---
_id: '6430'
abstract:
- lang: eng
  text: "A proxy re-encryption (PRE) scheme is a public-key encryption scheme that
    allows the holder of a key pk to derive a re-encryption key for any other key
    \U0001D45D\U0001D458′. This re-encryption key lets anyone transform ciphertexts
    under pk into ciphertexts under \U0001D45D\U0001D458′ without having to know the
    underlying message, while transformations from \U0001D45D\U0001D458′ to pk should
    not be possible (unidirectional). Security is defined in a multi-user setting
    against an adversary that gets the users’ public keys and can ask for re-encryption
    keys and can corrupt users by requesting their secret keys. Any ciphertext that
    the adversary cannot trivially decrypt given the obtained secret and re-encryption
    keys should be secure.\r\n\r\nAll existing security proofs for PRE only show selective
    security, where the adversary must first declare the users it wants to corrupt.
    This can be lifted to more meaningful adaptive security by guessing the set of
    corrupted users among the n users, which loses a factor exponential in  Open image
    in new window , rendering the result meaningless already for moderate Open image
    in new window .\r\n\r\nJafargholi et al. (CRYPTO’17) proposed a framework that
    in some cases allows to give adaptive security proofs for schemes which were previously
    only known to be selectively secure, while avoiding the exponential loss that
    results from guessing the adaptive choices made by an adversary. We apply their
    framework to PREs that satisfy some natural additional properties. Concretely,
    we give a more fine-grained reduction for several unidirectional PREs, proving
    adaptive security at a much smaller loss. The loss depends on the graph of users
    whose edges represent the re-encryption keys queried by the adversary. For trees
    and chains the loss is quasi-polynomial in the size and for general graphs it
    is exponential in their depth and indegree (instead of their size as for previous
    reductions). Fortunately, trees and low-depth graphs cover many, if not most,
    interesting applications.\r\n\r\nOur results apply e.g. to the bilinear-map based
    PRE schemes by Ateniese et al. (NDSS’05 and CT-RSA’09), Gentry’s FHE-based scheme
    (STOC’09) and the LWE-based scheme by Chandran et al. (PKC’14)."
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Chethan
  full_name: Kamath Hosdurg, Chethan
  id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87
  last_name: Kamath Hosdurg
  orcid: 0009-0006-6812-7317
- first_name: Karen
  full_name: Klein, Karen
  id: 3E83A2F8-F248-11E8-B48F-1D18A9856A87
  last_name: Klein
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: 'Fuchsbauer G, Kamath Hosdurg C, Klein K, Pietrzak KZ. Adaptively secure proxy
    re-encryption. In: Vol 11443. Springer Nature; 2019:317-346. doi:<a href="https://doi.org/10.1007/978-3-030-17259-6_11">10.1007/978-3-030-17259-6_11</a>'
  apa: 'Fuchsbauer, G., Kamath Hosdurg, C., Klein, K., &#38; Pietrzak, K. Z. (2019).
    Adaptively secure proxy re-encryption (Vol. 11443, pp. 317–346). Presented at
    the PKC: Public-Key Cryptograhy, Beijing, China: Springer Nature. <a href="https://doi.org/10.1007/978-3-030-17259-6_11">https://doi.org/10.1007/978-3-030-17259-6_11</a>'
  chicago: Fuchsbauer, Georg, Chethan Kamath Hosdurg, Karen Klein, and Krzysztof Z
    Pietrzak. “Adaptively Secure Proxy Re-Encryption,” 11443:317–46. Springer Nature,
    2019. <a href="https://doi.org/10.1007/978-3-030-17259-6_11">https://doi.org/10.1007/978-3-030-17259-6_11</a>.
  ieee: 'G. Fuchsbauer, C. Kamath Hosdurg, K. Klein, and K. Z. Pietrzak, “Adaptively
    secure proxy re-encryption,” presented at the PKC: Public-Key Cryptograhy, Beijing,
    China, 2019, vol. 11443, pp. 317–346.'
  ista: 'Fuchsbauer G, Kamath Hosdurg C, Klein K, Pietrzak KZ. 2019. Adaptively secure
    proxy re-encryption. PKC: Public-Key Cryptograhy, LNCS, vol. 11443, 317–346.'
  mla: Fuchsbauer, Georg, et al. <i>Adaptively Secure Proxy Re-Encryption</i>. Vol.
    11443, Springer Nature, 2019, pp. 317–46, doi:<a href="https://doi.org/10.1007/978-3-030-17259-6_11">10.1007/978-3-030-17259-6_11</a>.
  short: G. Fuchsbauer, C. Kamath Hosdurg, K. Klein, K.Z. Pietrzak, in:, Springer
    Nature, 2019, pp. 317–346.
conference:
  end_date: 2019-04-17
  location: Beijing, China
  name: 'PKC: Public-Key Cryptograhy'
  start_date: 2019-04-14
date_created: 2019-05-13T08:13:46Z
date_published: 2019-04-06T00:00:00Z
date_updated: 2026-04-16T09:52:04Z
day: '06'
department:
- _id: KrPi
doi: 10.1007/978-3-030-17259-6_11
ec_funded: 1
external_id:
  isi:
  - '001299215500011'
intvolume: '     11443'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2018/426
month: '04'
oa: 1
oa_version: Preprint
page: 317-346
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '682815'
  name: Teaching Old Crypto New Tricks
publication_identifier:
  eissn:
  - 1611-3349
  isbn:
  - '9783030172589'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
related_material:
  record:
  - id: '10035'
    relation: dissertation_contains
    status: public
scopus_import: '1'
status: public
title: Adaptively secure proxy re-encryption
type: conference
user_id: ba8df636-2132-11f1-aed0-ed93e2281fdd
volume: 11443
year: '2019'
...
---
_id: '6941'
abstract:
- lang: eng
  text: "Bitcoin has become the most successful cryptocurrency ever deployed, and
    its most distinctive feature is that it is decentralized. Its underlying protocol
    (Nakamoto consensus) achieves this by using proof of work, which has the drawback
    that it causes the consumption of vast amounts of energy to maintain the ledger.
    Moreover, Bitcoin mining dynamics have become less distributed over time.\r\n\r\nTowards
    addressing these issues, we propose SpaceMint, a cryptocurrency based on proofs
    of space instead of proofs of work. Miners in SpaceMint dedicate disk space rather
    than computation. We argue that SpaceMint’s design solves or alleviates several
    of Bitcoin’s issues: most notably, its large energy consumption. SpaceMint also
    rewards smaller miners fairly according to their contribution to the network,
    thus incentivizing more distributed participation.\r\n\r\nThis paper adapts proof
    of space to enable its use in cryptocurrency, studies the attacks that can arise
    against a Bitcoin-like blockchain that uses proof of space, and proposes a new
    blockchain format and transaction types to address these attacks. Our prototype
    shows that initializing 1 TB for mining takes about a day (a one-off setup cost),
    and miners spend on average just a fraction of a second per block mined. Finally,
    we provide a game-theoretic analysis modeling SpaceMint as an extensive game (the
    canonical game-theoretic notion for games that take place over time) and show
    that this stylized game satisfies a strong equilibrium notion, thereby arguing
    for SpaceMint ’s stability and consensus."
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Sunoo
  full_name: Park, Sunoo
  last_name: Park
- first_name: Albert
  full_name: Kwon, Albert
  last_name: Kwon
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Peter
  full_name: Gazi, Peter
  id: 3E0BFE38-F248-11E8-B48F-1D18A9856A87
  last_name: Gazi
- first_name: Joel F
  full_name: Alwen, Joel F
  id: 2A8DFA8C-F248-11E8-B48F-1D18A9856A87
  last_name: Alwen
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: 'Park S, Kwon A, Fuchsbauer G, Gazi P, Alwen JF, Pietrzak KZ. SpaceMint: A
    cryptocurrency based on proofs of space. In: <i>22nd International Conference
    on Financial Cryptography and Data Security</i>. Vol 10957. Springer Nature; 2018:480-499.
    doi:<a href="https://doi.org/10.1007/978-3-662-58387-6_26">10.1007/978-3-662-58387-6_26</a>'
  apa: 'Park, S., Kwon, A., Fuchsbauer, G., Gazi, P., Alwen, J. F., &#38; Pietrzak,
    K. Z. (2018). SpaceMint: A cryptocurrency based on proofs of space. In <i>22nd
    International Conference on Financial Cryptography and Data Security</i> (Vol.
    10957, pp. 480–499). Nieuwpoort, Curacao: Springer Nature. <a href="https://doi.org/10.1007/978-3-662-58387-6_26">https://doi.org/10.1007/978-3-662-58387-6_26</a>'
  chicago: 'Park, Sunoo, Albert Kwon, Georg Fuchsbauer, Peter Gazi, Joel F Alwen,
    and Krzysztof Z Pietrzak. “SpaceMint: A Cryptocurrency Based on Proofs of Space.”
    In <i>22nd International Conference on Financial Cryptography and Data Security</i>,
    10957:480–99. Springer Nature, 2018. <a href="https://doi.org/10.1007/978-3-662-58387-6_26">https://doi.org/10.1007/978-3-662-58387-6_26</a>.'
  ieee: 'S. Park, A. Kwon, G. Fuchsbauer, P. Gazi, J. F. Alwen, and K. Z. Pietrzak,
    “SpaceMint: A cryptocurrency based on proofs of space,” in <i>22nd International
    Conference on Financial Cryptography and Data Security</i>, Nieuwpoort, Curacao,
    2018, vol. 10957, pp. 480–499.'
  ista: 'Park S, Kwon A, Fuchsbauer G, Gazi P, Alwen JF, Pietrzak KZ. 2018. SpaceMint:
    A cryptocurrency based on proofs of space. 22nd International Conference on Financial
    Cryptography and Data Security. FC: Financial Cryptography and Data Security,
    LNCS, vol. 10957, 480–499.'
  mla: 'Park, Sunoo, et al. “SpaceMint: A Cryptocurrency Based on Proofs of Space.”
    <i>22nd International Conference on Financial Cryptography and Data Security</i>,
    vol. 10957, Springer Nature, 2018, pp. 480–99, doi:<a href="https://doi.org/10.1007/978-3-662-58387-6_26">10.1007/978-3-662-58387-6_26</a>.'
  short: S. Park, A. Kwon, G. Fuchsbauer, P. Gazi, J.F. Alwen, K.Z. Pietrzak, in:,
    22nd International Conference on Financial Cryptography and Data Security, Springer
    Nature, 2018, pp. 480–499.
conference:
  end_date: 2018-03-02
  location: Nieuwpoort, Curacao
  name: 'FC: Financial Cryptography and Data Security'
  start_date: 2018-02-26
date_created: 2019-10-14T06:35:38Z
date_published: 2018-12-07T00:00:00Z
date_updated: 2026-04-16T10:30:49Z
day: '07'
department:
- _id: KrPi
doi: 10.1007/978-3-662-58387-6_26
ec_funded: 1
external_id:
  isi:
  - '000540656400026'
intvolume: '     10957'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2015/528
month: '12'
oa: 1
oa_version: Submitted Version
page: 480-499
project:
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '682815'
  name: Teaching Old Crypto New Tricks
publication: 22nd International Conference on Financial Cryptography and Data Security
publication_identifier:
  eisbn:
  - '9783662583876'
  eissn:
  - 1611-3349
  isbn:
  - '9783662583869'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
quality_controlled: '1'
scopus_import: '1'
status: public
title: 'SpaceMint: A cryptocurrency based on proofs of space'
type: conference
user_id: ba8df636-2132-11f1-aed0-ed93e2281fdd
volume: 10957
year: '2018'
...
