree Rao. “Adaptive Security of Constrained PRFs,” 8874:173–92. Springer, 2014. https://doi.org/10.1145/2591796.2591825. ieee: G. Fuchsbauer, M. Konstantinov, K. Z. Pietrzak, and V. Rao, “Adaptive security of constrained PRFs,” presented at the Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2014, vol. 8874, pp. 173–192. ista: Fuchsbauer G, Konstantinov M, Pietrzak KZ, Rao V. 2014. Adaptive security of constrained PRFs. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) vol. 8874, 173–192. mla: Fuchsbauer, Georg, et al. Adaptive Security of Constrained PRFs. Vol. 8874, Springer, 2014, pp. 173–92, doi:10.1145/2591796.2591825. short: G. Fuchsbauer, M. Konstantinov, K.Z. Pietrzak, V. Rao, in:, Springer, 2014, pp. 173–192. conference: name: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) date_created: 2018-12-11T11:54:45Z date_published: 2014-01-01T00:00:00Z date_updated: 2021-01-12T06:54:08Z day: '01' doi: 10.1145/2591796.2591825 extern: 1 intvolume: ' 8874' main_file_link: - open_access: '1' url: http://eprint.iacr.org/2014/416 month: '01' oa: 1 page: 173 - 192 publication_status: published publisher: Springer publist_id: '5167' quality_controlled: 0 status: public title: Adaptive security of constrained PRFs type: conference volume: 8874 year: '2014' ... --- _id: '2045' abstract: - lang: eng text: 'We introduce and study a new notion of enhanced chosen-ciphertext security (ECCA) for public-key encryption. Loosely speaking, in the ECCA security experiment, the decryption oracle provided to the adversary is augmented to return not only the output of the decryption algorithm on a queried ciphertext but also of a randomness-recovery algorithm associated to the scheme. Our results mainly concern the case where the randomness-recovery algorithm is efficient. We provide constructions of ECCA-secure encryption from adaptive trapdoor functions as defined by Kiltz et al. (EUROCRYPT 2010), resulting in ECCA encryption from standard number-theoretic assumptions. We then give two applications of ECCA-secure encryption: (1) We use it as a unifying concept in showing equivalence of adaptive trapdoor functions and tag-based adaptive trapdoor functions, resolving an open question of Kiltz et al. (2) We show that ECCA-secure encryption can be used to securely realize an approach to public-key encryption with non-interactive opening (PKENO) originally suggested by Damgård and Thorbek (EUROCRYPT 2007), resulting in new and practical PKENO schemes quite different from those in prior work. Our results demonstrate that ECCA security is of both practical and theoretical interest.' acknowledgement: The second author was supported by EPSRC grant EP/H043454/1. alternative_title: - LNCS author: - first_name: Dana full_name: Dachman Soled, Dana last_name: Dachman Soled - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Payman full_name: Mohassel, Payman last_name: Mohassel - first_name: Adam full_name: O’Neill, Adam last_name: O’Neill citation: ama: 'Dachman Soled D, Fuchsbauer G, Mohassel P, O’Neill A. Enhanced chosen-ciphertext security and applications. In: Krawczyk H, ed. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol 8383. Springer; 2014:329-344. doi:10.1007/978-3-642-54631-0_19' apa: 'Dachman Soled, D., Fuchsbauer, G., Mohassel, P., & O’Neill, A. (2014). Enhanced chosen-ciphertext security and applications. In H. Krawczyk (Ed.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8383, pp. 329–344). Buenos Aires, Argentina: Springer. https://doi.org/10.1007/978-3-642-54631-0_19' chicago: Dachman Soled, Dana, Georg Fuchsbauer, Payman Mohassel, and Adam O’Neill. “Enhanced Chosen-Ciphertext Security and Applications.” In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), edited by Hugo Krawczyk, 8383:329–44. Springer, 2014. https://doi.org/10.1007/978-3-642-54631-0_19. ieee: D. Dachman Soled, G. Fuchsbauer, P. Mohassel, and A. O’Neill, “Enhanced chosen-ciphertext security and applications,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Buenos Aires, Argentina, 2014, vol. 8383, pp. 329–344. ista: 'Dachman Soled D, Fuchsbauer G, Mohassel P, O’Neill A. 2014. Enhanced chosen-ciphertext security and applications. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). PKC: Public Key Crypography, LNCS, vol. 8383, 329–344.' mla: Dachman Soled, Dana, et al. “Enhanced Chosen-Ciphertext Security and Applications.” Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), edited by Hugo Krawczyk, vol. 8383, Springer, 2014, pp. 329–44, doi:10.1007/978-3-642-54631-0_19. short: D. Dachman Soled, G. Fuchsbauer, P. Mohassel, A. O’Neill, in:, H. Krawczyk (Ed.), Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer, 2014, pp. 329–344. conference: end_date: 2014-03-28 location: Buenos Aires, Argentina name: 'PKC: Public Key Crypography' start_date: 2014-03-26 date_created: 2018-12-11T11:55:24Z date_published: 2014-01-01T00:00:00Z date_updated: 2021-01-12T06:54:57Z day: '01' department: - _id: KrPi doi: 10.1007/978-3-642-54631-0_19 ec_funded: 1 editor: - first_name: Hugo full_name: Krawczyk, Hugo last_name: Krawczyk intvolume: ' 8383' language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2012/543 month: '01' oa: 1 oa_version: Submitted Version page: 329 - 344 project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography publication: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) publication_status: published publisher: Springer publist_id: '5006' quality_controlled: '1' scopus_import: 1 status: public title: Enhanced chosen-ciphertext security and applications type: conference user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87 volume: 8383 year: '2014' ... --- _id: '2046' abstract: - lang: eng text: 'We introduce policy-based signatures (PBS), where a signer can only sign messages conforming to some authority-specified policy. The main requirements are unforgeability and privacy, the latter meaning that signatures not reveal the policy. PBS offers value along two fronts: (1) On the practical side, they allow a corporation to control what messages its employees can sign under the corporate key. (2) On the theoretical side, they unify existing work, capturing other forms of signatures as special cases or allowing them to be easily built. Our work focuses on definitions of PBS, proofs that this challenging primitive is realizable for arbitrary policies, efficient constructions for specific policies, and a few representative applications.' acknowledgement: Part of his work was done while at Bristol University, supported by EPSRC grant EP/H043454/1. alternative_title: - LNCS author: - first_name: Mihir full_name: Bellare, Mihir last_name: Bellare - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer citation: ama: 'Bellare M, Fuchsbauer G. Policy-based signatures. In: Krawczyk H, ed. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol 8383. Springer; 2014:520-537. doi:10.1007/978-3-642-54631-0_30' apa: 'Bellare, M., & Fuchsbauer, G. (2014). Policy-based signatures. In H. Krawczyk (Ed.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8383, pp. 520–537). Buenos Aires, Argentina: Springer. https://doi.org/10.1007/978-3-642-54631-0_30' chicago: Bellare, Mihir, and Georg Fuchsbauer. “Policy-Based Signatures.” In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), edited by Hugo Krawczyk, 8383:520–37. Springer, 2014. https://doi.org/10.1007/978-3-642-54631-0_30. ieee: M. Bellare and G. Fuchsbauer, “Policy-based signatures,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Buenos Aires, Argentina, 2014, vol. 8383, pp. 520–537. ista: 'Bellare M, Fuchsbauer G. 2014. Policy-based signatures. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). PKC: Public Key Crypography, LNCS, vol. 8383, 520–537.' mla: Bellare, Mihir, and Georg Fuchsbauer. “Policy-Based Signatures.” Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), edited by Hugo Krawczyk, vol. 8383, Springer, 2014, pp. 520–37, doi:10.1007/978-3-642-54631-0_30. short: M. Bellare, G. Fuchsbauer, in:, H. Krawczyk (Ed.), Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer, 2014, pp. 520–537. conference: end_date: 2014-05-28 location: Buenos Aires, Argentina name: 'PKC: Public Key Crypography' start_date: 2014-05-26 date_created: 2018-12-11T11:55:24Z date_published: 2014-01-01T00:00:00Z date_updated: 2021-01-12T06:54:57Z day: '01' department: - _id: KrPi doi: 10.1007/978-3-642-54631-0_30 ec_funded: 1 editor: - first_name: Hugo full_name: Krawczyk, Hugo last_name: Krawczyk intvolume: ' 8383' language: - iso: eng main_file_link: - open_access: '1' url: https://eprint.iacr.org/2013/413 month: '01' oa: 1 oa_version: Submitted Version page: 520 - 537 project: - _id: 258C570E-B435-11E9-9278-68D0E5697425 call_identifier: FP7 grant_number: '259668' name: Provable Security for Physical Cryptography publication: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) publication_status: published publisher: Springer publist_id: '5005' quality_controlled: '1' scopus_import: 1 status: public title: Policy-based signatures type: conference user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87 volume: 8383 year: '2014' ... --- _id: '2260' abstract: - lang: eng text: "Direct Anonymous Attestation (DAA) is one of the most complex cryptographic protocols deployed in practice. It allows an embedded secure processor known as a Trusted Platform Module (TPM) to attest to the configuration of its host computer without violating the owner’s privacy. DAA has been standardized by the Trusted Computing Group and ISO/IEC.