Your search keyword '"Orr Dunkelman"' showing total 213 results

201. Fast Software Encryption

Author

Orr Dunkelman

Subjects

Multiple encryption, Computer science, Encryption software, Probabilistic encryption, business.industry, Embedded system, Distributed computing, 56-bit encryption, 40-bit encryption, business, Encryption, Disk encryption hardware, Disk encryption theory

Published

2009

202. A Practical Attack on KeeLoq

Author

Nathan Keller, Bart Preneel, Sebastiaan Indesteege, Orr Dunkelman, Eli Biham, and Smart, N

Subjects

Key-recovery attack, KeeLoq, Computer science, Computer security, computer.software_genre, cosic, law.invention, law, Key (cryptography), Key derivation function, Slide attack, Cryptanalysis, computer, Key size, Block cipher

Abstract

KeeLoq is a lightweight block cipher with a 32-bit block size and a 64-bit key. Despite its short key size, it is widely used in remote keyless entry systems and other wireless authentication applications. For example, authentication protocols based on KeeLoq are supposedly used by various car manufacturers in anti-theft mechanisms. This paper presents a practical key recovery attack against KeeLoq that requires 2 16 known plaintexts and has a time complexity of 2 44.5 KeeLoq encryptions. It is based on the slide attack and a novel approach to meet-in-the-middle attacks. The fully implemented attack requires 65 minutes to obtain the required data and 7.8 days of calculations on 64 CPU cores. A variant which requires 2 16 chosen plaintexts needs only 3.4 days on 64 CPU cores. Using only 10 000 euro, an attacker can purchase a cluster of 50 dual core computers that will find the secret key in about two days. We investigated the way KeeLoq is intended to be used in practice and conclude that our attack can be used to subvert the security of real systems. An attacker can acquire chosen plaintexts in practice, and one of the two suggested key derivation schemes for KeeLoq allows to recover the master secret from a single key. © 2008 Springer-Verlag Berlin Heidelberg. ispartof: pages:1-18 ispartof: Lecture Notes in Computer Science vol:4965 pages:1-18 ispartof: EUROCRYPT 2008 location:TURKEY, Istanbul date:14 Apr - 17 Apr 2008 status: published

Published

2008

203. A Differential-Linear Attack on 12-Round Serpent

Author

Nathan Keller, Sebastiaan Indesteege, Orr Dunkelman, Chowdhury, DR, Rijmen, V, and Das, A

Subjects

Differential-linear attack, Cipher, Computer science, Serpent (cipher), Linear cryptanalysis, Meet-in-the-middle attack, Slide attack, Computer security, computer.software_genre, Time complexity, computer, cosic, Block cipher

Abstract

Serpent is an SP Network block cipher submitted to the AES competition and chosen as one of its five finalists. The security of Serpent is widely acknowledged, especially as the best known attack so far is a differential-linear attack on only 11 rounds out of the 32 rounds of the cipher. In this paper we introduce a more accurate analysis of the differential-linear attack on 11-round Serpent. The analysis involves both theoretical aspects as well as experimental results which suggest that previous attacks had overestimated complexities. Following our findings we are able to suggest an improved 11-round attack with a lower data complexity. Using the new results, we are able to devise the first known attack on 12-round Serpent.

Published

2008

204. Fast Software Encryption : 16th International Workshop, FSE 2009 Leuven, Belgium, February 22-25, 2009 Revised Selected Papers

Author

Orr Dunkelman and Orr Dunkelman

Subjects

Cryptography, Data encryption (Computer science), Computer programming, Data structures (Computer science), Information theory, Coding theory, Algorithms, Computer science—Mathematics

