Anonymity-Preserving Public-Key Encryption: A Constructive Approach.

This paper investigates constructions as well as limitations for preserving receiver anonymity when using public-key encryption (PKE). ... key has been used to encrypt. ... We'd also like to thank the anonymous reviewers for their helpful comments. ...

doi:10.1007/978-3-642-39077-7_2 fatcat:rl5tau62hjcspdomu67gzsn5be

One of the main motivations for the introduction of strong robustness for public-key encryption (PKE) by Abdalla et al. is to prevent certain types of attack on Sako's auction protocol. ... In particular, we introduce complete robustness, our strongest new notion of robustness, and give a number of constructions for completely robust PKE schemes. ... a random element in the range of the KDF. ...

doi:10.1007/978-3-642-36362-7_22 fatcat:ummaacdzyffhbhlykndsbjp2ru

In addition to function privacy, our schemes are also anonymous, and thus yield the first public-key searchable encryption schemes that are provably keyword private: A search key skw enables to identify ... This is motivated by the need for providing predicate privacy in public-key searchable encryption. ... This is in contrast to the setting of deterministic public-key encryption (DPKE) [8] , where similar inherent difficulties arise when formalizing notions of security. ...

doi:10.1007/978-3-642-40084-1_26 fatcat:rcr2f6ra4jh5nppzxvvco3sgme

We were lead to formulate robustness upon revisiting Public key Encryption with Keyword Search (PEKS) [9] . ... Anonymity asks that a ciphertext does not reveal the encryption key under which it was created. Where you need anonymity, there is a good chance you need robustness too. ... We thank Chanathip Namprempre, who declined our invitation to be a coauthor, for her participation and contributions in the early stage of this work. ...

doi:10.1007/978-3-642-11799-2_28 fatcat:hp6n2fbxebhnja5kuiysv47mwq

In this paper, we propose a new practical and secure scheme, called multiplex encryption. ... By combining the ideas of identity-based mediated RSA and re-encryption mix network, our framework only requires constant computation and communication cost to encrypt a multi-recipient email. ... An ideal solution would be to design a new public key encryption scheme such that the sender constructs an encryption key PK from a set of public keys {P K 0 , · · · , P K n }. ...

doi:10.1007/11602897_23 fatcat:zy473hnb3ngqrim6xuzzxcti44

In encryption with keyed redundancy, we allow RC to depend on a key K that is placed in the public parameters of the transformed scheme, out of direct reach of the algorithms of the original scheme. ... We show that natural anonymity-preserving ways to achieve it, such as adding recipient identification information before encrypting, fail. ... Acknowledgments We thank Chanathip Namprempre, who declined our invitation to be a co-author, for her participation and contributions in the early stage of this work. ...

doi:10.1007/s00145-017-9258-8 fatcat:wagnrfl4pvesdev5xbuxcisuua

Universal re-encryption lets us construct a mixnet of this kind in which servers hold no public or private keying material, and may therefore dispense with the cumbersome requirements of key generation ... In contrast, universal re-encryption can be done without knowledge of public keys. ... This provides a valuable tool for the construction of privacy-preserving architectures that dispense with the complications and risks of distributed key setup and management. ...

doi:10.1007/978-3-540-24660-2_14 fatcat:nmbszj2srrarrhq43c5dlwws5i

This model is secure against adversaries with adaptive trapdoor extraction capabilities, decryption capabilities for arbitrary public keys, and partial decryption capabilities. ... While recent timed-release encryption (TRE) schemes are implicitly supported by a certificateless encryption (CLE) mechanism, the security models of CLE and TRE differ and there is no generic transformation ... This approach supports only universal disclosure of encrypted documents since one trapdoor can decrypt all ciphertexts for a specific time; the inherent key-escrow property of IBE prohibits the encryption ...

doi:10.1007/978-3-540-85855-3_9 fatcat:zpyqphcz5zak3emzpvhtt2jcte

Key escrow is inherent in identity-based encryption (IBE). A curious key generation center (KGC) can simply generate the user's private key to decrypt a ciphertext. ... Our proposal can be viewed as mitigating the key escrow problem in a different dimension than distributed KGCs approach. ... We propose a new system architecture with an anonymous key issuing (AKI) protocol to protect the confidentiality of the users identities. ...