---
_id: '1225'
abstract:
- lang: eng
  text: At Crypto 2015 Fuchsbauer, Hanser and Slamanig (FHS) presented the first standard-model
    construction of efficient roundoptimal blind signatures that does not require
    complexity leveraging. It is conceptually simple and builds on the primitive of
    structure-preserving signatures on equivalence classes (SPS-EQ). FHS prove the
    unforgeability of their scheme assuming EUF-CMA security of the SPS-EQ scheme
    and hardness of a version of the DH inversion problem. Blindness under adversarially
    chosen keys is proven under an interactive variant of the DDH assumption. We propose
    a variant of their scheme whose blindness can be proven under a non-interactive
    assumption, namely a variant of the bilinear DDH assumption. We moreover prove
    its unforgeability assuming only unforgeability of the underlying SPS-EQ but no
    additional assumptions as needed for the FHS scheme.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Christian
  full_name: Hanser, Christian
  last_name: Hanser
- first_name: Chethan
  full_name: Kamath Hosdurg, Chethan
  id: 4BD3F30E-F248-11E8-B48F-1D18A9856A87
  last_name: Kamath Hosdurg
- first_name: Daniel
  full_name: Slamanig, Daniel
  last_name: Slamanig
citation:
  ama: 'Fuchsbauer G, Hanser C, Kamath Hosdurg C, Slamanig D. Practical round-optimal
    blind signatures in the standard model from weaker assumptions. In: Vol 9841.
    Springer; 2016:391-408. doi:<a href="https://doi.org/10.1007/978-3-319-44618-9_21">10.1007/978-3-319-44618-9_21</a>'
  apa: 'Fuchsbauer, G., Hanser, C., Kamath Hosdurg, C., &#38; Slamanig, D. (2016).
    Practical round-optimal blind signatures in the standard model from weaker assumptions
    (Vol. 9841, pp. 391–408). Presented at the SCN: Security and Cryptography for
    Networks, Amalfi, Italy: Springer. <a href="https://doi.org/10.1007/978-3-319-44618-9_21">https://doi.org/10.1007/978-3-319-44618-9_21</a>'
  chicago: Fuchsbauer, Georg, Christian Hanser, Chethan Kamath Hosdurg, and Daniel
    Slamanig. “Practical Round-Optimal Blind Signatures in the Standard Model from
    Weaker Assumptions,” 9841:391–408. Springer, 2016. <a href="https://doi.org/10.1007/978-3-319-44618-9_21">https://doi.org/10.1007/978-3-319-44618-9_21</a>.
  ieee: 'G. Fuchsbauer, C. Hanser, C. Kamath Hosdurg, and D. Slamanig, “Practical
    round-optimal blind signatures in the standard model from weaker assumptions,”
    presented at the SCN: Security and Cryptography for Networks, Amalfi, Italy, 2016,
    vol. 9841, pp. 391–408.'
  ista: 'Fuchsbauer G, Hanser C, Kamath Hosdurg C, Slamanig D. 2016. Practical round-optimal
    blind signatures in the standard model from weaker assumptions. SCN: Security
    and Cryptography for Networks, LNCS, vol. 9841, 391–408.'
  mla: Fuchsbauer, Georg, et al. <i>Practical Round-Optimal Blind Signatures in the
    Standard Model from Weaker Assumptions</i>. Vol. 9841, Springer, 2016, pp. 391–408,
    doi:<a href="https://doi.org/10.1007/978-3-319-44618-9_21">10.1007/978-3-319-44618-9_21</a>.
  short: G. Fuchsbauer, C. Hanser, C. Kamath Hosdurg, D. Slamanig, in:, Springer,
    2016, pp. 391–408.
conference:
  end_date: 2016-09-02
  location: Amalfi, Italy
  name: 'SCN: Security and Cryptography for Networks'
  start_date: 2016-08-31
date_created: 2018-12-11T11:50:49Z
date_published: 2016-08-11T00:00:00Z
date_updated: 2025-09-23T09:53:45Z
day: '11'
department:
- _id: KrPi
doi: 10.1007/978-3-319-44618-9_21
ec_funded: 1
external_id:
  isi:
  - '000389516500021'
intvolume: '      9841'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2016/662
month: '08'
oa: 1
oa_version: Submitted Version
page: 391 - 408
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '682815'
  name: Teaching Old Crypto New Tricks
publication_status: published
publisher: Springer
publist_id: '6109'
quality_controlled: '1'
related_material:
  record:
  - id: '1647'
    relation: earlier_version
    status: public
scopus_import: '1'
status: public
title: Practical round-optimal blind signatures in the standard model from weaker
  assumptions
type: conference
user_id: 317138e5-6ab7-11ef-aa6d-ffef3953e345
volume: 9841
year: '2016'
...
---
_id: '1233'
abstract:
- lang: eng
  text: About three decades ago it was realized that implementing private channels
    between parties which can be adaptively corrupted requires an encryption scheme
    that is secure against selective opening attacks. Whether standard (IND-CPA) security
    implies security against selective opening attacks has been a major open question
    since. The only known reduction from selective opening to IND-CPA security loses
    an exponential factor. A polynomial reduction is only known for the very special
    case where the distribution considered in the selective opening security experiment
    is a product distribution, i.e., the messages are sampled independently from each
    other. In this paper we give a reduction whose loss is quantified via the dependence
    graph (where message dependencies correspond to edges) of the underlying message
    distribution. In particular, for some concrete distributions including Markov
    distributions, our reduction is polynomial.
acknowledgement: G. Fuchsbauer and K. Pietrzak are supported by the European Research
  Council, ERC Starting Grant (259668-PSPC). F. Heuer is funded by a Sofja Kovalevskaja
  Award of the Alexander von Humboldt Foundation and DFG SPP 1736, Algorithms for
  BIG DATA. E. Kiltz is supported by a Sofja Kovalevskaja Award of the Alexander von
  Humboldt Foundation, the German Israel Foundation, and ERC Project ERCC (FP7/615074).
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Felix
  full_name: Heuer, Felix
  last_name: Heuer
- first_name: Eike
  full_name: Kiltz, Eike
  last_name: Kiltz
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: 'Fuchsbauer G, Heuer F, Kiltz E, Pietrzak KZ. Standard security does imply
    security against selective opening for markov distributions. In: Vol 9562. Springer;
    2016:282-305. doi:<a href="https://doi.org/10.1007/978-3-662-49096-9_12">10.1007/978-3-662-49096-9_12</a>'
  apa: 'Fuchsbauer, G., Heuer, F., Kiltz, E., &#38; Pietrzak, K. Z. (2016). Standard
    security does imply security against selective opening for markov distributions
    (Vol. 9562, pp. 282–305). Presented at the TCC: Theory of Cryptography Conference,
    Tel Aviv, Israel: Springer. <a href="https://doi.org/10.1007/978-3-662-49096-9_12">https://doi.org/10.1007/978-3-662-49096-9_12</a>'
  chicago: Fuchsbauer, Georg, Felix Heuer, Eike Kiltz, and Krzysztof Z Pietrzak. “Standard
    Security Does Imply Security against Selective Opening for Markov Distributions,”
    9562:282–305. Springer, 2016. <a href="https://doi.org/10.1007/978-3-662-49096-9_12">https://doi.org/10.1007/978-3-662-49096-9_12</a>.
  ieee: 'G. Fuchsbauer, F. Heuer, E. Kiltz, and K. Z. Pietrzak, “Standard security
    does imply security against selective opening for markov distributions,” presented
    at the TCC: Theory of Cryptography Conference, Tel Aviv, Israel, 2016, vol. 9562,
    pp. 282–305.'
  ista: 'Fuchsbauer G, Heuer F, Kiltz E, Pietrzak KZ. 2016. Standard security does
    imply security against selective opening for markov distributions. TCC: Theory
    of Cryptography Conference, LNCS, vol. 9562, 282–305.'
  mla: Fuchsbauer, Georg, et al. <i>Standard Security Does Imply Security against
    Selective Opening for Markov Distributions</i>. Vol. 9562, Springer, 2016, pp.
    282–305, doi:<a href="https://doi.org/10.1007/978-3-662-49096-9_12">10.1007/978-3-662-49096-9_12</a>.
  short: G. Fuchsbauer, F. Heuer, E. Kiltz, K.Z. Pietrzak, in:, Springer, 2016, pp.
    282–305.
conference:
  end_date: 2016-01-13
  location: Tel Aviv, Israel
  name: 'TCC: Theory of Cryptography Conference'
  start_date: 2016-01-10
date_created: 2018-12-11T11:50:51Z
date_published: 2016-01-01T00:00:00Z
date_updated: 2025-09-22T09:21:52Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-662-49096-9_12
ec_funded: 1
external_id:
  isi:
  - '000376041100012'
intvolume: '      9562'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2015/853
month: '01'
oa: 1
oa_version: Submitted Version
page: 282 - 305
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '6100'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Standard security does imply security against selective opening for markov
  distributions
type: conference
user_id: 317138e5-6ab7-11ef-aa6d-ffef3953e345
volume: 9562
year: '2016'
...
---
_id: '1592'
abstract:
- lang: eng
  text: A modular approach to constructing cryptographic protocols leads to simple
    designs but often inefficient instantiations. On the other hand, ad hoc constructions
    may yield efficient protocols at the cost of losing conceptual simplicity. We
    suggest a new design paradigm, structure-preserving cryptography, that provides
    a way to construct modular protocols with reasonable efficiency while retaining
    conceptual simplicity. A cryptographic scheme over a bilinear group is called
    structure-preserving if its public inputs and outputs consist of elements from
    the bilinear groups and their consistency can be verified by evaluating pairing-product
    equations. As structure-preserving schemes smoothly interoperate with each other,
    they are useful as building blocks in modular design of cryptographic applications.
    This paper introduces structure-preserving commitment and signature schemes over
    bilinear groups with several desirable properties. The commitment schemes include
    homomorphic, trapdoor and length-reducing commitments to group elements, and the
    structure-preserving signature schemes are the first ones that yield constant-size
    signatures on multiple group elements. A structure-preserving signature scheme
    is called automorphic if the public keys lie in the message space, which cannot
    be achieved by compressing inputs via a cryptographic hash function, as this would
    destroy the mathematical structure we are trying to preserve. Automorphic signatures
    can be used for building certification chains underlying privacy-preserving protocols.
    Among a vast number of applications of structure-preserving protocols, we present
    an efficient round-optimal blind-signature scheme and a group signature scheme
    with an efficient and concurrently secure protocol for enrolling new members.
acknowledgement: The authors would like to thank the anonymous reviewers of this paper.
  We also would like to express our appreciation to the program committee and the
  anonymous reviewers for CRYPTO 2010. The first author thanks Sherman S. M. Chow
  for his comment on group signatures in Sect. 7.1.
article_processing_charge: No
author:
- first_name: Masayuki
  full_name: Abe, Masayuki
  last_name: Abe
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Jens
  full_name: Groth, Jens
  last_name: Groth
- first_name: Kristiyan
  full_name: Haralambiev, Kristiyan
  last_name: Haralambiev
- first_name: Miyako
  full_name: Ohkubo, Miyako
  last_name: Ohkubo
citation:
  ama: Abe M, Fuchsbauer G, Groth J, Haralambiev K, Ohkubo M. Structure preserving
    signatures and commitments to group elements. <i>Journal of Cryptology</i>. 2016;29(2):363-421.
    doi:<a href="https://doi.org/10.1007/s00145-014-9196-7">10.1007/s00145-014-9196-7</a>
  apa: Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., &#38; Ohkubo, M. (2016).
    Structure preserving signatures and commitments to group elements. <i>Journal
    of Cryptology</i>. Springer. <a href="https://doi.org/10.1007/s00145-014-9196-7">https://doi.org/10.1007/s00145-014-9196-7</a>
  chicago: Abe, Masayuki, Georg Fuchsbauer, Jens Groth, Kristiyan Haralambiev, and
    Miyako Ohkubo. “Structure Preserving Signatures and Commitments to Group Elements.”
