## CryptoDB

### Alexander W. Dent

#### Publications

Year
Venue
Title
2014
JOFC
2011
JOFC
2010
PKC
2009
EPRINT
Public-key encryption schemes are a useful and interesting field of cryptographic study. The ultimate goal for the cryptographer in the field of public-key encryption would be the production of a very efficient encryption scheme with a proof of security in a strong security model using a weak and reasonable computational assumption. This ultimate goal has yet to be reached. In this invited paper, we survey the major results that have been achieved in the quest to find such a scheme.
2008
PKC
2008
PKC
2008
ASIACRYPT
2007
PKC
2007
EPRINT
This paper presents the first constructions for certificateless encryption (CLE) schemes that are provably secure against strong adversaries in the standard model. It includes both a generic construction for a strongly secure CLE scheme from any passively secure scheme as well as a concrete construction based on the Waters identity-based encryption scheme.
2007
EPRINT
We introduce a new simplified notion of plaintext awareness, which we term PA2I, and show that this is equivalent to the standard definition of PA2 plaintext awareness for encryption schemes that satisfy certain weak security and randomness requirements. We also show that PA2 plaintext awareness is equivalent to PA2+ plaintext awareness under similar security and randomness requirements. This proves a conjecture of Dent that, for suitably random public-key encryption schemes, PA2 plaintext awareness implies PA1+ plaintext awareness.
2007
EPRINT
The generic group model is a valuable methodology for analyzing the computational hardness of the number-theoretic problems used in cryptography. Although generic hardness proofs exhibit many similarities, still the computational intractability of every newly introduced problem needs to be proven from scratch, a task that can easily become complicated and cumbersome when done rigorously. In this paper we make the first steps towards overcoming this problem by identifying verifiable criteria which if met by a cryptographic problem guarantee its hardness with respect to generic algorithms. As useful means for formalization of definitions and proofs we relate the concepts of generic algorithms and straight-line programs that have only been used independently in cryptography so far. The class of problems we cover includes a significant number of the cryptographic problems currently known, and is general enough to also include many future problems. Moreover, we strengthen the conventional generic model by incorporating a broader class of possible oracles (operations) since the underlying algebraic groups may possibly be related through mappings such as isomorphisms, homomorphisms or multilinear maps. Our approach could serve as an appropriate basis for tool-aided hardness verification in the generic model.
2006
EUROCRYPT
2006
PKC
2006
EPRINT
In this note we prove that the controversial Diffie-Hellman Knowledge problem is secure in the generic group model. This appears to be the first paper that presents any evidence as to whether the Diffie-Hellman Knowledge problem is true or false.
2006
EPRINT
This paper surveys the literature on certificateless encryption schemes. In particular, we examine the (large number of) security models that have been proposed to prove the security of certificateless encryption schemes and propose a new nomenclature for these models. This allows us to "rank" the notions of security for a certificateless encryption scheme against an outside attacker and a passive key generation centre, and we suggest which of these notions should be regarded as the "correct" model for a secure certificateless encryption scheme. We also examine the security models that aim to provide security against an actively malicious key generation centre and against an outside attacker who attempts to deceive a legitimate sender into using an incorrect public key (with the intention to deny the the legitimate receiver that ability to decrypt the ciphertext). We note that the existing malicious key generation centre model fails to capture realistic attacks that a malicious key generation centre might make and propose a new model. Lastly, we survey the existing certificateless encryption schemes and compare their security proofs. We show that few schemes provide the correct notion of security without appealing to the random oracle model. The few schemes that do provide sufficient security guarantees are comparatively inefficient. Hence, we conclude that more research is needed before certificateless encryption schemes can be thought to be a practical technology.
2006
EPRINT
Game hopping is a method for proving the security of a cryptographic scheme. In a game hopping proof, we observe that an attacker running in a particular attack environment has an unknown probability of success. We then slowly alter the attack environment until the attackers success probability can be computed. We also bound the increase in the attacker's success probability caused by the changes to the attack environment. Thus, we can deduce a bound for the attacker's success probability in the original environment. Currently, there are three known types'' of game hop: transitions based on indistinguishability, transitions based on failure events, and bridging steps. This note introduces a fourth type of game hop.
2006
EPRINT
This paper examines methods for formally proving the security of cryptographic schemes. We show that, despite many years of active research, there are fundamental problems which have yet to be solved. We also present a new approach to one of the more controversial aspects of provable security: the random oracle model.
2006
EPRINT
In this paper we introduce a new primitive called identity-based encryption with wildcards, or WIBE for short. It allows to encrypt messages to a whole range of users simultaneously whose identities match a certain pattern. This pattern is defined through a sequence of fixed strings and wildcards, where any string can take the place of a wildcard in a matching identity. Our primitive can be applied to provide an intuitive way to send encrypted email to groups of users in a corporate hierarchy. We propose a full security notion and give efficient implementations meeting this notion under different pairing-related assumptions, both in the random oracle model and in the standard model.
