Provable Security
5th International Conference, ProvSec 2011, Xi'an, China, October 16-18, 2011. Proceedings
Published on 15. September 2011
XIII, 399 pages
978-3-642-24316-5 (ISBN)
Description
This book constitutes the refereed proceedings of the 5th Provable Security Conference held in in Xi'an, China, in October 2011. The 22 full papers presented together with 4 short papers and 2 invited talks were carefully reviewed and selected from 75 submissions. The papers are divided in topical sections on cryptographic primitives; encryption; cryptographic protocols; security models and framework; and key agreement.
More details
Other editions
Additional editions
Xavier Boyen | Xiaofeng Chen
Provable Security
5th International Conference, ProvSec 2011, Xi'an, China, October 16-18, 2011. Proceedings
Book
09/2011
Springer
€53.49
Shipment within 7-9 days
Persons
Content
- Title Page
- Preface
- Organization
- Table of Contents
- Invited Talks
- Optimal Structure-Preserving Signatures
- Secure Composition of Cryptographic Protocols
- Talk Overview
- Cryptographic Primitives
- Secure Two-Party Computation over a Z-Channel
- Introduction
- The Z-Channel
- Contribution
- Outline of the Paper
- Preliminaries
- A Security Definition for Oblivious Transfer
- Oblivious Transfer over a Z-Channel
- Protocol
- Security in the Semi-honest Scenario
- Efficiency and Resistance to Unfair Adversaries
- Unfair Z-Channel
- Efficiency
- Conclusion
- References
- Precise Time and Space Simulatable Zero-Knowledge
- Introduction
- Our Results
- The New Notion
- High-Level Proofs of Our Results
- PTSEPOKs and PTSEAOKs
- The Constructions
- Constructions of the PTSEPOKs and PTSEAOKs
- References
- Weak Oblivious Transfer from Strong One-Way Functions
- Introduction
- Our Contribution
- Preliminaries
- Encoding Subsets, Min-Entropy and Strong Extractor
- One-Way Functions and Hard-Core Predicates
- Oblivious Transfer
- Interactive Hashing
- Error-Correcting Codes
- The Protocol in the Random Oracle Model
- Description of ROM Protocol
- Functionality and Security Proofs
- The Protocol from One-Way Permutations
- Description of OWP Protocol
- Functionality and Security Proofs
- The Protocol from One-Way Functions
- Description of OWFs Protocol
- Functionality and Security Proofs
- Conclusions and Open Problems
- References
- Simulatable Adaptive Oblivious Transfer with Statistical Receiver's Privacy
- Introduction
- Related Work
- Our Contributions
- Preliminaries
- Zero-Knowledge Proof and -Protocol
- Security Definition (Fully Simulation Security)
- Fully Simulatable OTnk1 with Statistical Receiver's Privacy
- Extended Zero-Knowledge Proof Framework
- Applications
- Generic Fully Simulatable OTnk1 Framework
- OTnk1 Based on Elgamal Encryption
- OTnk1 Based on Paillier Encryption
- Conclusions and Discussion
- References
- Encryption
- Verifiable Security of Boneh-Franklin Identity-Based Encryption
- Introduction
- An Introduction to CertiCrypt
- Preliminaries
- Bilinear Maps and Bilinear Diffie-Hellman Assumption
- Identity-Based Encryption
- Security of the Boneh-Franklin BasicIdent Scheme
- Conclusion and Future Work
- References
- Fundamental Lemma of Game-Playing
- Derived Equations
- Efficient Ciphertext Policy Attribute-BasedEncryption with Constant-Size Ciphertext and Constant Computation-Cost
- Introduction
- Preliminary
- Ciphertext Policy ABE
- Syntactic Definition of CP-ABE
- CPA Security Game for CP-ABE
- Basic Construction
- CPA Security Proof
- Performance Comparison
- CCA-Secure Extension
- Performance Considerations
- Multi-authority Extension
- Conclusion
- References
- CCA Security Game for CP-ABE
- Proof of Theorem 2
- Fully Distributed Broadcast Encryption
- Introduction
- Preliminaries
- Bilinear Pairings and Assumptions
- Shamir's Secret Sharing Scheme
- Fully Distributed Broadcast Encryption
- Modeling FDBE Systems
- Security Definitions
- Transforming Semi-adaptive Security to Adaptive Security
- Basic FDBE with Short Ciphertext
- Discussions
- FDBE with Adaptive Security
- Tradeoff between Ciphertexts and Keys
- Applications
- Conclusion
- References
- Appendix
- Efficient Identity-Based Signcryption in the Standard Model
- Introduction
- Related Work
- Our Contribution
- Paper Organization
- Preliminaries
- Bilinear Maps
- Complexity Assumptions
- Formal Model of Identity-Based Signcryption
- Definition
- Security Notions
- An Efficient Identity-Based Signcryption Scheme
- Analysis of the Scheme
- Consistency
- Security
- Performance and Security Comparison
- Conclusions
- References
- Proof of Theorem 1
- Proof of Theorem 2
- Toward Compact Public Key Encryption Based on CDH Assumption via Extended Twin DH Assumption
- Background
- Preliminary
- Key Encapsulation Mechanism (KEM)