    <i>Journal of Cryptology</i>. Springer, 2016. <a href="https://doi.org/10.1007/s00145-014-9196-7">https://doi.org/10.1007/s00145-014-9196-7</a>.
  ieee: M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, and M. Ohkubo, “Structure
    preserving signatures and commitments to group elements,” <i>Journal of Cryptology</i>,
    vol. 29, no. 2. Springer, pp. 363–421, 2016.
  ista: Abe M, Fuchsbauer G, Groth J, Haralambiev K, Ohkubo M. 2016. Structure preserving
    signatures and commitments to group elements. Journal of Cryptology. 29(2), 363–421.
  mla: Abe, Masayuki, et al. “Structure Preserving Signatures and Commitments to Group
    Elements.” <i>Journal of Cryptology</i>, vol. 29, no. 2, Springer, 2016, pp. 363–421,
    doi:<a href="https://doi.org/10.1007/s00145-014-9196-7">10.1007/s00145-014-9196-7</a>.
  short: M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, M. Ohkubo, Journal of Cryptology
    29 (2016) 363–421.
date_created: 2018-12-11T11:52:54Z
date_published: 2016-04-01T00:00:00Z
date_updated: 2025-09-18T11:02:49Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/s00145-014-9196-7
external_id:
  isi:
  - '000371077900004'
intvolume: '        29'
isi: 1
issue: '2'
language:
- iso: eng
month: '04'
oa_version: None
page: 363 - 421
publication: Journal of Cryptology
publication_status: published
publisher: Springer
publist_id: '5579'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Structure preserving signatures and commitments to group elements
type: journal_article
user_id: 317138e5-6ab7-11ef-aa6d-ffef3953e345
volume: 29
year: '2016'
...
---
_id: '1229'
abstract:
- lang: eng
  text: Witness encryption (WE) was introduced by Garg et al. [GGSW13]. A WE scheme
    is defined for some NP language L and lets a sender encrypt messages relative
    to instances x. A ciphertext for x can be decrypted using w witnessing x ∈ L,
    but hides the message if x ∈ L. Garg et al. construct WE from multilinear maps
    and give another construction [GGH+13b] using indistinguishability obfuscation
    (iO) for circuits. Due to the reliance on such heavy tools, WE can cur- rently
    hardly be implemented on powerful hardware and will unlikely be realizable on
    constrained devices like smart cards any time soon. We construct a WE scheme where
    encryption is done by simply computing a Naor-Yung ciphertext (two CPA encryptions
    and a NIZK proof). To achieve this, our scheme has a setup phase, which outputs
    public parameters containing an obfuscated circuit (only required for decryption),
    two encryption keys and a common reference string (used for encryption). This
    setup need only be run once, and the parame- ters can be used for arbitrary many
    encryptions. Our scheme can also be turned into a functional WE scheme, where
    a message is encrypted w.r.t. a statement and a function f, and decryption with
    a witness w yields f (m, w). Our construction is inspired by the functional encryption
    scheme by Garg et al. and we prove (selective) security assuming iO and statistically
    simulation-sound NIZK. We give a construction of the latter in bilinear groups
    and combining it with ElGamal encryption, our ciphertexts are of size 1.3 kB at
    a 128-bit security level and can be computed on a smart card.
acknowledgement: Research  supported  by  the  European  Research  Council,  ERC  starting  grant
  (259668-PSPC) and ERC consolidator grant (682815 - TOCNeT).
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Hamza M
  full_name: Abusalah, Hamza M
  id: 40297222-F248-11E8-B48F-1D18A9856A87
  last_name: Abusalah
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. Offline witness encryption. In: Vol
    9696. Springer; 2016:285-303. doi:<a href="https://doi.org/10.1007/978-3-319-39555-5_16">10.1007/978-3-319-39555-5_16</a>'
  apa: 'Abusalah, H. M., Fuchsbauer, G., &#38; Pietrzak, K. Z. (2016). Offline witness
    encryption (Vol. 9696, pp. 285–303). Presented at the ACNS: Applied Cryptography
    and Network Security, Guildford, UK: Springer. <a href="https://doi.org/10.1007/978-3-319-39555-5_16">https://doi.org/10.1007/978-3-319-39555-5_16</a>'
  chicago: Abusalah, Hamza M, Georg Fuchsbauer, and Krzysztof Z Pietrzak. “Offline
    Witness Encryption,” 9696:285–303. Springer, 2016. <a href="https://doi.org/10.1007/978-3-319-39555-5_16">https://doi.org/10.1007/978-3-319-39555-5_16</a>.
  ieee: 'H. M. Abusalah, G. Fuchsbauer, and K. Z. Pietrzak, “Offline witness encryption,”
    presented at the ACNS: Applied Cryptography and Network Security, Guildford, UK,
    2016, vol. 9696, pp. 285–303.'
  ista: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. 2016. Offline witness encryption.
    ACNS: Applied Cryptography and Network Security, LNCS, vol. 9696, 285–303.'
  mla: Abusalah, Hamza M., et al. <i>Offline Witness Encryption</i>. Vol. 9696, Springer,
    2016, pp. 285–303, doi:<a href="https://doi.org/10.1007/978-3-319-39555-5_16">10.1007/978-3-319-39555-5_16</a>.
  short: H.M. Abusalah, G. Fuchsbauer, K.Z. Pietrzak, in:, Springer, 2016, pp. 285–303.
conference:
  end_date: 2016-06-22
  location: Guildford, UK
  name: 'ACNS: Applied Cryptography and Network Security'
  start_date: 2016-06-19
date_created: 2018-12-11T11:50:50Z
date_published: 2016-06-09T00:00:00Z
date_updated: 2026-04-08T14:10:21Z
day: '09'
ddc:
- '005'
- '600'
department:
- _id: KrPi
doi: 10.1007/978-3-319-39555-5_16
ec_funded: 1
external_id:
  isi:
  - '000386324500016'
file:
- access_level: open_access
  checksum: 34fa9ce681da845a1ba945ba3dc57867
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:17:20Z
  date_updated: 2020-07-14T12:44:39Z
  file_id: '5273'
  file_name: IST-2017-765-v1+1_838.pdf
  file_size: 515000
  relation: main_file
file_date_updated: 2020-07-14T12:44:39Z
has_accepted_license: '1'
intvolume: '      9696'
isi: 1
language:
- iso: eng
month: '06'
oa: 1
oa_version: Submitted Version
page: 285 - 303
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '682815'
  name: Teaching Old Crypto New Tricks
publication_status: published
publisher: Springer
publist_id: '6105'
pubrep_id: '765'
quality_controlled: '1'
related_material:
  record:
  - id: '83'
    relation: dissertation_contains
    status: public
scopus_import: '1'
status: public
title: Offline witness encryption
type: conference
user_id: 317138e5-6ab7-11ef-aa6d-ffef3953e345
volume: 9696
year: '2016'
...
---
_id: '1236'
abstract:
- lang: eng
  text: 'A constrained pseudorandom function F: K × X → Y for a family T ⊆ 2X of subsets
    of X is a function where for any key k ∈ K and set S ∈ T one can efficiently compute
    a constrained key kS which allows to evaluate F (k, ·) on all inputs x ∈ S, while
    even given this key, the outputs on all inputs x ∉ S look random. At Asiacrypt’13
    Boneh and Waters gave a construction which supports the most general set family
    so far. Its keys kc are defined for sets decided by boolean circuits C and enable
    evaluation of the PRF on any x ∈ X where C(x) = 1. In their construction the PRF
    input length and the size of the circuits C for which constrained keys can be
    computed must be fixed beforehand during key generation. We construct a constrained
    PRF that has an unbounded input length and whose constrained keys can be defined
    for any set recognized by a Turing machine. The only a priori bound we make is
    on the description size of the machines. We prove our construction secure assuming
    publiccoin differing-input obfuscation. As applications of our constrained PRF
    we build a broadcast encryption scheme where the number of potential receivers
    need not be fixed at setup (in particular, the length of the keys is independent
    of the number of parties) and the first identity-based non-interactive key exchange
    protocol with no bound on the number of parties that can agree on a shared key.'
acknowledgement: Supported by the European Research Council, ERC Starting Grant (259668-PSPC).
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Hamza M
  full_name: Abusalah, Hamza M
  id: 40297222-F248-11E8-B48F-1D18A9856A87
  last_name: Abusalah
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. Constrained PRFs for unbounded inputs.
    In: Vol 9610. Springer; 2016:413-428. doi:<a href="https://doi.org/10.1007/978-3-319-29485-8_24">10.1007/978-3-319-29485-8_24</a>'
  apa: 'Abusalah, H. M., Fuchsbauer, G., &#38; Pietrzak, K. Z. (2016). Constrained
    PRFs for unbounded inputs (Vol. 9610, pp. 413–428). Presented at the CT-RSA: Topics
    in Cryptology, San Francisco, CA, USA: Springer. <a href="https://doi.org/10.1007/978-3-319-29485-8_24">https://doi.org/10.1007/978-3-319-29485-8_24</a>'
  chicago: Abusalah, Hamza M, Georg Fuchsbauer, and Krzysztof Z Pietrzak. “Constrained
    PRFs for Unbounded Inputs,” 9610:413–28. Springer, 2016. <a href="https://doi.org/10.1007/978-3-319-29485-8_24">https://doi.org/10.1007/978-3-319-29485-8_24</a>.
  ieee: 'H. M. Abusalah, G. Fuchsbauer, and K. Z. Pietrzak, “Constrained PRFs for
    unbounded inputs,” presented at the CT-RSA: Topics in Cryptology, San Francisco,
    CA, USA, 2016, vol. 9610, pp. 413–428.'
  ista: 'Abusalah HM, Fuchsbauer G, Pietrzak KZ. 2016. Constrained PRFs for unbounded
    inputs. CT-RSA: Topics in Cryptology, LNCS, vol. 9610, 413–428.'
  mla: Abusalah, Hamza M., et al. <i>Constrained PRFs for Unbounded Inputs</i>. Vol.
    9610, Springer, 2016, pp. 413–28, doi:<a href="https://doi.org/10.1007/978-3-319-29485-8_24">10.1007/978-3-319-29485-8_24</a>.
  short: H.M. Abusalah, G. Fuchsbauer, K.Z. Pietrzak, in:, Springer, 2016, pp. 413–428.
conference:
  end_date: 2016-03-04
  location: San Francisco, CA, USA
  name: 'CT-RSA: Topics in Cryptology'
  start_date: 2016-02-29
date_created: 2018-12-11T11:50:52Z
date_published: 2016-02-02T00:00:00Z
date_updated: 2026-04-08T14:10:21Z
day: '02'
ddc:
- '005'
- '600'
department:
- _id: KrPi
doi: 10.1007/978-3-319-29485-8_24
ec_funded: 1
external_id:
  isi:
  - '000374102500024'
file:
- access_level: open_access
  checksum: 3851cee49933ae13b1272e516f213e13
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:08:05Z
  date_updated: 2020-07-14T12:44:41Z
  file_id: '4664'
  file_name: IST-2017-764-v1+1_279.pdf
  file_size: 495176
  relation: main_file
file_date_updated: 2020-07-14T12:44:41Z
has_accepted_license: '1'
intvolume: '      9610'
isi: 1
language:
- iso: eng
month: '02'
oa: 1
oa_version: Submitted Version
page: 413 - 428
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '6097'
pubrep_id: '764'
quality_controlled: '1'
related_material:
  record:
  - id: '83'
    relation: dissertation_contains
    status: public
scopus_import: '1'
status: public
title: Constrained PRFs for unbounded inputs
type: conference
user_id: 317138e5-6ab7-11ef-aa6d-ffef3953e345
volume: 9610
year: '2016'
...
---
_id: '1235'
abstract:
- lang: eng
  text: 'A constrained pseudorandom function (CPRF) F: K×X → Y for a family T of subsets
    of χ is a function where for any key k ∈ K and set S ∈ T one can efficiently compute
    a short constrained key kS, which allows to evaluate F(k, ·) on all inputs x ∈
    S, while the outputs on all inputs x /∈ S look random even given kS. Abusalah
    et al. recently constructed the first constrained PRF for inputs of arbitrary
    length whose sets S are decided by Turing machines. They use their CPRF to build
    broadcast encryption and the first ID-based non-interactive key exchange for an
    unbounded number of users. Their constrained keys are obfuscated circuits and
    are therefore large. In this work we drastically reduce the key size and define
    a constrained key for a Turing machine M as a short signature on M. For this,
    we introduce a new signature primitive with constrained signing keys that let
    one only sign certain messages, while forging a signature on others is hard even
    when knowing the coins for key generation.'
acknowledgement: H. Abusalah—Research supported by the European Research Council,
  ERC starting grant (259668-PSPC) and ERC consolidator grant (682815 - TOCNeT).