2006
EPRINT
We propose new instantiations of chosen-ciphertext secure identity-based encryption schemes with wildcards (WIBE). Our schemes outperform all existing alternatives in terms of efficiency as well as security. We achieve these results by extending the hybrid encryption (KEM--DEM) framework to the case of WIBE schemes. We propose and prove secure one generic construction in the random oracle model, and one direct construction in the standard model.
2006
EPRINT
In this paper we investigate a security model for Timed-Release Encryption schemes with Pre-Open Capability (TRE-PC schemes) proposed by Hwang, Yum, and Lee. Firstly, we show that the HYL model possesses a number of defects and fails to model some potentially practical security vulnerabilities faced by TRE-PC schemes. Secondly, we propose a new security model for TRE-PC schemes which models the securities against four kinds of attacker and avoids the defects of the HYL model. We also work out the complete relations among the security notions defined in the new model. Thirdly, we introduce the notion of TRE-PC-KEM, which is a special type of KEM, and show a way to construct a TRE-PC scheme using a TRE-PC-KEM and a DEM. Finally, we propose an instantiation of a TRE-PC-KEM and prove its security.
2005
EPRINT
In this paper we examine the security criteria for a KEM and a DEM that are su?cient for the overall hybrid encryption scheme to be plaintext-aware in the standard model. We apply this theory to the Cramer-Shoup hybrid scheme acting on ?xed length messages and deduce that the Cramer-Shoup scheme is plaintext-aware in the standard model. This answers a previously open conjecture of Bellare and Palacio on the existence of plaintext-aware encryption schemes.
2005
EPRINT
Certificateless public-key encryption has recently been proposed as an attractive alternative to certificate-based and identity-based encryption schemes. The attraction of certificateless PKE is that it combines the implicit public key authentication of an identity-based scheme with the escrow-free property of a certificate-based scheme. However, all the certificateless schemes that have been thusfar presented have either had the security proved in a reduced security model, or have relied on the random oracle model. Indeed, some authors have gone as far as suggesting that it is impossible to prove the full security of a certificateless scheme in the standard model. This paper examines this claim and comes to the conclusion that, while some provable security techniques may be denied to us, there is no reason why the security of a certificateless scheme cannot be proven in the standard model.
2005
EPRINT
Signcryption schemes aim to provide all of the advantages of simultaneously signing and encrypting a message. Recently, Dent and Bj{\o}rstad investigated the possibility of constructing provably secure signcryption schemes using hybrid KEM-DEM techniques. We build on this work by showing that more efficient insider secure hybrid signcryption schemes can be built using Tag-KEMs. To prove the effectiveness of this construction, we will provide several examples of secure signcryption Tag-KEMs, including a brand new construction based on the Chevallier-Mames signature scheme which has the tightest known security reductions for both confidentiality and unforgeability.
2004
EPRINT
One of the driving forces behind the development of 3G systems is the potential to deliver complex content to consumers. This is evident from the growing collaboration between broadcast and mobile network operators, and the expectation that future broadcast receivers will be able to forward content to mobile devices. One challenge in providing such a service is the requirement for content protection. An aspect of this that is particularly relevant to mobile systems is the ability to control where content is viewed. Although 3G networks can provide location of a user?s receiver, this device may be in a different location from the device that renders the content. Thus the provider cannot be certain where the content will be viewed. This paper proposes two protocols that will provide the location of the end device in a secure manner that can be trusted by the content provider.
2004
EPRINT
This paper examines the methods in which the ideas behind a KEM--DEM hybrid encryption scheme can be extended to other types of asymmetric primitives, particularly to signcryption schemes. The central principle is a keyed symmetric algorithm can be used to provide a security service for in an asymmetric algorithm provided that that symmetric primitive is under the control of the asymmetric part of the cipher (say, if asymmetric techniques are used to generate the key that the symmetric primitive uses). This theory is applied to signcryption schemes with outsider security and an efficient, provably secure scheme, termed ECISS-KEM, is proposed. The theory is also applied to signature schemes, where it is shown that efficient hybrid signature schemes can never exist, and to signcryption schemes with insider security, where it is shown that several existing schemes can be considered hybrid signcryption schemes.
2002
ASIACRYPT
2002
EPRINT
This paper presents results that show that there exist problems in that are provably hard in the generic group model but easy to solve whenever the random encoding function is replaced with a specific encoding function (or one drawn from a specific set of encoding functions). We also show that there exist cryptographic schemes that are provably hard in the generic group model but easy to break in practice.
2002
EPRINT
A generic or KEM-DEM hybrid construction is a formal method of combining a asymmetric and symmetric encryption techniques to give an efficient, provably secure public-key encryption scheme. This method combines an asymmetric KEM with a symmetric DEM, and each of these components must satisfy their own security conditions. In this paper we describe generic constructions for provably secure KEMs based on lower level primitives such as one-way trapdoor functions and weak key-agreement protocols.

PKC 2011