CryptoDB
Susan Hohenberger
Publications
Year
Venue
Title
2023
EUROCRYPT
Registered Attribute-Based Encryption
Abstract
Attribute-based encryption (ABE) generalizes public-key encryption and enables fine-grained control to encrypted data. However, ABE upends the traditional trust model of public-key encryption by requiring a single trusted authority to issue decryption keys. If an adversary compromises the central authority and exfiltrates its secret key, then the adversary can decrypt every ciphertext in the system.
This work introduces registered ABE, a primitive that allows users to generate secret keys on their own and then register the associated public key with a "key curator" along with their attributes. The key curator aggregates the public keys from the different users into a single compact master public key. To decrypt, users occasionally need to obtain helper decryption keys from the key curator which they combine with their own secret keys. We require that the size of the aggregated public key, the helper decryption keys, the ciphertexts, as well as the encryption/decryption times to be polylogarithmic in the number of registered users. Moreover, the key curator is entirely transparent and maintains no secrets. Registered ABE generalizes the notion of registration-based encryption (RBE) introduced by Garg et al. (TCC 2018), who focused on the simpler setting of identity-based encryption.
We construct a registered ABE scheme that supports an a priori bounded number of users and policies that can be described by a linear secret sharing scheme (e.g., monotone Boolean formulas) from assumptions on composite-order pairing groups. Our approach deviates sharply from previous techniques for constructing RBE and only makes black-box use of cryptography. All existing RBE constructions (a weaker notion than registered ABE) rely on heavy non-black-box techniques. The encryption and decryption costs of our construction are comparable to those of vanilla pairing-based ABE. Two limitations of our scheme are that it requires a structured reference string whose size scales quadratically with the number of users (and linearly with the size of the attribute universe) and the running time of registration scales linearly with the number of users.
Finally, as a feasibility result, we construct a registered ABE scheme that supports general policies and an arbitrary number of users from indistinguishability obfuscation and somewhere statistically binding hash functions.
2020
CRYPTO
Chosen Ciphertext Security from Injective Trapdoor Functions
★
Abstract
We provide a construction of chosen ciphertext secure public-key encryption from (injective) trapdoor functions. Our construction is black box and assumes no special properties (e.g. ``lossy'', ``correlated product secure'') of the trapdoor function.
2013
CRYPTO
2012
JOFC
Batch Verification of Short Signatures
Abstract
With computer networks spreading into a variety of new environments, the need to authenticate and secure communication grows. Many of these new environments have particular requirements on the applicable cryptographic primitives. For instance, a frequent requirement is that the communication overhead inflicted be small and that many messages be processable at the same time. In this paper, we consider the suitability of public key signatures in the latter scenario. That is, we consider (1) signatures that are short and (2) cases where many signatures from (possibly) different signers on (possibly) different messages can be verified quickly. Prior work focused almost exclusively on batching signatures from the same signer.We propose the first batch verifier for messages from many (certified) signers without random oracles and with a verification time where the dominant operation is independent of the number of signatures to verify. We further propose a new signature scheme with very short signatures, for which batch verification for many signers is also highly efficient. Combining our new signatures with the best known techniques for batching certificates from the same authority, we get a fast batch verifier for certificates and messages combined. Although our new signature scheme has some restrictions, it is very efficient and still practical for some communication applications.
Program Committees
- Crypto 2024
- Crypto 2022
- Eurocrypt 2020
- Crypto 2019
- PKC 2014
- TCC 2014
- Crypto 2012
- Crypto 2010
- TCC 2010
- TCC 2008
- Crypto 2008
Coauthors
- Jae Hyun Ahn (2)
- Allison Bishop (2)
- Dan Boneh (2)
- Jan Camenisch (5)
- David Cash (1)
- Scott E. Coull (1)
- David Goldenberg (1)
- Rishab Goyal (1)
- Matthew Green (5)
- Susan Hohenberger (29)
- Venkata Koppula (4)
- Moses Liskov (1)
- George Lu (1)
- Anna Lysyanskaya (2)
- Michael Østergaard Pedersen (2)
- Guy N. Rothblum (2)
- Amit Sahai (2)
- Elizabeth Crump Schwartz (1)
- Hakan Seyalioglu (1)
- Abhi Shelat (4)
- Vinod Vaikuntanathan (2)
- Brent Waters (17)
- David J. Wu (1)