CryptoDB
Ky Nguyen
Publications
Year
Venue
Title
2024
CRYPTO
Pairing-Free Blind Signatures from Standard Assumptions in the ROM
Abstract
Blind Signatures are a useful primitive for privacy preserving
applications such as electronic payments, e-voting, anonymous credentials,
and more. However, existing practical blind signature schemes based on
standard assumptions require either pairings or lattices. We present the
first construction of a round-optimal blind signature in the random oracle
model based on standard assumptions without resorting to pairings or
lattices. In particular, our construction is secure under the strong RSA
assumption and DDH (in pairing-free groups). For our construction, we
provide a NIZK-friendly signature based on strong RSA, and efficiently
instantiate a variant of Fischlin’s generic framework (CRYPTO’06). Our
Blind Signature scheme has signatures of size 4.28 KB and communication
cost 10.98 KB. On the way, we develop techniques that might be of
independent interest. In particular, we provide efficient relaxed range-
proofs for large ranges with subversion zero-knowledge and compact
commitments to elements of arbitrary groups.
2024
CIC
Decentralized Multi-Client Functional Encryption with Strong Security
Abstract
<p> Decentralized Multi-Client Functional Encryption (DMCFE) extends the basic functional encryption to multiple clients that do not trust each other. They can independently encrypt the multiple plaintext-inputs to be given for evaluation to the function embedded in the functional decryption key, defined by multiple parameter-inputs. And they keep control on these functions as they all have to contribute to the generation of the functional decryption keys. Tags can be used in the ciphertexts and the keys to specify which inputs can be combined together. As any encryption scheme, DMCFE provides privacy of the plaintexts. But the functions associated to the functional decryption keys might be sensitive too (e.g. a model in machine learning). The function-hiding property has thus been introduced to additionally protect the function evaluated during the decryption process.</p><p> In this paper, we provide new proof techniques to analyze a new concrete construction of function-hiding DMCFE for inner products, with strong security guarantees: the adversary can adaptively query multiple challenge ciphertexts and multiple challenge keys, with unbounded repetitions of the same tags in the ciphertext-queries and a fixed polynomially-large number of repetitions of the same tags in the key-queries. Previous constructions were proven secure in the selective setting only. </p>
2022
ASIACRYPT
Multi-Client Functional Encryption with Fine-Grained Access Control
📺
Abstract
Multi-Client Functional Encryption (\MCFE) and Multi-Input Functional Encryption (\MIFE) are very interesting extensions of Functional Encryption for practical purpose. They allow to compute joint function over data from multiple parties. Both primitives are aimed at applications in multi-user settings where decryption can be correctly output for users with appropriate functional decryption keys only.
While the definitions for a single user or multiple users were quite general and can be realized
for general classes of functions as expressive as Turing machines or all circuits,
efficient schemes have been proposed so far for concrete classes of functions: either only for access control, \emph{i.e.} the identity function under some conditions, or linear/quadratic functions under no condition.
In this paper, we target classes of functions that explicitly combine some evaluation functions independent of the decrypting user under the condition of some access control. More precisely, we introduce a framework for \MCFE with fine-grained access control and propose constructions for both single-client and multi-client settings, for inner-product evaluation and access control via Linear Secret Sharing Schemes (\textsf{LSSS}), with selective and adaptive security.
The only known work that combines functional encryption in multi-user setting with access control was proposed by Abdalla \emph{et al.} (Asiacrypt '20), which relies on a generic transformation from the single-client schemes to obtain $\MIFE$ schemes that suffer a quadratic factor of $n$ (where $n$ denotes the number of clients) in the ciphertext size. We follow a different path, via $\MCFE$: we present a \emph{duplicate-and-compress} technique to transform the single-client scheme and obtain a \MCFE with fine-grained access control scheme with only a linear factor of $n$ in the ciphertext size. Our final scheme thus outperforms the Abdalla \emph{et al.}'s scheme by a factor $n$, as one can obtain \MIFE from \MCFE by making all the labels in \MCFE a fixed public constant. The concrete constructions are secure under the $\SXDH$ assumption, in the random oracle model for the \MCFE scheme, but in the standard model for the \MIFE improvement.
Coauthors
- Julia Kastner (1)
- Ky Nguyen (3)
- Duong Hieu Phan (1)
- David Pointcheval (2)
- Michael Reichle (1)
- Robert Schädlich (1)