Some Remarks on Cocks'Identity-Based Encryption Scheme

The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However,a notable drawback of Cocks’scheme is the significant expansion of the ciphertext,and some of its limitations have been addressed in subsequent research.Recently,Cotan and Teşeleanu highlighted that previous studies on Cocks’scheme relied on a trial-and-error method based on Jacobi symbols to generate the necessary parameters for the encryption process.They enhanced the encryption speed of Cocks’scheme by eliminating this trialand-error method.Based on security analysis,this study concludes that the security of Cotan-Teşeleanu’s proposal cannot be directly derived from the security of the original Cocks’scheme.Furthermore,by adopting the Cotan-Teşeleanu method and introducing an additional variable as a public element,this study develops a similar enhancement scheme that not only accelerates the encryption speed but also provides security equivalent to the original Cocks’scheme.

OBLIVIOUS TRANSFER WITH ACCESS CONTROL AND IDENTITY-BASED ENCRYPTION WITH ANONYMOUS KEY ISSUING

In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the sim-plified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption(IBE) with Anonymous Key Issuing(AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.

Security Analysis of a Privacy-Preserving Identity-Based Encryption Architecture

Identity-Based Encryption (IBE) has seen limited adoption, largely due to the absolute trust that must be placed in the private key generator (PKG)—an authority that computes the private keys for all the users in the environment. Several constructions have been proposed to reduce the trust required in the PKG (and thus preserve the privacy of users), but these have generally relied on unrealistic assumptions regarding non-collusion between various entities in the system. Unfortunately, these constructions have not significantly improved IBE adoption rates in real-world environments. In this paper, we present a construction that reduces trust in the PKG without unrealistic non-collusion assumptions. We achieve this by incorporating a novel combination of digital credential technology and bilinear maps, and making use of multiple randomly-chosen entities to complete certain tasks. The main result and primary contribution of this paper are a thorough security analysis of this proposed construction, examining the various entity types, attacker models, and collusion opportunities in this environment. We show that this construction can prevent, or at least mitigate, all considered attacks. We conclude that our construction appears to be effective in preserving user privacy and we hope that this construction and its security analysis will encourage greater use of IBE in real-world environments.

Construction and Implementation of a Privacy-Preserving Identity-Based Encryption Architecture

A recent proposal by Adams integrates the digital credentials (DC) technology of Brands with the identity-based encryption (IBE) technology of Boneh and Franklin to create an IBE scheme that demonstrably enhances privacy for users. We refer to this scheme as a privacy-preserving identity-based encryption (PP-IBE) construction. In this paper, we discuss the concrete implementation considerations for PP-IBE and provide a detailed instantiation (based on q-torsion groups in supersingular elliptic curves) that may be useful both for proof-of-concept purposes and for pedagogical purposes.

Identity-Based Encryption with Keyword Search from Lattice Assumption

Public key encryption scheme with keyword search （PEKS） enables us to search the encrypted data in a cloud server with a keyword, and no one can obtain any infor- mation about the encrypted data without the trapdoor corresponding to the keyword. The PEKS is useful to keep the management of large data storages secure such as those in a cloud. In this paper, to protect against quantum computer attacks, we present a lattice-based identity-based encryption scheme with key- word search. We have proved that our scheme can achieve ciphertext indistinguishability in the random oracle model, and our scheme can also achieve trapdoor security. In particular, our scheme can designate a unique tester to test and return the search results, therefore it does not need a secure channel. To the best of our knowledge, our scheme is the first iden- tity-based encryption scheme with keyword search from lattice assumption.