Abstract

FastSoftwareEncryption2009wasthe16thin a seriesofworkshopsonsymm- ric key cryptography. Starting from 2002, it is sponsored by the International Association for Cryptologic Research (IACR). FSE 2009 was held in Leuven, Belgium, after previous venues held in Cambridge, UK (1993, 1996), Leuven, Belgium (1994, 2002), Haifa, Israel (1997), Paris, France (1998, 2005), Rome, Italy (1999), New York, USA (2000), Yokohama, Japan (2001), Lund, Sweden (2003), New Delhi, India (2004), Graz, Austria (2006), Luxembourg, Lux- bourg (2007), and Lausanne, Switzerland (2008). The workshop's main topic is symmetric key cryptography, including the designoffast andsecuresymmetrickeyprimitives,suchas block ciphers,stream ciphers, hash functions, message authentication codes, modes of operation and iteration, as well as the theoretical foundations of these primitives. This year, 76 papers were submitted to FSE including a large portion of papers on hash functions, following the NIST SHA-3 competition, whose wo- shop was held just after FSE in the same location. From the 76 papers, 24 were accepted for presentation. It is my pleasure to thank all the authors of all s- missions for the high-quality research, which is the base for the scienti?c value of the workshop. The review process was thorough (each submission received the attention of at least three reviewers), and at the end, besides the accepted papers, the Committee decided that the merits of the paper “Blockcipher-Based Hashing Revisited” entitled the authors to receive the best paper award. I wish to thank all Committee members and the referees for their hard and dedicated work.

Published

2009

205. The SHAvite-3 - A New Hash Function

Author

Orr Dunkelman and Eli Biham, Dunkelman, Orr, Biham, Eli, Orr Dunkelman and Eli Biham, Dunkelman, Orr, and Biham, Eli

Abstract

In this work we present SHAvite-3, a secure and efficient hash function based on the HAIFA construction and the AES building blocks. SHAvite-3 uses a well understood set of primitives such as a Feistel block cipher which iterates a round function based on the AES round. SHAvite-3's compression functions are secure against cryptanalysis, while the selected mode of iteration offers maximal security against black box attacks on the hash function. SHAvite-3 is both fast and resource-efficient, making it suitable for a wide range of environments, ranging from 8-bit platforms to 64-bit platforms (and beyond).

Published

2009

206. The Lane hash function

Author

Sebastiaan Indesteege and Elena Andreeva and Christophe De Cannière and Orr Dunkelman and Emilia Käsper and Svetla Nikova and Bart Preneel and Elmar Tischhauser, Indesteege, Sebastiaan, Andreeva, Elena, De Cannière, Christophe, Dunkelman, Orr, Käsper, Emilia, Nikova, Svetla, Preneel, Bart, Tischhauser, Elmar, Sebastiaan Indesteege and Elena Andreeva and Christophe De Cannière and Orr Dunkelman and Emilia Käsper and Svetla Nikova and Bart Preneel and Elmar Tischhauser, Indesteege, Sebastiaan, Andreeva, Elena, De Cannière, Christophe, Dunkelman, Orr, Käsper, Emilia, Nikova, Svetla, Preneel, Bart, and Tischhauser, Elmar

Abstract

We propose the cryptographic hash function Lane as a candidate for the SHA-3 competition organised by NIST. Lane is an iterated hash function supporting multiple digest sizes. Components of the AES block cipher are reused as building blocks. Lane aims to be secure, easy to understand, elegant and flexible in implementation.

Published

2009

207. Memory-Efficient Algorithms for Finding Needles in Haystacks

Author

Itai Dinur, Nathan Keller, Adi Shamir, and Orr Dunkelman

Subjects

Random graph, Uniform distribution (continuous), 0102 computer and information sciences, 02 engineering and technology, Directed graph, 01 natural sciences, Vertex (geometry), Combinatorics, Piecewise linear function, 010201 computation theory & mathematics, Search algorithm, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Time complexity, Event (probability theory), Mathematics

