[PDF] Top 20 Efficient CCA-secure Threshold Public-Key Encryption Scheme

... In threshold public-key encryption, the decryption key is divided into n shares, each one of which is given to a different decryption user in order to avoid single points of ... See full document

... The scheme that searching over the encrypted data, which is also named conjunctive keyword searchable scheme, enables one to search the encrypted data by using conjunctive ...their scheme into a ... See full document

... very efficient scheme with asymptotically optimal size secret keys and ciphertexts which is already proved selective CCA secure based on standard assumptions, in this section we try to see how ... See full document

... of Public-key Authenticated Encryption with Keyword Search (PAEKS) to solve the problem, in which the data sender not only encrypts a keyword, but also authenticates it, so that a verifier would be ... See full document

... this scheme with known leakage-flexible schemes [10,15] in Table 1 where 1 − α de- notes the leakage rate, “SXDH” denotes the symmetric external Diffie-Hellman assumption, “DLIN” denotes the decisional linear ... See full document

... related key attack-secure PRF (RKA-PRF) can be used to build a RRA-secure PKE scheme for Φ-restricted adversaries, thus transferring security from the RKA setting for PRFs to the RRA setting ... See full document

... Roughly speaking, to prove the SIM-SO-CCA security of a PKE (see for Definition 1), for any PPT adversary, we need to construct a simulator and show that the adversary’s outputs are indistinguishable with those of ... See full document

... first public-key encryption scheme whose chosen- ciphertext security [46,47] in the multi-user setting tightly relates to a standard hardness assumption, which solved a problem left open by ... See full document

... private key in a CL-PKC scheme is not generated by the Key Generation Center (KGC) ...the key escrow problem can be ...additional public-key for each ...additional public ... See full document

... a CCA secure KEM) from a new set of general cryptographic primitives: SNCE and symmetric key encryption secure for key-dependent messages (KDM secure SKE) ...SNCE ... See full document

... and efficient public key encryption with a conjunctive field keyword search scheme based on bilinear pairing and prove that our scheme is semantically security under DDH [13] ... See full document

... our scheme. In a proxy re-encryption scheme [1], the message is not revealed to the ...re- encryption, the proxy also needs to have the right condition key to transform the cipher text ... See full document

... a public-key encryption (PKE) scheme is formalized by Fehr et ...schemes secure against chosen-plaintext/ciphertext selective opening attacks (SO-CPA/CCA ...PKE scheme to ... See full document

... model key exchange protocol, namely the protocol ...Diffie-Hellman-style key exchange protocol, and we assume on the hardness of the decisional Diffie-Hellman (DDH) ...CCA2-secure ... See full document

... – Learning with Rounding (LWR) [10]: schemes based on (variants of) LWE require sampling from noise distributions, which needs randomness. Further- more, the noise is included in public keys and ciphertexts ... See full document

... certificateless encryption scheme, and a generic construction is ...attribute-based encryption scheme. Of course, in order to give IND-CCA secure scheme, we can depend on ... See full document

... Enabling secure data sharing in the cloud calls for fast and secure re-encryption techniques for managing encrypted file ...an efficient solution that offers delegation of decryption rights ... See full document

... one CCA-secure scheme due to Ge et ...a CCA-attack on their ...KP-ABPRE scheme with constant size ciphertexts requiring a constant number of exponentiations in encryption, and ... See full document

... attribute-based encryption (ABE) schemes secure in the standard model against chosen-ciphertext attacks ...chosen-plaintext secure (CPA-secure) ABE schemes to achieve more efficient ... See full document

... DCR-based scheme is the first one with IND- lrCCA security in the ...DLIN-based scheme is the first one without pairing ...more efficient than the previous scheme [5] albeit the leakage rate ... See full document