Verifiable Identity-Based Encryption with Keyword Search for IoT from Lattice

Internet of Things(IoT),which provides the solution of connecting things and devices,has increasingly developed as vital tools to realize intelligent life.Generally,source-limited IoT sensors outsource their data to the cloud,which arises the concerns that the transmission of IoT data is happening without appropriate consideration of the profound security challenges involved.Though encryption technology can guarantee the confidentiality of private data,it hinders the usability of data.Searchable encryption(SE)has been proposed to achieve secure data sharing and searching.However,most of existing SE schemes are designed under conventional hardness assumptions and may be vulnerable to the adversary with quantum computers.Moreover,the untrusted cloud server may perform an unfaithful search execution.To address these problems,in this paper,we propose the first verifiable identity-based keyword search(VIBKS)scheme from lattice.In particular,a lattice-based delegation algorithm is adopted to help the data user to verify both the correctness and the integrity of the search results.Besides,in order to reduce the communication overhead,we refer to the identity-based mechanism.We conduct rigorous proof to demonstrate that the proposed VIBKS scheme is ciphertext indistinguishable secure against the semi-honestbut-curious adversary.In addition,we give the detailed computation and communication complexity of our VIBKS and conduct a series of experiments to validate its efficiency performance.

Hybrid Cloud Security by Revocable KUNodes-Storage with Identity-Based Encryption

Cloud storage is a service involving cloud service providers providingstorage space to customers. Cloud storage services have numerous advantages,including convenience, high computation, and capacity, thereby attracting usersto outsource data in the cloud. However, users outsource data directly via cloudstage services that are unsafe when outsourcing data is sensitive for users. Therefore, cipher text-policy attribute-based encryption is a promising cryptographicsolution in a cloud environment, and can be drawn up for access control by dataowners (DO) to define access policy. Unfortunately, an outsourced architectureapplied with attribute-based encryption introduces numerous challenges, including revocation. This issue is a threat to the data security of DO. Furthermore,highly secure and flexible cipher text-based attribute access control with role hierarchy user grouping in cloud storage is implemented by extending the KUNodes(revocation) storage identity-based encryption. Result is evaluated using Cloudsim, and our algorithm outperforms in terms of computational cost by consuming32 MB for 150-MB files.

Identity-based encryption with wildcards in the standard model

In this article, based on Chatterjee-Sarkar＇ hierarchical identity-based encryption （HIBE）, a novel identity-based encryption with wildcards （WIBE） scheme is proposed and is proven secure in the standard model （without random oracle）. The proposed scheme is proven to be secure assuming that the decisional Bilinear Diffie-Hellman （DBDH） problem is hard. Compared with the Wa-WIBE scheme that is secure in the standard model, our scheme has shorter common parameters and ciphertext length.

Identity-based Encryption with Non-Interactive Opening

An identity-based encryption(IBE) was studied with non-interactively opening property that the plain text of a ciphertext can be revealed without affecting the security of the encryption system.Two kinds of non-interactive opening properties for IBE schemes were defined along with a concrete scheme in each case.

Reflections on the security proofs of Boneh-Franklin identity-based encryption scheme

In this paper, we first review the existing proofs of the Boneh-Franklin identity-based encryption scheme (BF-IBE for short), and show how to admit a new proof by slightly modifying the specifications of the hash functions of the original BF-IBE. Compared with prior proofs, our new proof provides a tighter security reduction and minimizes the use of random oracles, thus indicates BF-IBE has better provable security with our new choices of hash functions. The techniques developed in our proof can also be applied to improving security analysis of some other IBE schemes. As an independent technical contribution, we also give a rigorous proof of the Fujisaki-Okamoto (FO) transformation in the case of CPA-to-CCA, which demonstrates the efficiency of the FO-transformation (CPA-to-CCA), in terms of the tightness of security reduction, has long been underestimated. This result can remarkably benefit the security proofs of encryption schemes using the FO-transformation for CPA-to-CCA enhancement.