\r\n\r\nThe security of the DAA standard and all existing schemes is analyzed in the random-oracle model. We provide the first constructions of DAA in the standard model, that is, without relying on random oracles. Our constructions use new building blocks, including the first efficient signatures of knowledge in the standard model, which have many applications beyond DAA.\r\n" alternative_title: - LNCS author: - first_name: David full_name: Bernhard, David last_name: Bernhard - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Essam full_name: Ghadafi, Essam last_name: Ghadafi citation: ama: Bernhard D, Fuchsbauer G, Ghadafi E. Efficient signatures of knowledge and DAA in the standard model. 2013;7954:518-533. doi:10.1007/978-3-642-38980-1_33 apa: 'Bernhard, D., Fuchsbauer, G., & Ghadafi, E. (2013). Efficient signatures of knowledge and DAA in the standard model. Presented at the ACNS: Applied Cryptography and Network Security, Banff, AB, Canada: Springer. https://doi.org/10.1007/978-3-642-38980-1_33' chicago: Bernhard, David, Georg Fuchsbauer, and Essam Ghadafi. “Efficient Signatures of Knowledge and DAA in the Standard Model.” Lecture Notes in Computer Science. Springer, 2013. https://doi.org/10.1007/978-3-642-38980-1_33. ieee: D. Bernhard, G. Fuchsbauer, and E. Ghadafi, “Efficient signatures of knowledge and DAA in the standard model,” vol. 7954. Springer, pp. 518–533, 2013. ista: Bernhard D, Fuchsbauer G, Ghadafi E. 2013. Efficient signatures of knowledge and DAA in the standard model. 7954, 518–533. mla: Bernhard, David, et al. Efficient Signatures of Knowledge and DAA in the Standard Model. Vol. 7954, Springer, 2013, pp. 518–33, doi:10.1007/978-3-642-38980-1_33. short: D. Bernhard, G. Fuchsbauer, E. Ghadafi, 7954 (2013) 518–533. conference: end_date: 2013-06-28 location: Banff, AB, Canada name: 'ACNS: Applied Cryptography and Network Security' start_date: 2013-06-25 date_created: 2018-12-11T11:56:37Z date_published: 2013-06-01T00:00:00Z date_updated: 2020-08-11T10:09:44Z day: '01' department: - _id: KrPi doi: 10.1007/978-3-642-38980-1_33 intvolume: ' 7954' language: - iso: eng main_file_link: - open_access: '1' url: http://eprint.iacr.org/2012/475 month: '06' oa: 1 oa_version: Submitted Version page: 518 - 533 publication_status: published publisher: Springer publist_id: '4686' quality_controlled: '1' scopus_import: 1 series_title: Lecture Notes in Computer Science status: public title: Efficient signatures of knowledge and DAA in the standard model type: conference user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87 volume: 7954 year: '2013' ... --- _id: '2291' abstract: - lang: eng text: "Cryptographic access control promises to offer easily distributed trust and broader applicability, while reducing reliance on low-level online monitors. Traditional implementations of cryptographic access control rely on simple cryptographic primitives whereas recent endeavors employ primitives with richer functionality and security guarantees. Worryingly, few of the existing cryptographic access-control schemes come with precise guarantees, the gap between the policy specification and the implementation being analyzed only informally, if at all. In this paper we begin addressing this shortcoming. Unlike prior work that targeted ad-hoc policy specification, we look at the well-established Role-Based Access Control (RBAC) model, as used in a typical file system. In short, we provide a precise syntax for a computational version of RBAC, offer rigorous definitions for cryptographic policy enforcement of a large class of RBAC security policies, and demonstrate that an implementation based on attribute-based encryption meets our security notions. We view our main contribution as being at the conceptual level. Although we work with RBAC for concreteness, our general methodology could guide future research for uses of cryptography in other access-control models. \r\n" author: - first_name: Anna full_name: Ferrara, Anna last_name: Ferrara - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: Bogdan full_name: Warinschi, Bogdan last_name: Warinschi citation: ama: 'Ferrara A, Fuchsbauer G, Warinschi B. Cryptographically enforced RBAC. In: IEEE; 2013:115-129. doi:10.1109/CSF.2013.15' apa: 'Ferrara, A., Fuchsbauer, G., & Warinschi, B. (2013). Cryptographically enforced RBAC (pp. 115–129). Presented at the CSF: Computer Security Foundations, New Orleans, LA, United States: IEEE. https://doi.org/10.1109/CSF.2013.15' chicago: Ferrara, Anna, Georg