- IND-CCA Security for KEM
- Computational Diffie-Hellman Assumption
- Hardcore Function for the Diffie-Hellman Key
- Target Collision-Resistant Hash Function
- Extended Strong Twin Diffie-Hellman Assumption
- Proposed Scheme
- Algorithms (KEMe2dh)
- Security
- Comparison
- Conclusion
- References
- Proof of Lemma 1
- Anonymous Encryption with Partial-Order Subset Delegation Functionality
- Introduction
- Motivation
- Related Works
- Our Contribution
- Organization
- Notations and Backgrounds
- Notations
- Partial Order and Conditional PO Graph
- Admissible Bilinear Maps in Composite Order Groups
- Security Assumption
- Anonymous Encryption with Partial Order Subset Delegation
- Framework of Encryption with Partial Order Subset Delegation
- Security Models
- Construction and Analysis
- Construction
- Decryption Consistency
- Security Analysis
- Discussion
- Key Derivation
- Application in Broadcasting Message with Confidentiality
- Concluding Remarks
- References
- Cryptographic Protocols
- Concurrent Signatures with Fully Negotiable Binding Control
- Introduction
- Concurrent Signature with Fully Negotiable Binding Control
- Related Work
- Definitions and Security Models
- Unforgeability
- Ambiguity
- Fairness
- A CS-FNBC Construction
- Security
- Comparison
- Conclusion
- References
- Secure Obfuscation of Encrypted Verifiable Encrypted Signatures
- Introduction
- Preliminaries
- Verifiable Encrypted Signature
- Zero Knowledge Proof
- Security Assumptions
- Definition of Secure Obfuscation
- Obfuscation of Encrypted Verifiable Encrypted Signatures
- A Special EVES Construction
- The Obfuscation of the EVES Functionality
- Security Analysis
- Conclusion and Comparison
- References
- Proof of Security for EVES Scheme
- Identity-Based Trace and Revoke Schemes
- Introduction
- Our Contribution
- Related Works
- About the Model of PEvoA and Pirates 2.0
- Fighting Pirates 2.0 and Pirate Evolution Attacks in Tree Based Systems
- Framework
- First Step: Making Private Keys Indecomposable.
- Second Step: No Intermediate Key Should be Derived from a Private Key.
- Main Idea: Delegation of Ciphertexts.
- Solutions
- First Solution: Integration of WIBE Into a Complete Subtree Scheme
- Main Solution: Introduction of Generalized WIBE Primitive
- Efficiency Comparison
- Construction of Identity-Based Trace and Revoke from WIBE (WIBE-IDTR)
- Background
- Generic Construction
- Security of WIBE-IDTR
- Resistance to Pirate Evolution Attacks - PEvoA
- Resistance to Pirates 2.0
- Instantiation
- Identity-Based Encryption with Generalized Wildcards - GWIBE
- Concrete Construction of GWIBE Based on Waters' HIBE (Wa-GWIBE)
- Security Analysis
- Construction of IDTR from 2-Level Wa-GWIBE (2level-Wa-GWIBE-IDTR)
- References
- Universally Composable Private Proximity Testing
- Introduction
- Preliminaries
- Formalization of the Problem
- Commodity-Based Model
- Universal Composability Framework
- Building Blocks
- Universally Composable Secure Channels
- UC Private Equality Testing
- Private Proximity Testing Protocol
- Security of the Overall System
- Conclusions
- References
- Generic Constant-Round Oblivious Sorting Algorithm for MPC
- Introduction
- Related Works
- Preliminaries
- Unbounded Fan-in AND Gate
- Constant-Round Oblivious Counting Sort
- Oblivious Arrayless Bead Sort
- Sorting Key Indexed Data Structure
- Dealing with Huge R
- Applications
- (M+1)st-Price Auction
- Constant-Round Obfuscated Shuffle
- Conclusions and Future Work
- References
- General Construction of Chameleon All-But-One Trapdoor Functions
- Introduction
- Related Works
- Our Contribution
- Organization of the Paper
- Notation
- Chameleon Hash Functions
- Chameleon ABO-TDFs
- General Construction of Chameleon ABO-TDFs
- Conclusion
- References
- Security Models and Framework
- PolyE+CTR: A Swiss-Army-Knife Mode for Block Ciphers
- Introduction
- Notations and Security Definitions
- Notations
- Security Definition for SAK Modes
- Specification of PolyE+CTR
- Security Analysis of PolyE+CTR
- Comparison to Current Modes
- Conclusions
- References
- Security of Practical Cryptosystems Using Merkle-Damgård Hash Function in the Ideal Cipher Model
- Introduction
- Preliminaries
- Security of Pub-RO Secure Cryptosystems Using KDF-MD-SCFIIs
- Privleak-RO
- Indifferentiability Results for KDFs
- Proof of Theorem 1
- The Security of Encryption Schemes Using KDF-MD-SCFIIs
- Indifferentiability of KDFi-MD-SCFII from FILRO
- The Security of Encryption Schemes in the FILRO Model
- References
- Differentiable Attack for KDFs Using pub-RO
- Key-Dependent Message Security for Division Function: Discouraging Anonymous Credential Sharing
- Introduction
- Our Contribution
- Related Works
- Motivation for KDM Security.