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Hamza M
  full_name: Abusalah, Hamza M
  id: 40297222-F248-11E8-B48F-1D18A9856A87
  last_name: Abusalah
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
citation:
  ama: 'Abusalah HM, Fuchsbauer G. Constrained PRFs for unbounded inputs with short
    keys. In: Vol 9696. Springer; 2016:445-463. doi:<a href="https://doi.org/10.1007/978-3-319-39555-5_24">10.1007/978-3-319-39555-5_24</a>'
  apa: 'Abusalah, H. M., &#38; Fuchsbauer, G. (2016). Constrained PRFs for unbounded
    inputs with short keys (Vol. 9696, pp. 445–463). Presented at the ACNS: Applied
    Cryptography and Network Security, Guildford, UK: Springer. <a href="https://doi.org/10.1007/978-3-319-39555-5_24">https://doi.org/10.1007/978-3-319-39555-5_24</a>'
  chicago: Abusalah, Hamza M, and Georg Fuchsbauer. “Constrained PRFs for Unbounded
    Inputs with Short Keys,” 9696:445–63. Springer, 2016. <a href="https://doi.org/10.1007/978-3-319-39555-5_24">https://doi.org/10.1007/978-3-319-39555-5_24</a>.
  ieee: 'H. M. Abusalah and G. Fuchsbauer, “Constrained PRFs for unbounded inputs
    with short keys,” presented at the ACNS: Applied Cryptography and Network Security,
    Guildford, UK, 2016, vol. 9696, pp. 445–463.'
  ista: 'Abusalah HM, Fuchsbauer G. 2016. Constrained PRFs for unbounded inputs with
    short keys. ACNS: Applied Cryptography and Network Security, LNCS, vol. 9696,
    445–463.'
  mla: Abusalah, Hamza M., and Georg Fuchsbauer. <i>Constrained PRFs for Unbounded
    Inputs with Short Keys</i>. Vol. 9696, Springer, 2016, pp. 445–63, doi:<a href="https://doi.org/10.1007/978-3-319-39555-5_24">10.1007/978-3-319-39555-5_24</a>.
  short: H.M. Abusalah, G. Fuchsbauer, in:, Springer, 2016, pp. 445–463.
conference:
  end_date: 2016-06-22
  location: Guildford, UK
  name: 'ACNS: Applied Cryptography and Network Security'
  start_date: 2016-06-19
date_created: 2018-12-11T11:50:52Z
date_published: 2016-01-01T00:00:00Z
date_updated: 2026-04-08T14:10:21Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-319-39555-5_24
ec_funded: 1
external_id:
  isi:
  - '000386324500024'
intvolume: '      9696'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2016/279.pdf
month: '01'
oa: 1
oa_version: Submitted Version
page: 445 - 463
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
- _id: 258AA5B2-B435-11E9-9278-68D0E5697425
  call_identifier: H2020
  grant_number: '682815'
  name: Teaching Old Crypto New Tricks
publication_status: published
publisher: Springer
publist_id: '6098'
quality_controlled: '1'
related_material:
  record:
  - id: '83'
    relation: dissertation_contains
    status: public
scopus_import: '1'
status: public
title: Constrained PRFs for unbounded inputs with short keys
type: conference
user_id: 317138e5-6ab7-11ef-aa6d-ffef3953e345
volume: 9696
year: '2016'
...
---
_id: '1474'
abstract:
- lang: eng
  text: Cryptographic access control offers selective access to encrypted data via
    a combination of key management and functionality-rich cryptographic schemes,
    such as attribute-based encryption. Using this approach, publicly available meta-data
    may inadvertently leak information on the access policy that is enforced by cryptography,
    which renders cryptographic access control unusable in settings where this information
    is highly sensitive. We begin to address this problem by presenting rigorous definitions
    for policy privacy in cryptographic access control. For concreteness we set our
    results in the model of Role-Based Access Control (RBAC), where we identify and
    formalize several different flavors of privacy, however, our framework should
    serve as inspiration for other models of access control. Based on our insights
    we propose a new system which significantly improves on the privacy properties
    of state-of-the-art constructions. Our design is based on a novel type of privacy-preserving
    attribute-based encryption, which we introduce and show how to instantiate. We
    present our results in the context of a cryptographic RBAC system by Ferrara et
    al. (CSF'13), which uses cryptography to control read access to files, while write
    access is still delegated to trusted monitors. We give an extension of the construction
    that permits cryptographic control over write access. Our construction assumes
    that key management uses out-of-band channels between the policy enforcer and
    the users but eliminates completely the need for monitoring read/write access
    to the data.
article_processing_charge: No
author:
- first_name: Anna
  full_name: Ferrara, Anna
  last_name: Ferrara
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Bin
  full_name: Liu, Bin
  last_name: Liu
- first_name: Bogdan
  full_name: Warinschi, Bogdan
  last_name: Warinschi
citation:
  ama: 'Ferrara A, Fuchsbauer G, Liu B, Warinschi B. Policy privacy in cryptographic
    access control. In: IEEE; 2015:46-60. doi:<a href="https://doi.org/10.1109/CSF.2015.11">10.1109/CSF.2015.11</a>'
  apa: 'Ferrara, A., Fuchsbauer, G., Liu, B., &#38; Warinschi, B. (2015). Policy privacy
    in cryptographic access control (pp. 46–60). Presented at the CSF: Computer Security
    Foundations, Verona, Italy: IEEE. <a href="https://doi.org/10.1109/CSF.2015.11">https://doi.org/10.1109/CSF.2015.11</a>'
  chicago: Ferrara, Anna, Georg Fuchsbauer, Bin Liu, and Bogdan Warinschi. “Policy
    Privacy in Cryptographic Access Control,” 46–60. IEEE, 2015. <a href="https://doi.org/10.1109/CSF.2015.11">https://doi.org/10.1109/CSF.2015.11</a>.
  ieee: 'A. Ferrara, G. Fuchsbauer, B. Liu, and B. Warinschi, “Policy privacy in cryptographic
    access control,” presented at the CSF: Computer Security Foundations, Verona,
    Italy, 2015, pp. 46–60.'
  ista: 'Ferrara A, Fuchsbauer G, Liu B, Warinschi B. 2015. Policy privacy in cryptographic
    access control. CSF: Computer Security Foundations, 46–60.'
  mla: Ferrara, Anna, et al. <i>Policy Privacy in Cryptographic Access Control</i>.
    IEEE, 2015, pp. 46–60, doi:<a href="https://doi.org/10.1109/CSF.2015.11">10.1109/CSF.2015.11</a>.
  short: A. Ferrara, G. Fuchsbauer, B. Liu, B. Warinschi, in:, IEEE, 2015, pp. 46–60.
conference:
  end_date: 2015-07-17
  location: Verona, Italy
  name: 'CSF: Computer Security Foundations'
  start_date: 2015-07-13
date_created: 2018-12-11T11:52:14Z
date_published: 2015-09-04T00:00:00Z
date_updated: 2025-09-23T09:50:52Z
day: '04'
department:
- _id: KrPi
doi: 10.1109/CSF.2015.11
ec_funded: 1
external_id:
  isi:
  - '000380428500004'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: http://epubs.surrey.ac.uk/808055/
month: '09'
oa: 1
oa_version: Submitted Version
page: 46-60
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: IEEE
publist_id: '5722'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Policy privacy in cryptographic access control
type: conference
user_id: 317138e5-6ab7-11ef-aa6d-ffef3953e345
year: '2015'
...
---
_id: '1646'
abstract:
- lang: eng
  text: 'A pseudorandom function (PRF) is a keyed function F : K × X → Y where, for
    a random key k ∈ K, the function F(k, ·) is indistinguishable from a uniformly
    random function, given black-box access. A key-homomorphic PRF has the additional
    feature that for any keys k, k'' and any input x, we have F(k+k'', x) = F(k, x)⊕F(k'',
    x) for some group operations +,⊕ on K and Y, respectively. A constrained PRF for
    a family of setsS ⊆ P(X) has the property that, given any key k and set S ∈ S,
    one can efficiently compute a “constrained” key kS that enables evaluation of
    F(k, x) on all inputs x ∈ S, while the values F(k, x) for x /∈ S remain pseudorandom
    even given kS. In this paper we construct PRFs that are simultaneously constrained
    and key homomorphic, where the homomorphic property holds even for constrained
    keys. We first show that the multilinear map-based bit-fixing and circuit-constrained
    PRFs of Boneh and Waters (Asiacrypt 2013) can be modified to also be keyhomomorphic.
    We then show that the LWE-based key-homomorphic PRFs of Banerjee and Peikert (Crypto
    2014) are essentially already prefix-constrained PRFs, using a (non-obvious) definition
    of constrained keys and associated group operation. Moreover, the constrained
    keys themselves are pseudorandom, and the constraining and evaluation functions
    can all be computed in low depth. As an application of key-homomorphic constrained
    PRFs,we construct a proxy re-encryption schemewith fine-grained access control.
    This scheme allows storing encrypted data on an untrusted server, where each file
    can be encrypted relative to some attributes, so that only parties whose constrained
    keys match the attributes can decrypt. Moreover, the server can re-key (arbitrary
    subsets of) the ciphertexts without learning anything about the plaintexts, thus
    permitting efficient and finegrained revocation.'
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Abishek
  full_name: Banerjee, Abishek
  last_name: Banerjee
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Chris
  full_name: Peikert, Chris
  last_name: Peikert
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
- first_name: Sophie
  full_name: Stevens, Sophie
  last_name: Stevens
citation:
  ama: 'Banerjee A, Fuchsbauer G, Peikert C, Pietrzak KZ, Stevens S. Key-homomorphic
    constrained pseudorandom functions. In: <i>12th Theory of Cryptography Conference</i>.
    Vol 9015. Springer Nature; 2015:31-60. doi:<a href="https://doi.org/10.1007/978-3-662-46497-7_2">10.1007/978-3-662-46497-7_2</a>'
  apa: 'Banerjee, A., Fuchsbauer, G., Peikert, C., Pietrzak, K. Z., &#38; Stevens,
    S. (2015). Key-homomorphic constrained pseudorandom functions. In <i>12th Theory
    of Cryptography Conference</i> (Vol. 9015, pp. 31–60). Warsaw, Poland: Springer
    Nature. <a href="https://doi.org/10.1007/978-3-662-46497-7_2">https://doi.org/10.1007/978-3-662-46497-7_2</a>'
  chicago: Banerjee, Abishek, Georg Fuchsbauer, Chris Peikert, Krzysztof Z Pietrzak,
    and Sophie Stevens. “Key-Homomorphic Constrained Pseudorandom Functions.” In <i>12th
    Theory of Cryptography Conference</i>, 9015:31–60. Springer Nature, 2015. <a href="https://doi.org/10.1007/978-3-662-46497-7_2">https://doi.org/10.1007/978-3-662-46497-7_2</a>.
  ieee: A. Banerjee, G. Fuchsbauer, C. Peikert, K. Z. Pietrzak, and S. Stevens, “Key-homomorphic
    constrained pseudorandom functions,” in <i>12th Theory of Cryptography Conference</i>,
    Warsaw, Poland, 2015, vol. 9015, pp. 31–60.
  ista: 'Banerjee A, Fuchsbauer G, Peikert C, Pietrzak KZ, Stevens S. 2015. Key-homomorphic
    constrained pseudorandom functions. 12th Theory of Cryptography Conference. TCC:
    Theory of Cryptography Conference, LNCS, vol. 9015, 31–60.'
  mla: Banerjee, Abishek, et al. “Key-Homomorphic Constrained Pseudorandom Functions.”