Abstract

One of the most common tasks in cryptography and cryptanalysis is to find some interesting event a needle in an exponentially large collection haystack of $$N=2^n$$ possible events, or to demonstrate that no such event is likely to exist. In particular, we are interested in finding needles which are defined as events that happen with an unusually high probability of $$p \gg 1/N$$ in a haystack which is an almost uniform distribution on N possible events. When the search algorithm can only sample values from this distribution, the best known time/memory tradeoff for finding such an event requires $$O1/Mp^2$$ time given OM memory. In this paper we develop much faster needle searching algorithms in the common cryptographic setting in which the distribution is defined by applying some deterministic function f to random inputs. Such a distribution can be modelled by a random directed graph with N vertices in which almost all the vertices have O1 predecessors while the vertex we are looking for has an unusually large number of OpN predecessors. When we are given only a constant amount of memory, we propose a new search methodology which we call NestedRho. As p increases, such random graphs undergo several subtle phase transitions, and thus the log-log dependence of the time complexity T on p becomes a piecewise linear curve which bends four times. Our new algorithm is faster than the $$O1/p^2$$ time complexity of the best previous algorithm in the full range of $$1/N

208. Selected Areas in Cryptography - SAC 2020 - 27th International Conference, Halifax, NS, Canada (Virtual Event), October 21-23, 2020, Revised Selected Papers

Author

Orr Dunkelman, Michael J. Jacobson Jr., and Colin O'Flynn

Published

2021

209. Embedding the UC Model into the IITM Model

Author

Daniel Rausch, Ralf Küsters, Céline Chevalier, University of Stuttgart, Centre de Recherche en Economie et Droit (CRED), Université Paris-Panthéon-Assas, Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Département d'informatique - ENS Paris (DI-ENS), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria), Orr Dunkelman, and Stefan Dziembowski

Subjects

[INFO]Computer Science [cs]

Abstract

International audience; Universal Composability is a widely used concept for the design and analysis of protocols. Since Canetti’s original UC model and the model by Pfitzmann and Waidner several different models for universal composability have been proposed, including, for example, the IITM model, GNUC, CC, but also extensions and restrictions of the UC model, such as JUC, GUC, and SUC. These were motivated by the lack of expressivity of existing models, ease of use, or flaws in previous models. Cryptographers choose between these models based on their needs at hand (e.g., support for joint state and global state) or simply their familiarity with a specific model. While all models follow the same basic idea, there are huge conceptually differences, which raises fundamental and practical questions: (How) do the concepts and results proven in one model relate to those in another model? Do the different models and the security notions formulated therein capture the same classes of attacks? Most importantly, can cryptographers re-use results proven in one model in another model, and if so, how?In this paper, we initiate a line of research with the aim to address this lack of understanding, consolidate the space of models, and enable cryptographers to re-use results proven in other models. As a start, here we focus on Canetti’s prominent UC model and the IITM model proposed by Küsters et al. The latter is an interesting candidate for comparison with the UC model since it has been used to analyze a wide variety of protocols, supports a very general protocol class and provides, among others, seamless treatment of protocols with shared state, including joint and global state. Our main technical contribution is an embedding of the UC model into the IITM model showing that all UC protocols, security and composition results carry over to the IITM model. Hence, protocol designers can profit from the features of the IITM model while being able to use all their results proven in the UC model. We also show that, in general, one cannot embed the full IITM model into the UC model.

Published

2022

210. Families of SNARK-Friendly 2-Chains of Elliptic Curves

Author

Youssef El Housni, Aurore Guillevic, Geometry, arithmetic, algorithms, codes and encryption (GRACE), Laboratoire d'informatique de l'École polytechnique [Palaiseau] (LIX), École polytechnique (X)-Centre National de la Recherche Scientifique (CNRS)-École polytechnique (X)-Centre National de la Recherche Scientifique (CNRS)-Inria Saclay - Ile de France, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), ConsenSys, Aarhus University [Aarhus], Cryptology, arithmetic : algebraic methods for better algorithms (CARAMBA), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Algorithms, Computation, Image and Geometry (LORIA - ALGO), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Colin Boyd, Orr Dunkelman, Stefan Dziembowski, Centre National de la Recherche Scientifique (CNRS)-École polytechnique (X)-Centre National de la Recherche Scientifique (CNRS)-École polytechnique (X)-Inria Saclay - Ile de France, Department of Algorithms, Computation, Image and Geometry (LORIA - ALGO), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Inria Nancy - Grand Est, and Institut National de Recherche en Informatique et en Automatique (Inria)

