CryptoDB
Yao Jiang Galteland
ORCID: 0000-0002-3083-5055
Publications
Year
Venue
Title
2023
PKC
Backward-Leak Uni-Directional Updatable Encryption from (Homomorphic) Public Key Encryption
Abstract
The understanding of directionality for updatable encryption (UE) schemes is important, but not yet completed in the literature. We show that security in the backward-leak uni-directional key updates setting is equivalent to the no-directional one. Combining with the work of Jiang (ASIACRYPT 2020) and Nishimaki (PKC 2022), it is showed that the backward-leak notion is the strongest one among all known key update notions and more relevant in practice. We propose two novel generic constructions of UE schemes that are secure in the backward-leak uni-directional key update setting from public key encryption (PKE) schemes: the first one requires a key and message homomorphic PKE scheme and the second one requires a bootstrappable PKE scheme. These PKE can be constructed based on standard assumptions (such as the Decisional Diffie-Hellman and Learning With Errors assumptions).
2023
ASIACRYPT
CCA-1 Secure Updatable Encryption with Adaptive Security
Abstract
Updatable encryption (UE) enables a cloud server to update
ciphertexts using client-generated tokens. There are two types of UE:
ciphertext-independent (c-i) and ciphertext-dependent (c-d). In terms of
construction and efficiency, c-i UE utilizes a single token to update all
ciphertexts. The update mechanism relies mainly on the homomorphic
properties of exponentiation, which limits the efficiency of encryption
and updating. Although c-d UE may seem inconvenient as it requires
downloading parts of the ciphertexts during token generation, it allows
for easy implementation of the Dec-then-Enc structure. This methodology significantly simplifies the construction of the update mechanism.
Notably, the c-d UE scheme proposed by Boneh et al. (ASIACRYPT’20)
has been reported to be 200 times faster than prior UE schemes based
on DDH hardness, which is the case for most existing c-i UE schemes.
Furthermore, c-d UE ensures a high level of security as the token does
not reveal any information about the key, which is difficult for c-i UE
to achieve. However, previous security studies on c-d UE only addressed
selective security; the studies for adaptive security remain an open problem.
In this study, we make three significant contributions to ciphertextdependent updatable encryption (c-d UE). Firstly, we provide stronger
security notions compared to previous work, which capture adaptive security and also consider the adversary’s decryption capabilities under
the adaptive corruption setting. Secondly, we propose a new c-d UE
scheme that achieves the proposed security notions. The token generation technique significantly differs from the previous Dec-then-Enc structure, while still preventing key leakages. At last, we introduce a packing
technique that enables the simultaneous encryption and updating of multiple messages within a single ciphertext. This technique helps alleviate
the cost of c-d UE by reducing the need to download partial ciphertexts
during token generation.
2020
CRYPTO
Fast and Secure Updatable Encryption
📺
Abstract
Updatable encryption allows a client to outsource ciphertexts to some untrusted server and periodically rotate the encryption key. The server can update ciphertexts from an old key to a new key with the help of an update token, received from the client, which should not reveal anything about plaintexts to an adversary.
We provide a new and highly efficient suite of updatable encryption schemes that we collectively call SHINE. In the variant designed for short messages, ciphertext generation consists of applying one permutation and one exponentiation (per message block), while updating ciphertexts requires just one exponentiation. Variants for longer messages provide much stronger security guarantees than prior work that has comparable efficiency. We present a new confidentiality notion for updatable encryption schemes that implies prior notions. We prove that SHINE is secure under our new confidentiality definition while also providing ciphertext integrity.
2020
ASIACRYPT
The Direction of Updatable Encryption does not Matter Much
📺
Abstract
Updatable encryption schemes allow for key rotation on ciphertexts. A client outsourcing storage of encrypted data to a cloud server can change its encryption key. The cloud server can update the stored ciphertexts to the new key using only a token provided by the client.
This paper solves two open problems in updatable encryption, that of uni-directional vs. bi-directional updates, and post-quantum security.
The main result in this paper is to analyze the security notions based on uni- and bi-directional updates. Surprisingly, we prove that uni- and bi-directional variants of each security notion are equivalent.
The second result in this paper is to provide a new and efficient updatable encryption scheme based on the Decisional Learning with Error assumption. This gives us post-quantum security. Our scheme is bi-directional, but because of our main result, this is sufficient.
Coauthors
- Colin Boyd (1)
- Huanhuan Chen (1)
- Gareth T. Davies (1)
- Yao Jiang Galteland (4)
- Kristian Gjøsteen (1)
- Kaitai Liang (1)
- Jiaxin Pan (1)