[PDF] Top 20 Fully, (Almost) Tightly Secure IBE from Standard Assumptions

... our IBE scheme is essentially that obtained by embedding Waters’ fully secure IBE based on DBDH into composite-order groups, and then converting this to a prime-order scheme (see Section 4 for ... See full document

... Tightly secure encryption and signature schemes. The construction of tightly secure crypto- graphic schemes appears to be a nontrivial ...[3], tightly secure PKE schemes have ... See full document

... j from 0 up to ` − ...is almost independent of ...is almost (statistically) independent of ...is almost independent of β, which is exactly what we are aiming ... See full document

... Wee’s almost tightly-secure IBE scheme [CW13], do manage to handle the second concern but these works (except one) rely on tag-based approaches 5 ... See full document

... on IBE. The first realizations of IBE in the random oracle model were given in [12, 50, ...the standard model [15, 9] were ...and tightly secure IBE scheme ...a tightly ... See full document

... construction standard-model signatures with a tight security ...surprisingly, tightly-secure signatures can be constructed from any Chameleon Hash function ...elements from the ... See full document

... is secure under the standard decision linear ...is secure under standard assumption ...scheme from structure- preserving signatures ... See full document

... The Fiat-Shamir heuristic. Fiat and Shamir [FS86] suggested a heuristic for reducing interaction in constant-round public-coin protocols. Compared to our approach, their transformation is simple, highly efficient, ... See full document

... an IBE which has been proved secure using the dual-system ...both IBE and HIBE, ciphertext and key in the scheme itself are called ...elements from the problem instance) have proper ... See full document

... any fully secure SPS requires at least 2 verification equations, at least 3 group elements, the 3 elements not all the same group (for Type III asymmetric ...one-time secure SPS against random ... See full document

... for IBE, two types of ciphertexts and keys are defined – one is normal (as generated in the scheme) and the other is semi-functional (defined using some secret information possibly available only in the master ... See full document

... While our approach is generic and modular, we give efficient instantiations from standard as- sumptions (such as the SXDH or DLIN assumptions in pairing-friendly groups). Specifically, we propose an ... See full document

... Roughly speaking, to prove the SIM-SO-CCA security of a PKE (see for Definition 1), for any PPT adversary, we need to construct a simulator and show that the adversary’s outputs are indistinguishable with those of the ... See full document

... the fully collusion-resistant blackbox traceability for such a ‘functional’ ...a secure CP-ABE with fully collusion-resistant blackbox ...a fully secure and fully ... See full document

... how IBE is used, with the benefit that the PKG is substituted with a weaker entity called “key curator” who has no knowledge of any secret ...updates from the key curator as the population ... See full document

... inputs from and the outputs to other programs running within the same “entity” (say, the same physical computer), and the incoming communication tapes and outgoing communication tapes model messages received ... See full document

... simplifying assumptions that there is no login attempt policy and that passwords are independent and uniformly distributed from a dictionary of size N ... See full document

... first IBE scheme with almost-tight reduction to static assumptions in the standard model, combining the dual system technique with Naor-Reingold technique for pseudo-random functions [ NR04 ] ... See full document

... Adaptively secure scheme Our adaptively secure scheme calls the fixed-length puncturable PRF once on each of l inputs, where each input is λ + dlg le + 1 ... See full document

... machine that is used in the response to the key generation query whose random integer τ is equal to τ ∗ . Due to the change introduced in Game 3, there is a unique key generation query that satisfies this. Because of the ... See full document