Subjects

[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]

Abstract

International audience; At CANS'20, El Housni and Guillevic introduced a new 2-chain of pairing-friendly elliptic curves for recursive zero-knowledge Succinct Non-interactive ARguments of Knowledge (zk-SNARKs) made of the former BLS12-377 curve (a Barreto–Lynn–Scott curve over a 377-bit prime field) and the new BW6-761 curve (a Brezing–Weng curve of embedding degree 6 over a 761-bit prime field). First we generalise the curve construction, the pairing formulas (e : G1 × G2 → GT) and the group operations to any BW6 curve defined on top of any BLS12 curve, forming a family of 2-chain pairing-friendly curves.Second, we investigate other possible 2-chain families made on top of the BLS12 and BLS24 curves. We compare BW6 to Cocks–Pinch curves of higher embedding degrees 8 and 12 (CP8, CP12) at the 128-bit security level. We derive formulas for efficient optimal ate and optimal Tate pairings on our new CP curves. We show that for both BLS12 and BLS24, the BW6 construction always gives the fastest pairing and curve arithmetic compared to Cocks–Pinch curves. Finally, we suggest a short list of curves suitable for Groth16 and KZG-based universal SNARKs and present an optimized implementation of these curves. Based on Groth16 and PlonK (a KZG-based SNARK) implementations in the gnark ecosystem, we obtain that the BLS12-377/BW6-761 pair is optimized for the former while the BLS24-315/BW6-672 pair is optimized for the latter.

Published

2022

211. On the Joint Security of Encryption and Signature in EMV

Author

Kenneth G. Paterson, Mario Strefler, Nigel P. Smart, Jean Paul Degabriele, Anja Lehmann, Department of Computer Science [Royal Holloway], Royal Holloway [University of London] (RHUL), IBM Research Laboratory [Zurich], IBM Research [Zurich], Department of Computer Science [Bristol], University of Bristol [Bristol], Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Département d'informatique - ENS Paris (DI-ENS), Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Orr Dunkelman, Département d'informatique de l'École normale supérieure (DI-ENS), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Inria Paris-Rocquencourt, École normale supérieure - Paris (ENS-PSL), and Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL)

Subjects

Computer science, business.industry, Hash function, 0102 computer and information sciences, 02 engineering and technology, Computer security, computer.software_genre, Encryption, 01 natural sciences, Oracle, Signature (logic), Random oracle, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Joint (audio engineering), computer, Protocol (object-oriented programming)

Abstract

International audience; We provide an analysis of current and future algorithms for signature and encryption in the EMV standards in the case where a single key-pair is used for both signature and encryption. We give a theoretical attack for EMV’s current RSA-based algorithms, showing how access to a partial decryption oracle can be used to forge a signature on a freely chosen message. We show how the attack might be integrated into EMV’s CDA protocol flow, enabling an attacker with a wedge device to complete an offline transaction without knowing the cardholder’s PIN. Finally, the elliptic curve signature and encryption algorithms that are likely to be adopted in a forthcoming version of the EMV standards are analyzed in the single key-pair setting, and shown to be secure.

Published

2012

212. Optimal Eta Pairing on Supersingular Genus-2 Binary Hyperelliptic Curves

Author

Diego F. Aranha, Jérémie Detrey, Jean-Luc Beuchat, Nicolas Estibals, Institute of Computing [Campinas] (UNICAMP), Universidade Estadual de Campinas (UNICAMP), Laboratory of Cryptography and Information Security (LCIS), Université de Tsukuba = University of Tsukuba, Cryptology, Arithmetic: Hardware and Software (CARAMEL), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Algorithms, Computation, Image and Geometry (LORIA - ALGO), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL), Orr Dunkelman, Institute of Computing [Campinas] (IC), Universidade Estadual de Campinas = University of Campinas (UNICAMP), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), and Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Discrete mathematics, Order (ring theory), Binary number, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Action (physics), 020202 computer hardware & architecture, Power (physics), [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Optimal Eta pairing, FPGA implementation, 010201 computation theory & mathematics, Proof of concept, Pairing, Genus (mathematics), ComputingMethodologies_SYMBOLICANDALGEBRAICMANIPULATION, 0202 electrical engineering, electronic engineering, information engineering, software implementation, supersingular genus-2 curve, Hyperelliptic curve, Mathematics

