[PDF] Top 20 Efficient Adaptively Secure IBBE from Standard Assumptions

... are secure under some non-standard and parametrised ...scheme secure proved secure under static assumptions was proposed by Waters [Wat09] using the dual system encyrption ...security ... See full document

... only efficient when the thresh- old t was very small or very large with respect to the number of parties N ...DPRF from key-homomorphic ...the standard model assuming the hardness of ...more ... See full document

... on standard assumptions (such as DDH or LWE), using (single-key) general-purpose functional encryption and predicate ...more efficient, although special- ized to the equality and range ...der ... See full document

... are secure in the standard model based on pairings [9, 5, 6, 28, 15, 29] as well as lattices [16, 10, 2, ...very efficient constructions of IBE based on standard assumptions which ... See full document

... (selectively secure) ABS supporting conjunction ...and adaptively secure, respectively), albeit for threshold ...scheme from a lattice-based ...circuits from multilin- ear ...circuits ... See full document

... a standard complexity leveraging argument can be used to argue that a selectively-secure system is also adaptively ...building adaptively secure functional encryption systems ... See full document

... very efficient in comparison to previous threshold schemes for plain DSA signatures: Lindell reports that his scheme requires only 37ms (including communication) per signature over the standard P-256 [8] ... See full document

... SIM-SO-CCA secure PKEs, only one of them has a tight security reduction ...an efficient opener, leading to a tightly SIM-SO-CCA secure PKE based on the Non-Uniform LWE ...tightly secure PRF ... See full document

... Namely, the goal is to prove consistency of discrete logarithms with respect to two different group orders with generators (1 + N ) and g, respectively. This can be achieved by combining the proof of knowl- edge of ... See full document

... SIM-RSO-CCA secure PKE ...constructed from any standard computational ...SIM-RSO-CCA secure PKE from standard computational ...SIM-RSO-CCA secure PKE using an IND-CPA ... See full document

... exist efficient linear error correcting codes which can correct linear fraction of errors, the syndrome-based secure sketch is able to correct linear fraction of errors as well, so is our robustly reusable ... See full document

... heavily from the recent work of Kiltz and Wee [35] which addresses a different problem of constructing pairing-based non-interactive zero- knowledge arguments [29, ...obtaining adaptively secure ... See full document

... PRFs from [KPTZ13, BW13, BGI14] fulfill the assumptions of the argument, it seems hopeless to prove them fully secure, at least for standard preimage ... See full document

... To start with, it is desirable to avoid a security degradation which is exponential in the depth of the HIBE. In the current state of the art, this means that one has to follow the dual-system approach. So, any attempt ... See full document

... inspired from the key-homomorphic functional encryption scheme for circuits of [BGG + 14]: indeed key generation in functional encryption can generically be used as a signature that will inherit the se- curity of ... See full document

... therefore Assumptions 1’, 2’, and 3’ no longer follow from Assumptions 1, 2, and ...less efficient scheme from very simple assumptions, or a more efficient scheme ... See full document

... that adaptively securely realizes F with respect to a black-box ...participation from the adversary in the “main thread,” but fails to get any “useful” information from the ... See full document

... Our assumptions and CRIND-Security. For these reasons, we need to extend the notion of MI-FE to what we call collision-resistant indistinguishability (CRIND, in short) 4 . In Section 4 we provide an instantiation ... See full document

... of adaptively secure MPC was established in the seminal CLOS protocol [24] in a resoundingly strong manner in the UC framework ...under standard assumptions, and recently Benhamouda et ... See full document

... (re-key) from user A, re-encrypting towards user ...to secure encrypted electronic mail forwarding, distributed system storage, outsourced filtering of encrypted spam, access control, DRM of apple iTunes ... See full document