    <i>12th Theory of Cryptography Conference</i>, vol. 9015, Springer Nature, 2015,
    pp. 31–60, doi:<a href="https://doi.org/10.1007/978-3-662-46497-7_2">10.1007/978-3-662-46497-7_2</a>.
  short: A. Banerjee, G. Fuchsbauer, C. Peikert, K.Z. Pietrzak, S. Stevens, in:, 12th
    Theory of Cryptography Conference, Springer Nature, 2015, pp. 31–60.
conference:
  end_date: 2015-03-25
  location: Warsaw, Poland
  name: 'TCC: Theory of Cryptography Conference'
  start_date: 2015-03-23
date_created: 2018-12-11T11:53:14Z
date_published: 2015-03-01T00:00:00Z
date_updated: 2025-04-15T07:52:27Z
day: '01'
ddc:
- '000'
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-662-46497-7_2
ec_funded: 1
file:
- access_level: open_access
  checksum: 3c5093bda5783c89beaacabf1aa0e60e
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:15:17Z
  date_updated: 2020-07-14T12:45:08Z
  file_id: '5136'
  file_name: IST-2016-679-v1+1_180.pdf
  file_size: 450665
  relation: main_file
file_date_updated: 2020-07-14T12:45:08Z
has_accepted_license: '1'
intvolume: '      9015'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2015/180
month: '03'
oa: 1
oa_version: Submitted Version
page: 31 - 60
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication: 12th Theory of Cryptography Conference
publication_identifier:
  isbn:
  - 978-3-662-46496-0
publication_status: published
publisher: Springer Nature
publist_id: '5505'
pubrep_id: '679'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Key-homomorphic constrained pseudorandom functions
type: conference
user_id: 8b945eb4-e2f2-11eb-945a-df72226e66a9
volume: 9015
year: '2015'
...
---
_id: '1647'
abstract:
- lang: eng
  text: Round-optimal blind signatures are notoriously hard to construct in the standard
    model, especially in the malicious-signer model, where blindness must hold under
    adversarially chosen keys. This is substantiated by several impossibility results.
    The only construction that can be termed theoretically efficient, by Garg and
    Gupta (Eurocrypt’14), requires complexity leveraging, inducing an exponential
    security loss. We present a construction of practically efficient round-optimal
    blind signatures in the standard model. It is conceptually simple and builds on
    the recent structure-preserving signatures on equivalence classes (SPSEQ) from
    Asiacrypt’14. While the traditional notion of blindness follows from standard
    assumptions, we prove blindness under adversarially chosen keys under an interactive
    variant of DDH. However, we neither require non-uniform assumptions nor complexity
    leveraging. We then show how to extend our construction to partially blind signatures
    and to blind signatures on message vectors, which yield a construction of one-show
    anonymous credentials à la “anonymous credentials light” (CCS’13) in the standard
    model. Furthermore, we give the first SPS-EQ construction under noninteractive
    assumptions and show how SPS-EQ schemes imply conventional structure-preserving
    signatures, which allows us to apply optimality results for the latter to SPS-EQ.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Christian
  full_name: Hanser, Christian
  last_name: Hanser
- first_name: Daniel
  full_name: Slamanig, Daniel
  last_name: Slamanig
citation:
  ama: 'Fuchsbauer G, Hanser C, Slamanig D. Practical round-optimal blind signatures
    in the standard model. In: Vol 9216. Springer; 2015:233-253. doi:<a href="https://doi.org/10.1007/978-3-662-48000-7_12">10.1007/978-3-662-48000-7_12</a>'
  apa: 'Fuchsbauer, G., Hanser, C., &#38; Slamanig, D. (2015). Practical round-optimal
    blind signatures in the standard model (Vol. 9216, pp. 233–253). Presented at
    the CRYPTO: International Cryptology Conference, Santa Barbara, CA, United States:
    Springer. <a href="https://doi.org/10.1007/978-3-662-48000-7_12">https://doi.org/10.1007/978-3-662-48000-7_12</a>'
  chicago: Fuchsbauer, Georg, Christian Hanser, and Daniel Slamanig. “Practical Round-Optimal
    Blind Signatures in the Standard Model,” 9216:233–53. Springer, 2015. <a href="https://doi.org/10.1007/978-3-662-48000-7_12">https://doi.org/10.1007/978-3-662-48000-7_12</a>.
  ieee: 'G. Fuchsbauer, C. Hanser, and D. Slamanig, “Practical round-optimal blind
    signatures in the standard model,” presented at the CRYPTO: International Cryptology
    Conference, Santa Barbara, CA, United States, 2015, vol. 9216, pp. 233–253.'
  ista: 'Fuchsbauer G, Hanser C, Slamanig D. 2015. Practical round-optimal blind signatures
    in the standard model. CRYPTO: International Cryptology Conference, LNCS, vol.
    9216, 233–253.'
  mla: Fuchsbauer, Georg, et al. <i>Practical Round-Optimal Blind Signatures in the
    Standard Model</i>. Vol. 9216, Springer, 2015, pp. 233–53, doi:<a href="https://doi.org/10.1007/978-3-662-48000-7_12">10.1007/978-3-662-48000-7_12</a>.
  short: G. Fuchsbauer, C. Hanser, D. Slamanig, in:, Springer, 2015, pp. 233–253.
conference:
  end_date: 2015-08-20
  location: Santa Barbara, CA, United States
  name: 'CRYPTO: International Cryptology Conference'
  start_date: 2015-08-16
corr_author: '1'
date_created: 2018-12-11T11:53:14Z
date_published: 2015-08-01T00:00:00Z
date_updated: 2025-09-23T09:53:46Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-662-48000-7_12
ec_funded: 1
external_id:
  isi:
  - '000364183100012'
intvolume: '      9216'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2015/626.pdf
month: '08'
oa: 1
oa_version: Submitted Version
page: 233 - 253
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5503'
quality_controlled: '1'
related_material:
  record:
  - id: '1225'
    relation: later_version
    status: public
scopus_import: '1'
status: public
title: Practical round-optimal blind signatures in the standard model
type: conference
user_id: 317138e5-6ab7-11ef-aa6d-ffef3953e345
volume: 9216
year: '2015'
...
---
_id: '1648'
abstract:
- lang: eng
  text: Generalized Selective Decryption (GSD), introduced by Panjwani [TCC’07], is
    a game for a symmetric encryption scheme Enc that captures the difficulty of proving
    adaptive security of certain protocols, most notably the Logical Key Hierarchy
    (LKH) multicast encryption protocol. In the GSD game there are n keys k1,...,
    kn, which the adversary may adaptively corrupt (learn); moreover, it can ask for
    encryptions Encki (kj) of keys under other keys. The adversary’s task is to distinguish
    keys (which it cannot trivially compute) from random. Proving the hardness of
    GSD assuming only IND-CPA security of Enc is surprisingly hard. Using “complexity
    leveraging” loses a factor exponential in n, which makes the proof practically
    meaningless. We can think of the GSD game as building a graph on n vertices, where
    we add an edge i → j when the adversary asks for an encryption of kj under ki.
    If restricted to graphs of depth ℓ, Panjwani gave a reduction that loses only
    a factor exponential in ℓ (not n). To date, this is the only non-trivial result
    known for GSD. In this paper we give almost-polynomial reductions for large classes
    of graphs. Most importantly, we prove the security of the GSD game restricted
    to trees losing only a quasi-polynomial factor n3 log n+5. Trees are an important
    special case capturing real-world protocols like the LKH protocol. Our new bound
    improves upon Panjwani’s on some LKH variants proposed in the literature where
    the underlying tree is not balanced. Our proof builds on ideas from the “nested
    hybrids” technique recently introduced by Fuchsbauer et al. [Asiacrypt’14] for
    proving the adaptive security of constrained PRFs.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Zahra
  full_name: Jafargholi, Zahra
  last_name: Jafargholi
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
citation:
  ama: 'Fuchsbauer G, Jafargholi Z, Pietrzak KZ. A quasipolynomial reduction for generalized
    selective decryption on trees. In: Vol 9215. Springer; 2015:601-620. doi:<a href="https://doi.org/10.1007/978-3-662-47989-6_29">10.1007/978-3-662-47989-6_29</a>'
  apa: 'Fuchsbauer, G., Jafargholi, Z., &#38; Pietrzak, K. Z. (2015). A quasipolynomial
    reduction for generalized selective decryption on trees (Vol. 9215, pp. 601–620).
    Presented at the CRYPTO: International Cryptology Conference, Santa Barbara, CA,
    USA: Springer. <a href="https://doi.org/10.1007/978-3-662-47989-6_29">https://doi.org/10.1007/978-3-662-47989-6_29</a>'
  chicago: Fuchsbauer, Georg, Zahra Jafargholi, and Krzysztof Z Pietrzak. “A Quasipolynomial
    Reduction for Generalized Selective Decryption on Trees,” 9215:601–20. Springer,
    2015. <a href="https://doi.org/10.1007/978-3-662-47989-6_29">https://doi.org/10.1007/978-3-662-47989-6_29</a>.
  ieee: 'G. Fuchsbauer, Z. Jafargholi, and K. Z. Pietrzak, “A quasipolynomial reduction
    for generalized selective decryption on trees,” presented at the CRYPTO: International
    Cryptology Conference, Santa Barbara, CA, USA, 2015, vol. 9215, pp. 601–620.'
  ista: 'Fuchsbauer G, Jafargholi Z, Pietrzak KZ. 2015. A quasipolynomial reduction
    for generalized selective decryption on trees. CRYPTO: International Cryptology
    Conference, LNCS, vol. 9215, 601–620.'
  mla: Fuchsbauer, Georg, et al. <i>A Quasipolynomial Reduction for Generalized Selective
    Decryption on Trees</i>. Vol. 9215, Springer, 2015, pp. 601–20, doi:<a href="https://doi.org/10.1007/978-3-662-47989-6_29">10.1007/978-3-662-47989-6_29</a>.
  short: G. Fuchsbauer, Z. Jafargholi, K.Z. Pietrzak, in:, Springer, 2015, pp. 601–620.
conference:
  end_date: 2015-08-20
  location: Santa Barbara, CA, USA
  name: 'CRYPTO: International Cryptology Conference'
  start_date: 2015-08-16
corr_author: '1'
date_created: 2018-12-11T11:53:14Z
date_published: 2015-08-01T00:00:00Z
date_updated: 2025-09-22T14:34:43Z
day: '01'
ddc:
- '004'
department:
- _id: KrPi
doi: 10.1007/978-3-662-47989-6_29
ec_funded: 1
external_id:
  isi:
  - '000364183000029'
file:
- access_level: open_access
  checksum: 99b76b3263d5082554d0a9cbdeca3a22
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:13:31Z
  date_updated: 2020-07-14T12:45:08Z
  file_id: '5015'
  file_name: IST-2016-674-v1+1_389.pdf
  file_size: 505618
  relation: main_file
file_date_updated: 2020-07-14T12:45:08Z
has_accepted_license: '1'
intvolume: '      9215'
isi: 1
language:
- iso: eng
month: '08'
oa: 1
oa_version: Submitted Version
page: 601 - 620
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication_status: published
publisher: Springer
publist_id: '5502'
pubrep_id: '674'
quality_controlled: '1'
scopus_import: '1'
status: public
title: A quasipolynomial reduction for generalized selective decryption on trees
tmp:
  image: /images/cc_by.png
  legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
  name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
  short: CC BY (4.0)
type: conference
user_id: 317138e5-6ab7-11ef-aa6d-ffef3953e345
volume: 9215
year: '2015'
...
