Puncturable encryption (PE), proposed by Green and Miers at IEEE S&P 2015, is a kind of public ke... more Puncturable encryption (PE), proposed by Green and Miers at IEEE S&P 2015, is a kind of public key encryption that allows recipients to revoke individual messages by repeatedly updating decryption keys without communicating with senders. PE is an essential tool for constructing many interesting applications, such as asynchronous messaging systems, forward-secret zero round-trip time protocols, public-key watermarking schemes and forward-secret proxy reencryptions. This paper revisits PEs from the observation that the puncturing property can be implemented as efficiently computable functions. From this view, we propose a generic PE construction from the fully key-homomorphic encryption, augmented with a key delegation mechanism (DFKHE) from Boneh et al. at Eurocrypt 2014. We show that our PE construction enjoys the selective security under chosen plaintext attacks (that can be converted into the adaptive security with some efficiency loss) from that of DFKHE in the standard model. Basing on the framework, we obtain the first post-quantum secure PE instantiation that is based on the learning with errors problem, selective secure under chosen plaintext attacks (CPA) in the standard model. We also discuss about the ability of modification our framework to support the unbounded number of ciphertext tags inspired from the work of Brakerski and Vaikuntanathan at CRYPTO 2016.
IEEE Transactions on Dependable and Secure Computing
Due to its capabilities of searches and updates over the encrypted database, the dynamic searchab... more Due to its capabilities of searches and updates over the encrypted database, the dynamic searchable symmetric encryption (DSSE) has received considerable attention recently. To resist leakage abuse attacks, a secure DSSE scheme usually requires forward and backward privacy. However, the existing forward and backward private DSSE schemes either only support single keyword queries or require more interactions between the client and the server. In this paper, we first give a new leakage function for range queries, which is more complicated than the one for single keyword queries. Furthermore, we propose a concrete forward and backward private DSSE scheme by using a refined binary tree data structure. Finally, the detailed security analysis and extensive experiments demonstrate that our proposal is secure and efficient, respectively.
Abstract. A dynamic accumulator is an algorithm, which gathers to-gether a large set of elements ... more Abstract. A dynamic accumulator is an algorithm, which gathers to-gether a large set of elements into a constant-size value such that for a given element accumulated, there is a witness confirming that the el-ement was indeed included into the value, with a property that accu-mulated ...
Abstract. A dynamic accumulator is an algorithm, which gathers to-gether a large set of elements ... more Abstract. A dynamic accumulator is an algorithm, which gathers to-gether a large set of elements into a constant-size value such that for a given element accumulated, there is a witness confirming that the el-ement was indeed included into the value, with a property that accu-mulated ...
Puncturable encryption (PE), proposed by Green and Miers at IEEE S&P 2015, is a kind of public ke... more Puncturable encryption (PE), proposed by Green and Miers at IEEE S&P 2015, is a kind of public key encryption that allows recipients to revoke individual messages by repeatedly updating decryption keys without communicating with senders. PE is an essential tool for constructing many interesting applications, such as asynchronous messaging systems, forward-secret zero round-trip time protocols, public-key watermarking schemes and forward-secret proxy reencryptions. This paper revisits PEs from the observation that the puncturing property can be implemented as efficiently computable functions. From this view, we propose a generic PE construction from the fully key-homomorphic encryption, augmented with a key delegation mechanism (DFKHE) from Boneh et al. at Eurocrypt 2014. We show that our PE construction enjoys the selective security under chosen plaintext attacks (that can be converted into the adaptive security with some efficiency loss) from that of DFKHE in the standard model. Basing on the framework, we obtain the first post-quantum secure PE instantiation that is based on the learning with errors problem, selective secure under chosen plaintext attacks (CPA) in the standard model. We also discuss about the ability of modification our framework to support the unbounded number of ciphertext tags inspired from the work of Brakerski and Vaikuntanathan at CRYPTO 2016.
IEEE Transactions on Dependable and Secure Computing
Due to its capabilities of searches and updates over the encrypted database, the dynamic searchab... more Due to its capabilities of searches and updates over the encrypted database, the dynamic searchable symmetric encryption (DSSE) has received considerable attention recently. To resist leakage abuse attacks, a secure DSSE scheme usually requires forward and backward privacy. However, the existing forward and backward private DSSE schemes either only support single keyword queries or require more interactions between the client and the server. In this paper, we first give a new leakage function for range queries, which is more complicated than the one for single keyword queries. Furthermore, we propose a concrete forward and backward private DSSE scheme by using a refined binary tree data structure. Finally, the detailed security analysis and extensive experiments demonstrate that our proposal is secure and efficient, respectively.
Abstract. A dynamic accumulator is an algorithm, which gathers to-gether a large set of elements ... more Abstract. A dynamic accumulator is an algorithm, which gathers to-gether a large set of elements into a constant-size value such that for a given element accumulated, there is a witness confirming that the el-ement was indeed included into the value, with a property that accu-mulated ...
Abstract. A dynamic accumulator is an algorithm, which gathers to-gether a large set of elements ... more Abstract. A dynamic accumulator is an algorithm, which gathers to-gether a large set of elements into a constant-size value such that for a given element accumulated, there is a witness confirming that the el-ement was indeed included into the value, with a property that accu-mulated ...
Uploads
Papers by Josef Pieprzyk