- KDM Security for Symmetric Encryption.
- KDM Security in the Case of Active Attacks.
- KDM Security w.r.t Functions beyond Affine Function.
- The Impossibility of KDM Security.
- Outline
- Definitions
- Public Key Encryption Scheme
- IND-CPA Security
- Public-Key Blinding and Secret-Key Homomorphism
- Decisional Diffie-Hellman Assumption
- One-Time Symmetric Key Encryption Scheme
- KDM-div Security
- Application
- Hybrid ElGamal Is KDM-div Secure
- Conclusion
- References
- Randomness Leakage in the KEM/DEM Framework
- Introduction
- Preliminaries
- The Decisional Diffie-Hellman Assumption
- Randomness Extraction
- The KEM/DEM Framework
- Randomness Leakage in Public-Key Encryption
- A Priori Randomness-Leakage Attack
- A Posteriori Randomness-Leakage Attack
- Randomness Leakage in KEM/DEM
- Randomness-Leakage Resilient Schemes from Entropically-Secure KEM
- The Construction of Entropically-Secure KEM
- References
- Generalized Learning Problems and Applications to Non-commutative Cryptography
- Introduction
- Review of Relevant Group-Theoretic Notions
- Generalized Learning Problems
- Learning with Errors (LPN/LWE)
- Learning Homomorphisms with Noise (LHN)
- Looking for Instantiations of LHN: What Makes LPN/LWE Hard?
- An Instantiation from Combinatorial Group Theory
- Burnside Groups
- Computational Aspects of Burnside Groups
- Instantiating LHN over Burnside Groups
- Applications
- A Group-Based Symmetric Cryptosystem
- Towards Group-Based Asymmetric Cryptosystems
- Conclusions and Future Work
- References
- A Novel Framework for Protocol Analysis
- Introduction
- Definitions
- Systems of Interactive Turing Machines
- Execution Model
- Protocols
- Indistinguishability
- Definition of Indistinguishability of Systems
- Basic Results
- Composition Theorem
- References
- Key Agreement
- Taxonomical Security Consideration of Authenticated Key Exchange Resilient to Intermediate Computation Leakage
- Introduction
- Preliminaries
- Implementation Modes for AKE
- seCK Security Model for Diffie-Hellman Type AKE
- SMQV Revisited
- SMQV Scheme
- Error in Security Proof
- Discussion about Solution
- Classification of Security Levels in seCK Model
- Conclusion
- References
- Gateway-Oriented Password-Authenticated Key Exchange Protocol with Stronger Security
- Introduction
- Password-Based Authenticated Key Exchange
- Related Work
- Our Contribution
- Security Model
- Overview
- Security Model
- Security Notions
- Proposed GPAKE Protocol
- Description
- Security
- Performance Analysis
- Conclusion
- References
- TMQV: A Strongly eCK-Secure Diffie-Hellman Protocol without Gap Assumption
- Introduction
- seCK-Insecurity of Some AKE Protocols
- Proposed AKE Protocol: TMQV
- Protocol Description
- Security
- Protocols Comparison
- Conclusion
- References
- Strongly Secure One Round Authenticated Key Exchange Protocol with Perfect Forward Security
- Introduction
- Our Contributions
- Strongly Secure One Round Authenticated Key Exchange Protocol with Perfect Forward Security
- Protocol Setup
- Protocol Description
- Rationale
- Security Proof
- The Analysis of CASE 1
- Proof of PFS Property
- Comparison of Protocols
- Conclusions
- References
- Author Index
