Anonymity-preserving Public-Key Encryption Markulf Kohlweiss Ueli Maurer, Cristina Onete, Björn Tackmann, and Daniele Venturi PETS 2013.

Slides:



Advertisements
Similar presentations
Aaron Johnson with Joan Feigenbaum Paul Syverson
Advertisements

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
6.1.2 Overview DES is a block cipher, as shown in Figure 6.1.
Efficient Lattice (H)IBE in the standard model Shweta Agrawal, Dan Boneh, Xavier Boyen.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Bellwork If you roll a die, what is the probability that you roll a 2 or an odd number? P(2 or odd) 2. Is this an example of mutually exclusive, overlapping,
Slide 1 Insert your own content. Slide 2 Insert your own content.
1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULTIPLYING MONOMIALS TIMES POLYNOMIALS (DISTRIBUTIVE PROPERTY)
ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
Cryptography encryption authentication digital signatures
1 Pretty Good Privacy (PGP) Security for Electronic .
Adaptively Attribute-Hiding ( Hierarchical ) Inner Product Encryption
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Quantification of Integrity Michael Clarkson and Fred B. Schneider Cornell University MIT Systems Security and Cryptography Discussion Group October 15,
A Black-Box Construction of a CCA2 Encryption Scheme from a Plaintext Aware (sPA1) Encryption Scheme Dana Dachman-Soled University of Maryland.
O X Click on Number next to person for a question.
© S Haughton more than 3?
Copyright  2003 Dan Gajski and Lukai Cai 1 Transaction Level Modeling: An Overview Daniel Gajski Lukai Cai Center for Embedded Computer Systems University.
Energy & Green Urbanism Markku Lappalainen Aalto University.
Lets play bingo!!. Calculate: MEAN Calculate: MEDIAN
Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Addition 1’s to 20.
25 seconds left…...
Test B, 100 Subtraction Facts
Week 1.
Number bonds to 10,
Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Privacy in signatures. Hiding in rings, hiding in groups.
We will resume in: 25 Minutes.
O X Click on Number next to person for a question.
Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.
1. Breaking the Adaptivity Barrier for Deterministic Public-Key Encryption Ananth Raghunathan (joint work with Gil Segev and Salil Vadhan)
Off-the-Record Communication, or, Why Not To Use PGP
Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.
Hybrid Signcryption with Insider Security Alexander W. Dent.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
Encryption Public-Key, Identity-Based, Attribute-Based.
 Cristina Onete || 25/09/2014 || 1 TD – Cryptography 25 Sept: Public Key Encryption + RSA 02 Oct: RSA Continued 09 Oct: NO TD 16 Oct: Digital Signatures.
Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.
CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Anonymity and Robustness in Encryption Schemes Payman Mohassel University of Calgary.
Rennes, 15/10/2014 Cristina Onete Message authenticity: Digital Signatures.
Public-Key Encryption with Lazy Parties Kenji Yasunaga Institute of Systems, Information Technologies and Nanotechnologies (ISIT), Japan Presented at SCN.
Game-based composition for key exchange Cristina Brzuska, Marc Fischlin (University of Darmstadt) Nigel Smart, Bogdan Warinschi, Steve Williams (University.
CS555Spring 2012/Topic 71 Cryptography CS 555 Topic 7: Stream Ciphers and CPA Security.
1/28 Chosen-Ciphertext Security from Identity- Based Encryption Jonathan Katz U. Maryland Ran Canetti, Shai Halevi IBM.
1 Lossy Trapdoor Functions and Their Applications Brent Waters SRI International Chris Peikert SRI International.
Cryptography Lecture 10 Arpita Patra © Arpita Patra.
Cryptography Lecture 6 Arpita Patra. Quick Recall and Today’s Roadmap >> MAC for fixed-length messages >> Domain Extension for MAC >> Authenticated Encryption:
B504/I538: Introduction to Cryptography
Authenticated encryption
Group theory exercise.
Semantic Security and Indistinguishability in the Quantum World
Cryptography Lecture 25.
Cryptography Lecture 12 Arpita Patra © Arpita Patra.
The power of Pairings towards standard model security
Cryptography Lecture 21.
Cryptography Lecture 23.
Presentation transcript:

Anonymity-preserving Public-Key Encryption Markulf Kohlweiss Ueli Maurer, Cristina Onete, Björn Tackmann, and Daniele Venturi PETS 2013

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 2 Context: Encryption and Anonymity  Public-key encryption  Short but eventful history, late 70s, 80s.  Security usually defined using Games: IND-CPA, IND-CCA, …  Anonymity  Shorter eventful history, early 90s.  Anonymity is arguably a more high-level property  What if used together?  Key privacy, robust encryption, formal analysis of onions  Games prone to require iterations to find “right” notion

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 3 What is Anonymous Encryption? [PH08] Sender AnonymityReceiver Anonymity Anonymity not created, but preserved

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 4 Our contribution

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 5 Chosen Ciphertext Attack Security (IND-CCA) Challenger Dec Bit b d = b? m 0, m 1 Enc(m b ) bit d c Dec(c) pk

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 6 Key Privacy (IK-CCA) [BBDP01] Challenger Dec 1 Bit b d = b? m Enc(pk b; m) bit d c Dec 1 (c) Dec 0 c Dec 0 (c) pk 0, pk 1

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 7 Weak Robustness (WROB) [ABN10] Challenger c  Enc(pk i, m) m, i, j Dec c,i Dec i (c) ≠ Dec(sk j, c) ? ┴ pk 1,..., pk n

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 8 Constructive Cryptography [MR11]  Resources (existing/assumed, desired):  Available to everyone, including adversary/simulator through interfaces  Converters:  Transform existing into desired resources  Two interfaces, inner and outer  Protocol: composition of many converters, one for each user  Security:  Correctness: without Eve the protocol works correctly  Security: when Simulator connected, no-one can distinguish between assumed and desired worlds.

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 9 Confidential Receiver-Anonymous Channel

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 10

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 11 Constructing the Channel from Broadcast BnBn B2B2 B1B1 … n x (pk i ) m m m m ┴ Existing Resources

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 12 Constructing the Channel from Broadcast … n x (pk i ) Converters Encryption scheme that is:  IND-CCA  IK-CCA  WROB m* m*, j … m m Existing Resources BnBn BjBj B1B1

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 13 Simulation (intuition) B1B1 … (c, i) c … … BjBj BiBi BnBn B1B1 … (m, i) … … BjBj BiBi BnBn  Key-Generation: generate n keypairs (for each B i ), one separate (sk, pk)  Ciphertext generation: get |m|, encrypt 0 |m| under pk to get c c c m, i Existing world Desired world D |m|

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 14 Simulation (intuition) B1B1 … (c, i) c … … c* (c*, j) BjBj BiBi BnBn … (m, i) … (m*, j) … m*  Ciphertext delivery: deliver c* to B j : (c*, j) if c* not seen before decrypt under sk j and inject message m* into network Dec(c*) m* Existing world Desired world |m| D B1B1 BjBj BiBi BnBn

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 15 Simulation (intuition) B1B1 … (c, i) c … … c (c, i*) BjBj BiBi BnBn … (m, i) |m| … … m If i = i* (H, i*) H m  Ciphertext delivery: deliver c to B j : (c, i*) if c seen before deliver corresponding msg. to correct receiver Intuition: this is where we need WROB – wrong receiver outputs error m=Dec(c) m Assumed world Desired world D B1B1 BjBj BiBi BnBn Trial Delivery

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 16 (More) Results in a Nutshell  WROB sufficient  SROB leads to a tighter reduction  WROB necessary  without WROB, achieve anonymity with erroneous transmission  Impossibility: SROB does not construct better resource  Constructive aspects:  Model network with single sender, many receivers  PK settings: use uni-directional authenticated channels  Trial deliveries prevent better anonymity

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 17 Results in Picture Game-based analysisConstructive result IND-CCA IK-CCA SROB IND-CCA IK-CCA WROB

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 18 Strong Robustness (SROB) Challenger c, i, j Dec c,i Dec i (c) both ┴ ≠ Dec(sk i, c) ┴ ≠ Dec(sk j, c) pk 1,..., pk n

PETS 2013 | Markulf Kohlweiss | Anonymity-preserving PKE | Slide 19

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.