Fuchsbauer, and Bogdan Warinschi. “Cryptographically Enforced RBAC,” 115–29. IEEE, 2013. https://doi.org/10.1109/CSF.2013.15. ieee: 'A. Ferrara, G. Fuchsbauer, and B. Warinschi, “Cryptographically enforced RBAC,” presented at the CSF: Computer Security Foundations, New Orleans, LA, United States, 2013, pp. 115–129.' ista: 'Ferrara A, Fuchsbauer G, Warinschi B. 2013. Cryptographically enforced RBAC. CSF: Computer Security Foundations, 115–129.' mla: Ferrara, Anna, et al. Cryptographically Enforced RBAC. IEEE, 2013, pp. 115–29, doi:10.1109/CSF.2013.15. short: A. Ferrara, G. Fuchsbauer, B. Warinschi, in:, IEEE, 2013, pp. 115–129. conference: end_date: 2013-09-28 location: New Orleans, LA, United States name: 'CSF: Computer Security Foundations' start_date: 2013-09-26 date_created: 2018-12-11T11:56:48Z date_published: 2013-09-01T00:00:00Z date_updated: 2021-01-12T06:56:34Z day: '01' department: - _id: KrPi doi: 10.1109/CSF.2013.15 language: - iso: eng main_file_link: - open_access: '1' url: http://eprint.iacr.org/2013/492 month: '09' oa: 1 oa_version: Submitted Version page: 115 - 129 publication_status: published publisher: IEEE publist_id: '4637' quality_controlled: '1' scopus_import: 1 status: public title: Cryptographically enforced RBAC type: conference user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87 year: '2013' ... --- _id: '502' abstract: - lang: eng text: 'Blind signatures allow users to obtain signatures on messages hidden from the signer; moreover, the signer cannot link the resulting message/signature pair to the signing session. This paper presents blind signature schemes, in which the number of interactions between the user and the signer is minimal and whose blind signatures are short. Our schemes are defined over bilinear groups and are proved secure in the common-reference-string model without random oracles and under standard assumptions: CDH and the decision-linear assumption. (We also give variants over asymmetric groups based on similar assumptions.) The blind signatures are Waters signatures, which consist of 2 group elements. Moreover, we instantiate partially blind signatures, where the message consists of a part hidden from the signer and a commonly known public part, and schemes achieving perfect blindness. We propose new variants of blind signatures, such as signer-friendly partially blind signatures, where the public part can be chosen by the signer without prior agreement, 3-party blind signatures, as well as blind signatures on multiple aggregated messages provided by independent sources. We also extend Waters signatures to non-binary alphabets by proving a new result on the underlying hash function. ' author: - first_name: Olivier full_name: Blazy, Olivier last_name: Blazy - first_name: Georg full_name: Fuchsbauer, Georg id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87 last_name: Fuchsbauer - first_name: David full_name: Pointcheval, David last_name: Pointcheval - first_name: Damien full_name: Vergnaud, Damien last_name: Vergnaud citation: ama: Blazy O, Fuchsbauer G, Pointcheval D, Vergnaud D. Short blind signatures. Journal of Computer Security. 2013;21(5):627-661. doi:10.3233/JCS-130477 apa: Blazy, O., Fuchsbauer, G., Pointcheval, D., & Vergnaud, D. (2013). Short blind signatures. Journal of Computer Security. IOS Press. https://doi.org/10.3233/JCS-130477 chicago: Blazy, Olivier, Georg Fuchsbauer, David Pointcheval, and Damien Vergnaud. “Short Blind Signatures.” Journal of Computer Security. IOS Press, 2013. https://doi.org/10.3233/JCS-130477. ieee: O. Blazy, G. Fuchsbauer, D. Pointcheval, and D. Vergnaud, “Short blind signatures,” Journal of Computer Security, vol. 21, no. 5. IOS Press, pp. 627–661, 2013. ista: Blazy O, Fuchsbauer G, Pointcheval D, Vergnaud D. 2013. Short blind signatures. Journal of Computer Security. 21(5), 627–661. mla: Blazy, Olivier, et al. “Short Blind Signatures.” Journal of Computer Security, vol. 21, no. 5, IOS Press, 2013, pp. 627–61, doi:10.3233/JCS-130477. short: O. Blazy, G. Fuchsbauer, D. Pointcheval, D. Vergnaud, Journal of Computer Security 21 (2013) 627–661. date_created: 2018-12-11T11:46:50Z date_published: 2013-11-22T00:00:00Z date_updated: 2021-01-12T08:01:09Z day: '22' department: - _id: KrPi doi: 10.3233/JCS-130477 intvolume: ' 21' issue: '5' language: - iso: eng month: '11' oa_version: None page: 627 - 661 publication: Journal of Computer Security publication_status: published publisher: IOS Press publist_id: '7318' quality_controlled: '1' scopus_import: 1 status: public title: Short blind signatures type: journal_article user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87 volume: 21 year: '2013' ...