## CryptoDB

### Carla Ràfols

#### Publications

Year
Venue
Title
2019
PKC
Despite recent advances in the area of pairing-friendly Non-Interactive Zero-Knowledge proofs, there have not been many efficiency improvements in constructing arguments of satisfiability of quadratic (and larger degree) equations since the publication of the Groth-Sahai proof system (JoC’12). In this work, we address the problem of aggregating such proofs using techniques derived from the interactive setting and recent constructions of SNARKs. For certain types of quadratic equations, this problem was investigated before by González et al. (ASIACRYPT’15). Compared to their result, we reduce the proof size by approximately 50% and the common reference string from quadratic to linear, at the price of using less standard computational assumptions. A theoretical motivation for our work is to investigate how efficient NIZK proofs based on falsifiable assumptions can be. On the practical side, quadratic equations appear naturally in several cryptographic schemes like shuffle and range arguments.
2017
JOFC
2016
ASIACRYPT
2015
EPRINT
2015
EPRINT
2015
EPRINT
2015
TCC
2015
ASIACRYPT
2014
CRYPTO
2014
PKC
2014
EPRINT
2013
CRYPTO
2010
PKC
2009
PKC
2007
EPRINT
In a threshold broadcast encryption scheme, a sender chooses (ad-hoc) a set of $n$ receivers and a threshold $t$, and then encrypts a message by using the public keys of all the receivers, in such a way that the original plaintext can be recovered only if at least $t$ receivers cooperate. Previously proposed threshold broadcast encryption schemes have ciphertexts whose length is $\O(n)$. In this paper, we propose new schemes, for both PKI and identity-based scenarios, where the ciphertexts' length is $\O(n-t)$. The construction uses secret sharing techniques and the Canetti-Halevi-Katz transformation to achieve chosen-ciphertext security. The security of our schemes is formally proved under the Decisional Bilinear Diffie-Hellman (DBDH) Assumption.
2006
EPRINT
We present a certificate-based encryption scheme which is fully secure in the standard model. Our scheme is based on the identity-based encryption scheme of Waters \cite{W05}. Although some generic constructions from IBE to CBE has been previously proposed, they use the Random Oracle heuristic or provide less practical schemes than ours. Finally, we point out that one of the existing generic constructions going from IBE to CBE is flawed.

Asiacrypt 2019
PKC 2018
Asiacrypt 2018
Crypto 2015