Abstract

This article presents a novel pairing algorithm over supersingular genus-2 binary hyperelliptic curves. Starting from Vercauteren's work on optimal pairings, we describe how to exploit the action of the 23m-th power Verschiebung in order to reduce the loop length of Miller's algorithm even further than the genus-2 ηT approach. As a proof of concept, we detail an optimized software implementation and an FPGA accelerator for computing the proposed optimal Eta pairing on a genus-2 hyperelliptic curve over $\mathbb{F}_{2^{367}}$ , which satisfies the recommended security level of 128 bits. These designs achieve favourable performance in comparison with the best known implementations of 128-bit-security Type-1 pairings from the literature.

Published

2012

213. Plaintext-Checkable Encryption

Author

Aline Gouget, Sébastien Canard, Georg Fuchsbauer, Fabien Laguillaumie, Orange Labs [Caen], Orange Labs, Computer Science Department [Bristol], University of Bristol [Bristol], GemAlto Research Labs, GEMALTO (GEMALTO), Arithmetic and Computing (ARIC), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire de l'Informatique du Parallélisme (LIP), École normale supérieure de Lyon (ENS de Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure de Lyon (ENS de Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Centre National de la Recherche Scientifique (CNRS), Equipe AMACC - Laboratoire GREYC - UMR6072, Groupe de Recherche en Informatique, Image et Instrumentation de Caen (GREYC), Université de Caen Normandie (UNICAEN), Normandie Université (NU)-Normandie Université (NU)-École Nationale Supérieure d'Ingénieurs de Caen (ENSICAEN), Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS)-Université de Caen Normandie (UNICAEN), Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS), Orr Dunkelman, École normale supérieure - Lyon (ENS Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Lyon (ENS Lyon)-Université Claude Bernard Lyon 1 (UCBL), Centre National de la Recherche Scientifique (CNRS)-École Nationale Supérieure d'Ingénieurs de Caen (ENSICAEN), Normandie Université (NU)-Normandie Université (NU)-Université de Caen Normandie (UNICAEN), Normandie Université (NU)-Centre National de la Recherche Scientifique (CNRS)-École Nationale Supérieure d'Ingénieurs de Caen (ENSICAEN), and Normandie Université (NU)

Subjects

Plaintext-aware encryption, Computer science, business.industry, Plaintext, 0102 computer and information sciences, 02 engineering and technology, Data_CODINGANDINFORMATIONTHEORY, Encryption, 01 natural sciences, Deterministic encryption, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Symmetric-key algorithm, 010201 computation theory & mathematics, Probabilistic encryption, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Ciphertext-only attack, Computer network

Abstract

International audience; We study the problem of searching on encrypted data, where the search is performed using a plaintext message or a keyword, rather than a message-specific trapdoor as done by state-of-the-art schemes. The use cases include delegation of key-word search e.g. to a cloud data storage provider or to an email server, using a plaintext message. We define a new cryptographic primitive called plaintext-checkable encryption (PCE), which extends public-key encryption by the following functionality: given a plaintext, a ciphertext and a public key, it is universally possible to check whether the ciphertext encrypts the plaintext under the key. We provide efficient generic random-oracle constructions for PCE based on any probabilistic or deterministic encryption scheme; we also give a practical construction in the standard model. As another application we show how PCE can be used to improve the efficiency in group signatures with verifier-local revocation (VLR) and backward unlinkability. These group signatures provide efficient revocation of group members, which is a key issue in practical applications.

Published

2012