Practical continuous leakage-resilient CCA secure identity-based encryption

Leakage of private information including private keys of user has become a threat to the security of computing systems.It has become a common security requirement that a cryptographic scheme should withstand various leakage attacks.In the real life,an adversary can break the security of cryptography primitive by performing continuous leakage attacks.Although,some research on the leakage-resilient cryptography had been made,there are still some remaining issued in previous attempts.The identity-based encryption(IBE)constructions were designed in the bounded-leakage model,and might not be able to meet their claimed security under the continuous-leakage attacks.In the real applications,the leakage is unbounded.That is,a practical cryptography scheme should keep its original security in the continuous leakage setting.The previous continuous leakage-resilient IBE schemes either only achieve chosen-plaintext attacks security or the chosen-ciphertext attacks(CCA)security is proved in the selective identity model.Aiming to solve these problems,in this paper,we show how to construct the continuous leakage-resilient IBE scheme,and the scheme’s adaptive CCA security is proved in the standard model based on the hardness of decisional bilinear Diffie-Hellman exponent assumption.For any adversary,all elements in the ciphertext are random,and an adversary cannot obtain any leakage on the private key of user from the corresponding given ciphertext.Moreover,the leakage parameter of our proposal is independent of the plaintext space and has a constant size.

An Identity-Based Encryption Scheme with Compact Ciphertexts

This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user＇s public key. The advantage of an identity-based public key system is that it can avoid public key certificates and certificate management. Our identity-based encryption scheme enjoys short ciphertexts and provable security against chosen-ciphertext attack （CCA）.

Fully Secure Identity-based Broadcast Encryption in the Subgroups

In this paper,we show how to use the dual techniques in the subgroups to give a secure identity-based broadcast encryption(IBBE) scheme with constant-size ciphertexts. Our scheme achieves the full security(adaptive security) under three static(i.e. non q-based) assumptions. It is worth noting that only recently Waters gives a short ciphertext broadcast encryption system that is even adaptively secure under the simple assumptions. One feature of our methodology is that it is relatively simple to leverage our techniques to get adaptive security.

ID-based authentication scheme combined with identity-based encryption with fingerprint hashing

Current identity-based （ID） cryptosystem lacks the mechanisms of two-party authentication and user＇s private key distribution. Some ID-based signcryption schemes and ID-based authenticated key agreement protocols have been presented, but they cannot solve the problem completely. A novel ID-based authentication scheme based on ID-based encrypfion （IBE） and fingerprint hashing method is proposed to solve the difficulties in the IBE scheme, which includes message receiver authenticating the sender, the trusted authority （TA） authenticating the users and transmitting the private key to them. Furthermore, the scheme extends the application of fingerprint authentication from terminal to network and protects against fingerprint data fabrication. The fingerprint authentication method consists of two factors. This method combines a token key, for example, the USB key, with the user＇s fingerprint hash by mixing a pseudo-random number with the fingerprint feature. The security and experimental efficiency meet the requirements of practical applications.

Sharing of Encrypted Lock Keys in the Blockchain-Based Renting House System from Time- and Identity-Based Proxy Reencryption

To design an efficient protocol for sharing the encrypted lock keys in the renting house system,we introduce a new notion called time-and identitybased proxy reencryption(TIPRE)and the blockchain platform.Our CPA secure TIPRE scheme is constructed from Green et al.’s identity-based proxy reencryption scheme by adding the time property.In every time period,a time stamp authority generates a public key embedded with the current time stamp for each user.In our protocol for the renting house system,the TIPRE scheme is the primary building block,and the blockchain platform serves instead of a trusted third party,such as a real estate agency between landlords and tenants.The TIPRE scheme allows the landlord to change the lock key at each time period for safety.The blockchain platform allows the landlords and tenants to directly interact,and all of the interactions are recorded in the blockchain database to provide the desired security requirements,such as nonrepudiation and unforgeability.Finally,we provide the secure analysis of our protocol and test its performance by implementing it in the MacBook Pro and the Intel Edison development platforms.

Key-Private Identity-Based Proxy Re-Encryption

An identity-based proxy re-encryption scheme(IB-PRE)allows a semi-trusted proxy to convert an encryption under one identity to another without revealing the underlying message.Due to the fact that the proxy was semi-trusted,it should place as little trust as necessary to allow it to perform the translations.In some applications such as distributed file system,it demands the adversary cannot identify the sender and recipient’s identities.However,none of the exiting IB-PRE schemes satisfy this requirement.In this work,we first define the security model of key-private IB-PRE.Finally,we propose the first key-private IB-PRE scheme.Our scheme is chosen plaintext secure(CPA)and collusion resistant in the standard model.