---
_id: '1651'
abstract:
- lang: eng
  text: Cryptographic e-cash allows off-line electronic transactions between a bank,
    users and merchants in a secure and anonymous fashion. A plethora of e-cash constructions
    has been proposed in the literature; however, these traditional e-cash schemes
    only allow coins to be transferred once between users and merchants. Ideally,
    we would like users to be able to transfer coins between each other multiple times
    before deposit, as happens with physical cash. “Transferable” e-cash schemes are
    the solution to this problem. Unfortunately, the currently proposed schemes are
    either completely impractical or do not achieve the desirable anonymity properties
    without compromises, such as assuming the existence of a trusted “judge” who can
    trace all coins and users in the system. This paper presents the first efficient
    and fully anonymous transferable e-cash scheme without any trusted third parties.
    We start by revising the security and anonymity properties of transferable e-cash
    to capture issues that were previously overlooked. For our construction we use
    the recently proposed malleable signatures by Chase et al. to allow the secure
    and anonymous transfer of coins, combined with a new efficient double-spending
    detection mechanism. Finally, we discuss an instantiation of our construction.
acknowledgement: Work done as an intern in Microsoft Research Redmond and as a student
  at Brown University, where supported by NSF grant 0964379. Supported by the European
  Research Council, ERC Starting Grant (259668-PSPC).
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Foteini
  full_name: Baldimtsi, Foteini
  last_name: Baldimtsi
- first_name: Melissa
  full_name: Chase, Melissa
  last_name: Chase
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Markulf
  full_name: Kohlweiss, Markulf
  last_name: Kohlweiss
citation:
  ama: 'Baldimtsi F, Chase M, Fuchsbauer G, Kohlweiss M. Anonymous transferable e-cash.
    In: <i>Public-Key Cryptography - PKC 2015</i>. Vol 9020. Springer; 2015:101-124.
    doi:<a href="https://doi.org/10.1007/978-3-662-46447-2_5">10.1007/978-3-662-46447-2_5</a>'
  apa: 'Baldimtsi, F., Chase, M., Fuchsbauer, G., &#38; Kohlweiss, M. (2015). Anonymous
    transferable e-cash. In <i>Public-Key Cryptography - PKC 2015</i> (Vol. 9020,
    pp. 101–124). Gaithersburg, MD, United States: Springer. <a href="https://doi.org/10.1007/978-3-662-46447-2_5">https://doi.org/10.1007/978-3-662-46447-2_5</a>'
  chicago: Baldimtsi, Foteini, Melissa Chase, Georg Fuchsbauer, and Markulf Kohlweiss.
    “Anonymous Transferable E-Cash.” In <i>Public-Key Cryptography - PKC 2015</i>,
    9020:101–24. Springer, 2015. <a href="https://doi.org/10.1007/978-3-662-46447-2_5">https://doi.org/10.1007/978-3-662-46447-2_5</a>.
  ieee: F. Baldimtsi, M. Chase, G. Fuchsbauer, and M. Kohlweiss, “Anonymous transferable
    e-cash,” in <i>Public-Key Cryptography - PKC 2015</i>, Gaithersburg, MD, United
    States, 2015, vol. 9020, pp. 101–124.
  ista: 'Baldimtsi F, Chase M, Fuchsbauer G, Kohlweiss M. 2015. Anonymous transferable
    e-cash. Public-Key Cryptography - PKC 2015. PKC: Public Key Crypography, LNCS,
    vol. 9020, 101–124.'
  mla: Baldimtsi, Foteini, et al. “Anonymous Transferable E-Cash.” <i>Public-Key Cryptography
    - PKC 2015</i>, vol. 9020, Springer, 2015, pp. 101–24, doi:<a href="https://doi.org/10.1007/978-3-662-46447-2_5">10.1007/978-3-662-46447-2_5</a>.
  short: F. Baldimtsi, M. Chase, G. Fuchsbauer, M. Kohlweiss, in:, Public-Key Cryptography
    - PKC 2015, Springer, 2015, pp. 101–124.
conference:
  end_date: 2015-04-01
  location: Gaithersburg, MD, United States
  name: 'PKC: Public Key Crypography'
  start_date: 2015-03-30
date_created: 2018-12-11T11:53:15Z
date_published: 2015-03-17T00:00:00Z
date_updated: 2025-09-23T07:54:24Z
day: '17'
department:
- _id: KrPi
doi: 10.1007/978-3-662-46447-2_5
ec_funded: 1
external_id:
  isi:
  - '000406205700005'
intvolume: '      9020'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://doi.org/10.1007/978-3-662-46447-2_5
month: '03'
oa: 1
oa_version: Published Version
page: 101 - 124
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication: Public-Key Cryptography - PKC 2015
publication_identifier:
  isbn:
  - 978-3-662-46446-5
publication_status: published
publisher: Springer
publist_id: '5499'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Anonymous transferable e-cash
type: conference
user_id: 317138e5-6ab7-11ef-aa6d-ffef3953e345
volume: 9020
year: '2015'
...
---
_id: '2045'
abstract:
- lang: eng
  text: 'We introduce and study a new notion of enhanced chosen-ciphertext security
    (ECCA) for public-key encryption. Loosely speaking, in the ECCA security experiment,
    the decryption oracle provided to the adversary is augmented to return not only
    the output of the decryption algorithm on a queried ciphertext but also of a randomness-recovery
    algorithm associated to the scheme. Our results mainly concern the case where
    the randomness-recovery algorithm is efficient. We provide constructions of ECCA-secure
    encryption from adaptive trapdoor functions as defined by Kiltz et al. (EUROCRYPT
    2010), resulting in ECCA encryption from standard number-theoretic assumptions.
    We then give two applications of ECCA-secure encryption: (1) We use it as a unifying
    concept in showing equivalence of adaptive trapdoor functions and tag-based adaptive
    trapdoor functions, resolving an open question of Kiltz et al. (2) We show that
    ECCA-secure encryption can be used to securely realize an approach to public-key
    encryption with non-interactive opening (PKENO) originally suggested by Damgård
    and Thorbek (EUROCRYPT 2007), resulting in new and practical PKENO schemes quite
    different from those in prior work. Our results demonstrate that ECCA security
    is of both practical and theoretical interest.'
acknowledgement: The second author was supported by EPSRC grant EP/H043454/1.
alternative_title:
- LNCS
author:
- first_name: Dana
  full_name: Dachman Soled, Dana
  last_name: Dachman Soled
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Payman
  full_name: Mohassel, Payman
  last_name: Mohassel
- first_name: Adam
  full_name: O’Neill, Adam
  last_name: O’Neill
citation:
  ama: 'Dachman Soled D, Fuchsbauer G, Mohassel P, O’Neill A. Enhanced chosen-ciphertext
    security and applications. In: Krawczyk H, ed. <i>Lecture Notes in Computer Science
    (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes
    in Bioinformatics)</i>. Vol 8383. Springer; 2014:329-344. doi:<a href="https://doi.org/10.1007/978-3-642-54631-0_19">10.1007/978-3-642-54631-0_19</a>'
  apa: 'Dachman Soled, D., Fuchsbauer, G., Mohassel, P., &#38; O’Neill, A. (2014).
    Enhanced chosen-ciphertext security and applications. In H. Krawczyk (Ed.), <i>Lecture
    Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence
    and Lecture Notes in Bioinformatics)</i> (Vol. 8383, pp. 329–344). Buenos Aires,
    Argentina: Springer. <a href="https://doi.org/10.1007/978-3-642-54631-0_19">https://doi.org/10.1007/978-3-642-54631-0_19</a>'
  chicago: Dachman Soled, Dana, Georg Fuchsbauer, Payman Mohassel, and Adam O’Neill.
    “Enhanced Chosen-Ciphertext Security and Applications.” In <i>Lecture Notes in
    Computer Science (Including Subseries Lecture Notes in Artificial Intelligence
    and Lecture Notes in Bioinformatics)</i>, edited by Hugo Krawczyk, 8383:329–44.
    Springer, 2014. <a href="https://doi.org/10.1007/978-3-642-54631-0_19">https://doi.org/10.1007/978-3-642-54631-0_19</a>.
  ieee: D. Dachman Soled, G. Fuchsbauer, P. Mohassel, and A. O’Neill, “Enhanced chosen-ciphertext
    security and applications,” in <i>Lecture Notes in Computer Science (including
    subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)</i>,
    Buenos Aires, Argentina, 2014, vol. 8383, pp. 329–344.
  ista: 'Dachman Soled D, Fuchsbauer G, Mohassel P, O’Neill A. 2014. Enhanced chosen-ciphertext
    security and applications. Lecture Notes in Computer Science (including subseries
    Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics).
    PKC: Public Key Crypography, LNCS, vol. 8383, 329–344.'
  mla: Dachman Soled, Dana, et al. “Enhanced Chosen-Ciphertext Security and Applications.”
    <i>Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial
    Intelligence and Lecture Notes in Bioinformatics)</i>, edited by Hugo Krawczyk,
    vol. 8383, Springer, 2014, pp. 329–44, doi:<a href="https://doi.org/10.1007/978-3-642-54631-0_19">10.1007/978-3-642-54631-0_19</a>.
  short: D. Dachman Soled, G. Fuchsbauer, P. Mohassel, A. O’Neill, in:, H. Krawczyk
    (Ed.), Lecture Notes in Computer Science (Including Subseries Lecture Notes in
    Artificial Intelligence and Lecture Notes in Bioinformatics), Springer, 2014,
    pp. 329–344.
conference:
  end_date: 2014-03-28
  location: Buenos Aires, Argentina
  name: 'PKC: Public Key Crypography'
  start_date: 2014-03-26
date_created: 2018-12-11T11:55:24Z
date_published: 2014-01-01T00:00:00Z
date_updated: 2021-01-12T06:54:57Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-642-54631-0_19
ec_funded: 1
editor:
- first_name: Hugo
  full_name: Krawczyk, Hugo
  last_name: Krawczyk
intvolume: '      8383'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2012/543
month: '01'
oa: 1
oa_version: Submitted Version
page: 329 - 344
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication: Lecture Notes in Computer Science (including subseries Lecture Notes
  in Artificial Intelligence and Lecture Notes in Bioinformatics)
publication_status: published
publisher: Springer
publist_id: '5006'
quality_controlled: '1'
scopus_import: 1
status: public
title: Enhanced chosen-ciphertext security and applications
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 8383
year: '2014'
...
---
_id: '2046'
abstract:
- lang: eng
  text: 'We introduce policy-based signatures (PBS), where a signer can only sign
    messages conforming to some authority-specified policy. The main requirements
    are unforgeability and privacy, the latter meaning that signatures not reveal
    the policy. PBS offers value along two fronts: (1) On the practical side, they
    allow a corporation to control what messages its employees can sign under the
    corporate key. (2) On the theoretical side, they unify existing work, capturing
    other forms of signatures as special cases or allowing them to be easily built.
    Our work focuses on definitions of PBS, proofs that this challenging primitive
    is realizable for arbitrary policies, efficient constructions for specific policies,
    and a few representative applications.'
acknowledgement: Part of his work was done while at Bristol University, supported
  by EPSRC grant EP/H043454/1.
alternative_title:
- LNCS
author:
- first_name: Mihir
  full_name: Bellare, Mihir
  last_name: Bellare
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
citation:
  ama: 'Bellare M, Fuchsbauer G. Policy-based signatures. In: Krawczyk H, ed. <i>Lecture
    Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence
    and Lecture Notes in Bioinformatics)</i>. Vol 8383. Springer; 2014:520-537. doi:<a
    href="https://doi.org/10.1007/978-3-642-54631-0_30">10.1007/978-3-642-54631-0_30</a>'
  apa: 'Bellare, M., &#38; Fuchsbauer, G. (2014). Policy-based signatures. In H. Krawczyk
    (Ed.), <i>Lecture Notes in Computer Science (including subseries Lecture Notes
    in Artificial Intelligence and Lecture Notes in Bioinformatics)</i> (Vol. 8383,
    pp. 520–537). Buenos Aires, Argentina: Springer. <a href="https://doi.org/10.1007/978-3-642-54631-0_30">https://doi.org/10.1007/978-3-642-54631-0_30</a>'
  chicago: Bellare, Mihir, and Georg Fuchsbauer. “Policy-Based Signatures.” In <i>Lecture
    Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence
    and Lecture Notes in Bioinformatics)</i>, edited by Hugo Krawczyk, 8383:520–37.