doi:10.1007/978-3-642-00468-1_15 fatcat:y3w6wwgdmrfbvhncy3rd3ecy7a

Furthermore, we argue for approaches that enable patients to generate and store encryption keys, so that the patients' privacy is protected should the host data center be compromised. ... The standard argument against such an approach is that encryption would interfere with the functionality of the system. ... BUILDING PCE Solution 1: Public Key PCE Here we show a construction that satisfies the properties in section 2, and that allows for public key encryption. ...

doi:10.1145/1655008.1655024 dblp:conf/ccs/BenalohCHL09 fatcat:hkw4mvfdhvba3abvgj4tjwgxe4

We consider a novel security requirement of encryption schemes that we call "key-privacy" or "anonymity". ... It asks that an eavesdropper in possession of a ciphertext not be able to tell which specific key, out of a set of known public keys, is the one under which the ciphertext was created, meaning the receiver ... Most of these preserve anonymity. To be concrete, let us use one. Construction 2 Let F = (K , S , E ) be obtained from F of Construction 1 by Yao's cross-product construction [34] . ...

doi:10.1007/3-540-45682-1_33 fatcat:2e7kxp2zhng67goglwzlrgx7ii

In this work, we seek encryption schemes which allow public computation of a pre-specified property P about the encrypted messages. ... In this work, we present a thorough investigation of property preserving symmetric encryption. We start by formalizing several meaningful notions of security for PPEnc. ... Elkies, GH, and Gerry Myerson, for their swift responses regarding sums of squares modulo a prime number [35] , to Brent Waters for useful discussions about predicate encryption and to the anonymous reviewers ...

doi:10.1007/978-3-642-29011-4_23 fatcat:2pxgkrfav5g55gmcyy37bdstdy

A set of public keys are constructed by data owner, where trapdoors are built by these keys and finally the documents are decrypted by using private keys. ... A message m is encrypted by using a public key PuK under an Access Structure As in this algorithm, which are executed by the data owner. ...

doi:10.25046/aj060244 fatcat:bgcqyxyshncwbgnguspaxhrmpe

DOAJ

public encryption key. ... In TCC'07, Hohenberger et al. proposed an obfuscator for a re-encryption functionality, which takes a ciphertext for a message encrypted under Alice's public key and transforms it into a ciphertext for ... I would like to thank valuable comments from anonymous reviewers of TCC'2009, ACM CCS'2009, and Eurocrypt'2010. ...

doi:10.1007/978-3-642-13190-5_5 fatcat:f3eekwswszes3dwrki3y53nowy

Allowing range queries on encrypted data in the public-key setting was studied in [11, 26] . ... Our construction is based on a natural relation we uncover between a random order-preserving function and the hypergeometric probability distribution. ... Acknowledgements We thank the anonymous reviewers of Eurocrypt 2009 for helpful comments. ...

doi:10.1007/978-3-642-01001-9_13 fatcat:b5ytgcszpzgxnbxfc36ahrkuq4

Anonymity-Preserving Public-Key Encryption: A Constructive Approach [chapter]

Preserved Fulltext

Robust Encryption, Revisited [chapter]

Preserved Fulltext

Function-Private Identity-Based Encryption: Hiding the Function in Functional Encryption [chapter]

Preserved Fulltext

Robust Encryption [chapter]

Preserved Fulltext

Multiplex Encryption: A Practical Approach to Encrypting Multi-recipient Emails [chapter]

Preserved Fulltext

Robust Encryption

Preserved Fulltext

Universal Re-encryption for Mixnets [chapter]

Preserved Fulltext

General Certificateless Encryption and Timed-Release Encryption [chapter]

Preserved Fulltext

Removing Escrow from Identity-Based Encryption [chapter]

Preserved Fulltext

Patient controlled encryption

Preserved Fulltext

Key-Privacy in Public-Key Encryption [chapter]

Preserved Fulltext

Property Preserving Symmetric Encryption [chapter]

Preserved Fulltext

Ontology Based Privacy Preservation over Encrypted Data using Attribute-Based Encryption Technique

Preserved Fulltext

Secure Obfuscation for Encrypted Signatures [chapter]

Preserved Fulltext

Order-Preserving Symmetric Encryption [chapter]

Preserved Fulltext