New Directions of Modern Cryptography
Format: PDF / Kindle (mobi) / ePub
Modern cryptography has evolved dramatically since the 1970s. With the rise of new network architectures and services, the field encompasses much more than traditional communication where each side is of a single user. It also covers emerging communication where at least one side is of multiple users. New Directions of Modern Cryptography presents general principles and application paradigms critical to the future of this field.
The study of cryptography is motivated by and driven forward by security requirements. All the new directions of modern cryptography, including proxy re-cryptography, attribute-based cryptography, batch cryptography, and noncommutative cryptography have arisen from these requirements. Focusing on these four kinds of cryptography, this volume presents the fundamental definitions, precise assumptions, and rigorous security proofs of cryptographic primitives and related protocols. It also describes how they originated from security requirements and how they are applied.
The book provides vivid demonstrations of how modern cryptographic techniques can be used to solve security problems. The applications cover wired and wireless communication networks, satellite communication networks, multicast/broadcast and TV networks, and newly emerging networks. It also describes some open problems that challenge the new directions of modern cryptography.
This volume is an essential resource for cryptographers and practitioners of network security, security researchers and engineers, and those responsible for designing and developing secure network systems.
can solve the eCDH problem. Given (q, g, G, GT , e, g u , g v , g 1/v ), ✐ ✐ ✐ ✐ ✐ ✐ “K14392” — 2012/11/5 — 10:45 ✐ 2.2. PROXY RE-SIGNATURE ✐ 35 B aims to output g uv or g u/v . The PRS security game goes as follows: External Security: • Random oracle Oh : On input string R, B first checks whether (R, Rh , rh , ∗) is in Table Th . If yes, B returns Rh and terminates; otherwise, B chooses a random number rh ∈ Z∗q , and proceeds as follows: – The input string R satisfies the format
5.4.1 Conjugate Left Self-Distributed System (Conj-LD) . . . . . . . 286 5.4.2 New Assumptions in Conj-LD Systems . . . . . . . . . . . . . 289 5.4.3 Cryptosystems from Conj-LD Systems . . . . . . . . . . . . . 293 5.4.4 Security and Efficiency Issues on Fat (b) . . . . . . . . . . . . . 299 Improved Key Exchange over Thompson’s Group . . . . . . . . . . . . 300 5.5.1 Thompson’s Group and Decomposition Problem . . . . . . . . 301 ✐ ✐ ✐ ✐ ✐ ✐ “K14392” — 2012/11/5 — 10:45 ✐
algorithm B with advantage D against Assumption 3. Theorem 3.4.9. If the signature scheme Σsign is UF-CMA secure and Assumptions 1, 2, and 3 hold, then our MA-CP-ABE scheme is secure. ✐ ✐ ✐ ✐ ✐ ✐ “K14392” — 2012/11/5 — 10:45 ✐ 3.4. MULTI-AUTHORITY ENCRYPTION SCHEMES ✐ 119 Proof. If Assumptions 1, 2 and 3 hold, and the signature scheme Σsign is UF-CMA secure, previous lemmas have shown that the real security game is indistinguishable from GameFinal , in which the value of β is
uaskatt,gid,d∗ = (Γgid,d∗ ,k )satt /vk,d∗ Ratt,gid,d∗ r ∗ gid,d Rgid,d∗ ,k )satt /vk,d∗ Ratt,gid,d∗ = (Vk,d ∗ By Γgid,d∗ ,k in (3.8) r ∗ gid,d Ratt,gid,d∗ . = Tatt It is properly distributed semi-functional of type 2. Note the corresponding (ucskgid,d∗ , ucpkgid,d∗ ) is properly distributed semi-functional of type 2, we have uskgid,d∗ as a semi-functional user-key of type 2. – If i > j, note that the corresponding (ucskgid,d∗ , ucpkgid,d∗ ) is generated by running the normal CKeyGen
might not be generic, since it somehow relies on the property of bilinear mapping. Therefore, we only illustrate our methodology using concrete examples rather than providing a formal description of a generic interval encryption system in the following subsections. ✐ ✐ ✐ ✐ ✐ ✐ “K14392” — 2012/11/5 — 10:45 ✐ 144 3.5.5 ✐ CHAPTER 3. ATTRIBUTE-BASED CRYPTOGRAPHY Basic Construction: A Concrete Instantiation Based on HIBE In this subsection, we will describe how the proposed methodology