    Springer, 2014. <a href="https://doi.org/10.1007/978-3-642-54631-0_30">https://doi.org/10.1007/978-3-642-54631-0_30</a>.
  ieee: M. Bellare and G. Fuchsbauer, “Policy-based signatures,” in <i>Lecture Notes
    in Computer Science (including subseries Lecture Notes in Artificial Intelligence
    and Lecture Notes in Bioinformatics)</i>, Buenos Aires, Argentina, 2014, vol.
    8383, pp. 520–537.
  ista: 'Bellare M, Fuchsbauer G. 2014. Policy-based signatures. Lecture Notes in
    Computer Science (including subseries Lecture Notes in Artificial Intelligence
    and Lecture Notes in Bioinformatics). PKC: Public Key Crypography, LNCS, vol.
    8383, 520–537.'
  mla: Bellare, Mihir, and Georg Fuchsbauer. “Policy-Based Signatures.” <i>Lecture
    Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence
    and Lecture Notes in Bioinformatics)</i>, edited by Hugo Krawczyk, vol. 8383,
    Springer, 2014, pp. 520–37, doi:<a href="https://doi.org/10.1007/978-3-642-54631-0_30">10.1007/978-3-642-54631-0_30</a>.
  short: M. Bellare, G. Fuchsbauer, in:, H. Krawczyk (Ed.), Lecture Notes in Computer
    Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture
    Notes in Bioinformatics), Springer, 2014, pp. 520–537.
conference:
  end_date: 2014-05-28
  location: Buenos Aires, Argentina
  name: 'PKC: Public Key Crypography'
  start_date: 2014-05-26
date_created: 2018-12-11T11:55:24Z
date_published: 2014-01-01T00:00:00Z
date_updated: 2021-01-12T06:54:57Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-642-54631-0_30
ec_funded: 1
editor:
- first_name: Hugo
  full_name: Krawczyk, Hugo
  last_name: Krawczyk
intvolume: '      8383'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://eprint.iacr.org/2013/413
month: '01'
oa: 1
oa_version: Submitted Version
page: 520 - 537
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication: Lecture Notes in Computer Science (including subseries Lecture Notes
  in Artificial Intelligence and Lecture Notes in Bioinformatics)
publication_status: published
publisher: Springer
publist_id: '5005'
quality_controlled: '1'
scopus_import: 1
status: public
title: Policy-based signatures
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 8383
year: '2014'
...
---
OA_place: repository
OA_type: green
_id: '1927'
abstract:
- lang: eng
  text: Constrained pseudorandom functions have recently been introduced independently
    by Boneh and Waters (Asiacrypt’13), Kiayias et al. (CCS’13), and Boyle et al.
    (PKC’14). In a standard pseudorandom function (PRF) a key k is used to evaluate
    the PRF on all inputs in the domain. Constrained PRFs additionally offer the functionality
    to delegate “constrained” keys kS which allow to evaluate the PRF only on a subset
    S of the domain. The three above-mentioned papers all show that the classical
    GGM construction (J.ACM’86) of a PRF from a pseudorandom generator (PRG) directly
    yields a constrained PRF where one can compute constrained keys to evaluate the
    PRF on all inputs with a given prefix. This constrained PRF has already found
    many interesting applications. Unfortunately, the existing security proofs only
    show selective security (by a reduction to the security of the underlying PRG).
    To achieve full security, one has to use complexity leveraging, which loses an
    exponential factor 2N in security, where N is the input length. The first contribution
    of this paper is a new reduction that only loses a quasipolynomial factor qlog
    N, where q is the number of adversarial queries. For this we develop a new proof
    technique which constructs a distinguisher by interleaving simple guessing steps
    and hybrid arguments a small number of times. This approach might be of interest
    also in other contexts where currently the only technique to achieve full security
    is complexity leveraging. Our second contribution is concerned with another constrained
    PRF, due to Boneh and Waters, which allows for constrained keys for the more general
    class of bit-fixing functions. Their security proof also suffers from a 2N loss,
    which we show is inherent. We construct a meta-reduction which shows that any
    “simple” reduction of full security from a noninteractive hardness assumption
    must incur an exponential security loss.
acknowledgement: "We are grateful to Mihir Bellare for his feedback on earlier versions
  of this paper. We are indebted to Vanishree Rao for her generous assistance in preparing
  this proceedings version.\r\nResearch supported by ERC starting grant (259668-PSPC)."
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Momchil
  full_name: Konstantinov, Momchil
  last_name: Konstantinov
- first_name: Krzysztof Z
  full_name: Pietrzak, Krzysztof Z
  id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
  last_name: Pietrzak
  orcid: 0000-0002-9139-1654
- first_name: Vanishree
  full_name: Rao, Vanishree
  last_name: Rao
citation:
  ama: 'Fuchsbauer G, Konstantinov M, Pietrzak KZ, Rao V. Adaptive security of constrained
    PRFs. In: <i>20th International Conference on the Theory and Application of Cryptology
    and Information Security</i>. Vol 8874. Springer Nature; 2014:82-101. doi:<a href="https://doi.org/10.1007/978-3-662-45608-8_5">10.1007/978-3-662-45608-8_5</a>'
  apa: 'Fuchsbauer, G., Konstantinov, M., Pietrzak, K. Z., &#38; Rao, V. (2014). Adaptive
    security of constrained PRFs. In <i>20th International Conference on the Theory
    and Application of Cryptology and Information Security</i> (Vol. 8874, pp. 82–101).
    Kaoshiung, Taiwan, China: Springer Nature. <a href="https://doi.org/10.1007/978-3-662-45608-8_5">https://doi.org/10.1007/978-3-662-45608-8_5</a>'
  chicago: Fuchsbauer, Georg, Momchil Konstantinov, Krzysztof Z Pietrzak, and Vanishree
    Rao. “Adaptive Security of Constrained PRFs.” In <i>20th International Conference
    on the Theory and Application of Cryptology and Information Security</i>, 8874:82–101.
    Springer Nature, 2014. <a href="https://doi.org/10.1007/978-3-662-45608-8_5">https://doi.org/10.1007/978-3-662-45608-8_5</a>.
  ieee: G. Fuchsbauer, M. Konstantinov, K. Z. Pietrzak, and V. Rao, “Adaptive security
    of constrained PRFs,” in <i>20th International Conference on the Theory and Application
    of Cryptology and Information Security</i>, Kaoshiung, Taiwan, China, 2014, vol.
    8874, pp. 82–101.
  ista: 'Fuchsbauer G, Konstantinov M, Pietrzak KZ, Rao V. 2014. Adaptive security
    of constrained PRFs. 20th International Conference on the Theory and Application
    of Cryptology and Information Security. ASIACRYPT: Conference on the Theory and
    Application of Cryptology and Information Security, LNCS, vol. 8874, 82–101.'
  mla: Fuchsbauer, Georg, et al. “Adaptive Security of Constrained PRFs.” <i>20th
    International Conference on the Theory and Application of Cryptology and Information
    Security</i>, vol. 8874, Springer Nature, 2014, pp. 82–101, doi:<a href="https://doi.org/10.1007/978-3-662-45608-8_5">10.1007/978-3-662-45608-8_5</a>.
  short: G. Fuchsbauer, M. Konstantinov, K.Z. Pietrzak, V. Rao, in:, 20th International
    Conference on the Theory and Application of Cryptology and Information Security,
    Springer Nature, 2014, pp. 82–101.
conference:
  end_date: 2014-12-11
  location: Kaoshiung, Taiwan, China
  name: 'ASIACRYPT: Conference on the Theory and Application of Cryptology and Information
    Security'
  start_date: 2014-12-07
date_created: 2018-12-11T11:54:45Z
date_published: 2014-12-15T00:00:00Z
date_updated: 2025-09-23T09:47:44Z
day: '15'
department:
- _id: KrPi
doi: 10.1007/978-3-662-45608-8_5
ec_funded: 1
extern: '1'
intvolume: '      8874'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: http://eprint.iacr.org/2014/416
month: '12'
oa: 1
oa_version: Submitted Version
page: 82-101
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication: 20th International Conference on the Theory and Application of Cryptology
  and Information Security
publication_identifier:
  eisbn:
  - '9783662456088'
  eissn:
  - 1611-3349
  isbn:
  - '9783662456071'
  issn:
  - 0302-9743
publication_status: published
publisher: Springer Nature
publist_id: '5167'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Adaptive security of constrained PRFs
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 8874
year: '2014'
...
---
_id: '1643'
abstract:
- lang: eng
  text: We extend the notion of verifiable random functions (VRF) to constrained VRFs,
    which generalize the concept of constrained pseudorandom functions, put forward
    by Boneh and Waters (Asiacrypt’13), and independently by Kiayias et al. (CCS’13)
    and Boyle et al. (PKC’14), who call them delegatable PRFs and functional PRFs,
    respectively. In a standard VRF the secret key sk allows one to evaluate a pseudorandom
    function at any point of its domain; in addition, it enables computation of a
    non-interactive proof that the function value was computed correctly. In a constrained
    VRF from the key sk one can derive constrained keys skS for subsets S of the domain,
    which allow computation of function values and proofs only at points in S. After
    formally defining constrained VRFs, we derive instantiations from the multilinear-maps-based
    constrained PRFs by Boneh and Waters, yielding a VRF with constrained keys for
    any set that can be decided by a polynomial-size circuit. Our VRFs have the same
    function values as the Boneh-Waters PRFs and are proved secure under the same
    hardness assumption, showing that verifiability comes at no cost. Constrained
    (functional) VRFs were stated as an open problem by Boyle et al.
alternative_title:
- LNCS
author:
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
citation:
  ama: 'Fuchsbauer G. Constrained Verifiable Random Functions . In: Abdalla M, De
    Prisco R, eds. <i>SCN 2014</i>. Vol 8642. Springer; 2014:95-114. doi:<a href="https://doi.org/10.1007/978-3-319-10879-7_7">10.1007/978-3-319-10879-7_7</a>'
  apa: 'Fuchsbauer, G. (2014). Constrained Verifiable Random Functions . In M. Abdalla
    &#38; R. De Prisco (Eds.), <i>SCN 2014</i> (Vol. 8642, pp. 95–114). Amalfi, Italy:
    Springer. <a href="https://doi.org/10.1007/978-3-319-10879-7_7">https://doi.org/10.1007/978-3-319-10879-7_7</a>'
  chicago: Fuchsbauer, Georg. “Constrained Verifiable Random Functions .” In <i>SCN
    2014</i>, edited by Michel Abdalla and Roberto De Prisco, 8642:95–114. Springer,
    2014. <a href="https://doi.org/10.1007/978-3-319-10879-7_7">https://doi.org/10.1007/978-3-319-10879-7_7</a>.
  ieee: G. Fuchsbauer, “Constrained Verifiable Random Functions ,” in <i>SCN 2014</i>,
    Amalfi, Italy, 2014, vol. 8642, pp. 95–114.
  ista: 'Fuchsbauer G. 2014. Constrained Verifiable Random Functions . SCN 2014. SCN:
    Security and Cryptography for Networks, LNCS, vol. 8642, 95–114.'
  mla: Fuchsbauer, Georg. “Constrained Verifiable Random Functions .” <i>SCN 2014</i>,
    edited by Michel Abdalla and Roberto De Prisco, vol. 8642, Springer, 2014, pp.