An Efficient Identity-Based Homomorphic Broadcast Encryption

Broadcast encryption (BE) allows a sender to broadcast its message to a set of receivers in a single ciphertext. However, in broadcast encryption scheme, ciphertext length is always related to the size of the receiver set. Thus, how to improve the communication of broadcast encryption is a big issue. In this paper, we proposed an identity-based homomorphic broadcast encryption scheme which supports an external entity to directly calculate ciphertexts and get a new ciphertext which is the corresponding result of the operation on plaintexts without decrypting them. The correctness and security proofs of our scheme were formally proved. Finally, we implemented our scheme in a simulation environment and the experiment results showed that our scheme is efficient for practical applications.

Physical Layer Encryption of OFDM-PON Based on Quantum Noise Stream Cipher with Polar Code

Orthogonal frequency division multiplexing passive optical network(OFDM-PON) has superior anti-dispersion property to operate in the C-band of fiber for increased optical power budget. However,the downlink broadcast exposes the physical layer vulnerable to the threat of illegal eavesdropping. Quantum noise stream cipher(QNSC) is a classic physical layer encryption method and well compatible with the OFDM-PON. Meanwhile, it is indispensable to exploit forward error correction(FEC) to control errors in data transmission. However, when QNSC and FEC are jointly coded, the redundant information becomes heavier and thus the code rate of the transmitted signal will be largely reduced. In this work, we propose a physical layer encryption scheme based on polar-code-assisted QNSC. In order to improve the code rate and security of the transmitted signal, we exploit chaotic sequences to yield the redundant bits and utilize the redundant information of the polar code to generate the higher-order encrypted signal in the QNSC scheme with the operation of the interleaver.We experimentally demonstrate the encrypted 16/64-QAM, 16/256-QAM, 16/1024-QAM, 16/4096-QAM QNSC signals transmitted over 30-km standard single mode fiber. For the transmitted 16/4096-QAM QNSC signal, compared with the conventional QNSC method, the proposed method increases the code rate from 0.1 to 0.32 with enhanced security.

A Blind Batch Encryption and Public Ledger-Based Protocol for Sharing Sensitive Data

For the goals of security and privacy preservation,we propose a blind batch encryption-and public ledger-based data sharing protocol that allows the integrity of sensitive data to be audited by a public ledger and allows privacy information to be preserved.Data owners can tightly manage their data with efficient revocation and only grant one-time adaptive access for the fulfillment of the requester.We prove that our protocol is semanticallly secure,blind,and secure against oblivious requesters and malicious file keepers.We also provide security analysis in the context of four typical attacks.

Enhancing IoT Data Security with Lightweight Blockchain and Okamoto Uchiyama Homomorphic Encryption

Blockchain technology has garnered significant attention from global organizations and researchers due to its potential as a solution for centralized system challenges.Concurrently,the Internet of Things(IoT)has revolutionized the Fourth Industrial Revolution by enabling interconnected devices to offer innovative services,ultimately enhancing human lives.This paper presents a new approach utilizing lightweight blockchain technology,effectively reducing the computational burden typically associated with conventional blockchain systems.By integrating this lightweight blockchain with IoT systems,substantial reductions in implementation time and computational complexity can be achieved.Moreover,the paper proposes the utilization of the Okamoto Uchiyama encryption algorithm,renowned for its homomorphic characteristics,to reinforce the privacy and security of IoT-generated data.The integration of homomorphic encryption and blockchain technology establishes a secure and decentralized platformfor storing and analyzing sensitive data of the supply chain data.This platformfacilitates the development of some business models and empowers decentralized applications to perform computations on encrypted data while maintaining data privacy.The results validate the robust security of the proposed system,comparable to standard blockchain implementations,leveraging the distinctive homomorphic attributes of the Okamoto Uchiyama algorithm and the lightweight blockchain paradigm.