    95–114, doi:<a href="https://doi.org/10.1007/978-3-319-10879-7_7">10.1007/978-3-319-10879-7_7</a>.
  short: G. Fuchsbauer, in:, M. Abdalla, R. De Prisco (Eds.), SCN 2014, Springer,
    2014, pp. 95–114.
conference:
  end_date: 2014-09-05
  location: Amalfi, Italy
  name: 'SCN: Security and Cryptography for Networks'
  start_date: 2014-09-03
corr_author: '1'
date_created: 2018-12-11T11:53:13Z
date_published: 2014-01-01T00:00:00Z
date_updated: 2024-10-09T20:55:56Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-319-10879-7_7
ec_funded: 1
editor:
- first_name: Michel
  full_name: Abdalla, Michel
  last_name: Abdalla
- first_name: Roberto
  full_name: De Prisco, Roberto
  last_name: De Prisco
intvolume: '      8642'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: http://eprint.iacr.org/2014/537
month: '01'
oa: 1
oa_version: Submitted Version
page: 95 - 114
project:
- _id: 258C570E-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '259668'
  name: Provable Security for Physical Cryptography
publication: SCN 2014
publication_status: published
publisher: Springer
publist_id: '5509'
scopus_import: 1
status: public
title: 'Constrained Verifiable Random Functions '
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 8642
year: '2014'
...
---
_id: '2260'
abstract:
- lang: eng
  text: "Direct Anonymous Attestation (DAA) is one of the most complex cryptographic
    protocols deployed in practice. It allows an embedded secure processor known as
    a Trusted Platform Module (TPM) to attest to the configuration of its host computer
    without violating the owner’s privacy. DAA has been standardized by the Trusted
    Computing Group and ISO/IEC.\r\n\r\nThe security of the DAA standard and all existing
    schemes is analyzed in the random-oracle model. We provide the first constructions
    of DAA in the standard model, that is, without relying on random oracles. Our
    constructions use new building blocks, including the first efficient signatures
    of knowledge in the standard model, which have many applications beyond DAA.\r\n"
alternative_title:
- LNCS
author:
- first_name: David
  full_name: Bernhard, David
  last_name: Bernhard
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Essam
  full_name: Ghadafi, Essam
  last_name: Ghadafi
citation:
  ama: Bernhard D, Fuchsbauer G, Ghadafi E. Efficient signatures of knowledge and
    DAA in the standard model. 2013;7954:518-533. doi:<a href="https://doi.org/10.1007/978-3-642-38980-1_33">10.1007/978-3-642-38980-1_33</a>
  apa: 'Bernhard, D., Fuchsbauer, G., &#38; Ghadafi, E. (2013). Efficient signatures
    of knowledge and DAA in the standard model. Presented at the ACNS: Applied Cryptography
    and Network Security, Banff, AB, Canada: Springer. <a href="https://doi.org/10.1007/978-3-642-38980-1_33">https://doi.org/10.1007/978-3-642-38980-1_33</a>'
  chicago: Bernhard, David, Georg Fuchsbauer, and Essam Ghadafi. “Efficient Signatures
    of Knowledge and DAA in the Standard Model.” Lecture Notes in Computer Science.
    Springer, 2013. <a href="https://doi.org/10.1007/978-3-642-38980-1_33">https://doi.org/10.1007/978-3-642-38980-1_33</a>.
  ieee: D. Bernhard, G. Fuchsbauer, and E. Ghadafi, “Efficient signatures of knowledge
    and DAA in the standard model,” vol. 7954. Springer, pp. 518–533, 2013.
  ista: Bernhard D, Fuchsbauer G, Ghadafi E. 2013. Efficient signatures of knowledge
    and DAA in the standard model. 7954, 518–533.
  mla: Bernhard, David, et al. <i>Efficient Signatures of Knowledge and DAA in the
    Standard Model</i>. Vol. 7954, Springer, 2013, pp. 518–33, doi:<a href="https://doi.org/10.1007/978-3-642-38980-1_33">10.1007/978-3-642-38980-1_33</a>.
  short: D. Bernhard, G. Fuchsbauer, E. Ghadafi, 7954 (2013) 518–533.
conference:
  end_date: 2013-06-28
  location: Banff, AB, Canada
  name: 'ACNS: Applied Cryptography and Network Security'
  start_date: 2013-06-25
date_created: 2018-12-11T11:56:37Z
date_published: 2013-06-01T00:00:00Z
date_updated: 2020-08-11T10:09:44Z
day: '01'
department:
- _id: KrPi
doi: 10.1007/978-3-642-38980-1_33
intvolume: '      7954'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: http://eprint.iacr.org/2012/475
month: '06'
oa: 1
oa_version: Submitted Version
page: 518 - 533
publication_status: published
publisher: Springer
publist_id: '4686'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: Efficient signatures of knowledge and DAA in the standard model
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 7954
year: '2013'
...
---
_id: '2291'
abstract:
- lang: eng
  text: "Cryptographic access control promises to offer easily distributed trust and
    broader applicability, while reducing reliance on low-level online monitors. Traditional
    implementations of cryptographic access control rely on simple cryptographic primitives
    whereas recent endeavors employ primitives with richer functionality and security
    guarantees. Worryingly, few of the existing cryptographic access-control schemes
    come with precise guarantees, the gap between the policy specification and the
    implementation being analyzed only informally, if at all. In this paper we begin
    addressing this shortcoming. Unlike prior work that targeted ad-hoc policy specification,
    we look at the well-established Role-Based Access Control (RBAC) model, as used
    in a typical file system. In short, we provide a precise syntax for a computational
    version of RBAC, offer rigorous definitions for cryptographic policy enforcement
    of a large class of RBAC security policies, and demonstrate that an implementation
    based on attribute-based encryption meets our security notions. We view our main
    contribution as being at the conceptual level. Although we work with RBAC for
    concreteness, our general methodology could guide future research for uses of
    cryptography in other access-control models. \r\n"
article_processing_charge: No
author:
- first_name: Anna
  full_name: Ferrara, Anna
  last_name: Ferrara
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: Bogdan
  full_name: Warinschi, Bogdan
  last_name: Warinschi
citation:
  ama: 'Ferrara A, Fuchsbauer G, Warinschi B. Cryptographically enforced RBAC. In:
    IEEE; 2013:115-129. doi:<a href="https://doi.org/10.1109/CSF.2013.15">10.1109/CSF.2013.15</a>'
  apa: 'Ferrara, A., Fuchsbauer, G., &#38; Warinschi, B. (2013). Cryptographically
    enforced RBAC (pp. 115–129). Presented at the CSF: Computer Security Foundations,
    New Orleans, LA, United States: IEEE. <a href="https://doi.org/10.1109/CSF.2013.15">https://doi.org/10.1109/CSF.2013.15</a>'
  chicago: Ferrara, Anna, Georg Fuchsbauer, and Bogdan Warinschi. “Cryptographically
    Enforced RBAC,” 115–29. IEEE, 2013. <a href="https://doi.org/10.1109/CSF.2013.15">https://doi.org/10.1109/CSF.2013.15</a>.
  ieee: 'A. Ferrara, G. Fuchsbauer, and B. Warinschi, “Cryptographically enforced
    RBAC,” presented at the CSF: Computer Security Foundations, New Orleans, LA, United
    States, 2013, pp. 115–129.'
  ista: 'Ferrara A, Fuchsbauer G, Warinschi B. 2013. Cryptographically enforced RBAC.
    CSF: Computer Security Foundations, 115–129.'
  mla: Ferrara, Anna, et al. <i>Cryptographically Enforced RBAC</i>. IEEE, 2013, pp.
    115–29, doi:<a href="https://doi.org/10.1109/CSF.2013.15">10.1109/CSF.2013.15</a>.
  short: A. Ferrara, G. Fuchsbauer, B. Warinschi, in:, IEEE, 2013, pp. 115–129.
conference:
  end_date: 2013-09-28
  location: New Orleans, LA, United States
  name: 'CSF: Computer Security Foundations'
  start_date: 2013-09-26
date_created: 2018-12-11T11:56:48Z
date_published: 2013-09-01T00:00:00Z
date_updated: 2025-09-29T14:22:06Z
day: '01'
department:
- _id: KrPi
doi: 10.1109/CSF.2013.15
external_id:
  isi:
  - '000335225600008'
isi: 1
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: http://eprint.iacr.org/2013/492
month: '09'
oa: 1
oa_version: Submitted Version
page: 115 - 129
publication_status: published
publisher: IEEE
publist_id: '4637'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Cryptographically enforced RBAC
type: conference
user_id: 317138e5-6ab7-11ef-aa6d-ffef3953e345
year: '2013'
...
---
_id: '502'
abstract:
- lang: eng
  text: 'Blind signatures allow users to obtain signatures on messages hidden from
    the signer; moreover, the signer cannot link the resulting message/signature pair
    to the signing session. This paper presents blind signature schemes, in which
    the number of interactions between the user and the signer is minimal and whose
    blind signatures are short. Our schemes are defined over bilinear groups and are
    proved secure in the common-reference-string model without random oracles and
    under standard assumptions: CDH and the decision-linear assumption. (We also give
    variants over asymmetric groups based on similar assumptions.) The blind signatures
    are Waters signatures, which consist of 2 group elements. Moreover, we instantiate
    partially blind signatures, where the message consists of a part hidden from the
    signer and a commonly known public part, and schemes achieving perfect blindness.
    We propose new variants of blind signatures, such as signer-friendly partially
    blind signatures, where the public part can be chosen by the signer without prior
    agreement, 3-party blind signatures, as well as blind signatures on multiple aggregated
    messages provided by independent sources. We also extend Waters signatures to
    non-binary alphabets by proving a new result on the underlying hash function. '
author:
- first_name: Olivier
  full_name: Blazy, Olivier
  last_name: Blazy
- first_name: Georg
  full_name: Fuchsbauer, Georg
  id: 46B4C3EE-F248-11E8-B48F-1D18A9856A87
  last_name: Fuchsbauer
- first_name: David
  full_name: Pointcheval, David
  last_name: Pointcheval
- first_name: Damien
  full_name: Vergnaud, Damien
  last_name: Vergnaud
citation:
  ama: Blazy O, Fuchsbauer G, Pointcheval D, Vergnaud D. Short blind signatures. <i>Journal
    of Computer Security</i>. 2013;21(5):627-661. doi:<a href="https://doi.org/10.3233/JCS-130477">10.3233/JCS-130477</a>
  apa: Blazy, O., Fuchsbauer, G., Pointcheval, D., &#38; Vergnaud, D. (2013). Short
    blind signatures. <i>Journal of Computer Security</i>. IOS Press. <a href="https://doi.org/10.3233/JCS-130477">https://doi.org/10.3233/JCS-130477</a>
  chicago: Blazy, Olivier, Georg Fuchsbauer, David Pointcheval, and Damien Vergnaud.
    “Short Blind Signatures.” <i>Journal of Computer Security</i>. IOS Press, 2013.
    <a href="https://doi.org/10.3233/JCS-130477">https://doi.org/10.3233/JCS-130477</a>.
  ieee: O. Blazy, G. Fuchsbauer, D. Pointcheval, and D. Vergnaud, “Short blind signatures,”
    <i>Journal of Computer Security</i>, vol. 21, no. 5. IOS Press, pp. 627–661, 2013.
  ista: Blazy O, Fuchsbauer G, Pointcheval D, Vergnaud D. 2013. Short blind signatures.
    Journal of Computer Security. 21(5), 627–661.
  mla: Blazy, Olivier, et al. “Short Blind Signatures.” <i>Journal of Computer Security</i>,
    vol. 21, no. 5, IOS Press, 2013, pp. 627–61, doi:<a href="https://doi.org/10.3233/JCS-130477">10.3233/JCS-130477</a>.
  short: O. Blazy, G. Fuchsbauer, D. Pointcheval, D. Vergnaud, Journal of Computer
    Security 21 (2013) 627–661.
date_created: 2018-12-11T11:46:50Z
date_published: 2013-11-22T00:00:00Z
date_updated: 2021-01-12T08:01:09Z
day: '22'
department:
- _id: KrPi
doi: 10.3233/JCS-130477
intvolume: '        21'
issue: '5'
language:
- iso: eng
month: '11'
oa_version: None
page: 627 - 661
publication: Journal of Computer Security
publication_status: published
publisher: IOS Press
publist_id: '7318'
quality_controlled: '1'
scopus_import: 1
status: public
title: Short blind signatures
type: journal_article
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 21
year: '2013'
...