Abstract
We introduce Vetted Encryption (VE), a novel cryptographic primitive, which addresses the following scenario: a receiver controls, or vets, who can send them encrypted messages. We model this as a filter publicly checking ciphertext validity, where the overhead does not grow with the number of senders. The filter receives one public key for verification, and every user receives one personal encryption key.
We present three versions: Anonymous, Identifiable, and Opaque VE (AVE, IVE and OVE), and concentrate on formal definitions, security notions and examples of instantiations based on preexisting primitives of the latter two. For IVE, the sender is identifiable both to the filter and the receiver, and we make the comparison with identity-based signcryption. For OVE, a sender is anonymous to the filter, but is identified to the receiver. OVE is comparable to group signatures with message recovery, with the important additional property of confidentiality of messages.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ateniese, G., Francati, D., Nuñez, D., Venturi, D.: Match me if you can: matchmaking encryption and its applications. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part II. LNCS, vol. 11693, pp. 701–731. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_24
Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_38
Bellare, M., Namprempre, C., Neven, G.: Security proofs for identity-based identification and signature schemes. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 268–286. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_17
Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30574-3_11
Cortier, V., Gaudry, P., Glondu, S.: Belenios: a simple private and verifiable electronic voting system. In: Guttman, J.D., Landwehr, C.E., Meseguer, J., Pavlovic, D. (eds.) Foundations of Security, Protocols, and Equational Reasoning. LNCS, vol. 11565, pp. 214–238. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-19052-1_14
Damgård, I., Haagh, H., Orlandi, C.: Access control encryption: enforcing information flow with cryptography. In: Hirt, M., Smith, A. (eds.) TCC 2016, Part II. LNCS, vol. 9986, pp. 547–576. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_21
Dent, A.W., Fischlin, M., Manulis, M., Stam, M., Schröder, D.: Confidential signatures and deterministic signcryption. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 462–479. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13013-7_27
Dent, A.W., Zheng, Y. (eds.): Practical Signcryption. ISC. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-540-89411-7
Hovd, M.N., Stam, M.: Vetted encryption (2020). https://eprint.iacr.org/2020/1348
Paterson, K.G., Schuldt, J.C.N.: Efficient identity-based signatures secure in the standard model. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 207–222. Springer, Heidelberg (2006). https://doi.org/10.1007/11780656_18
Shen, S.-T., Rezapour, A., Tzeng, W.-G.: Unique signature with short output from CDH assumption. In: Au, M.-H., Miyaji, A. (eds.) ProvSec 2015. LNCS, vol. 9451, pp. 475–488. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26059-4_26
Zheng, Y.: Digital signcryption or how to achieve cost(signature & encryption) \(\ll \) cost(signature) + cost(encryption). In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 165–179. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052234
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Unique Identity Based Signature Scheme
A Unique Identity Based Signature Scheme
We construct an identity based signature scheme with unique signatures (\({\textsc {UIBSS}}\)) by using the known certificate based transformation on an unique signature scheme [3]. We generate a master signing and verification key for a \({\textsc {USS}}\) scheme, as well as set up a PRF. Given an identity \( \MakeUppercase {ID} \) we use the PRF to derive randomness, which is then fed into the key generation algorithm of a \({\textsc {USS}}\) scheme. In other words: the key generation of the \({\textsc {USS}}\) is derandomised, with the given randomness depending on a given identity. The resulting key pair () are components of the user key \( \MakeUppercase {USK} \) of \( \MakeUppercase {ID} \). The key \( \MakeUppercase {USK} \) also includes a certificate, which is signed under the master signing key. A signature of a message \( \MakeUppercase {m} \) in the \({\textsc {UIBSS}}\) scheme is simply (), where . Finally, verification requires that both signatures \(\sigma \) and \( \MakeUppercase {CERT} _{ \MakeUppercase {ID} }\) verifies on \( \MakeUppercase {m} \) and , respectively. We present the construction of our \({\textsc {UIBSS}}\) in Fig. 9, see the full version for the syntax of \({\textsc {IBS}}\) schemes.
We adopt the security notion of existential unforgeability of identity based signature schemes to our scheme [10]. Informally, the notion states that given access to a signing oracle and a corruption oracle, an adversary should not be able to find a tuple (\( \MakeUppercase {m} , \MakeUppercase {ID} , \sigma \)) which passes the verification algorithm, where she has not asked to corrupt \( \MakeUppercase {ID} \), and not asked for a signature on (\( \MakeUppercase {m} , \MakeUppercase {ID} \)). Since the general certificate construction has been proven to produce identity-based signature schemes that satisfy this notion of security, it follows that our scheme is secure with respect to existential unforgeability [3].
For unique signature schemes implies \(\sigma = \sigma '\) [11]. However, we will relax this requirement, and rather require that it is computationally hard for an adversary to win the following game: given the verification key, and access to a derivation oracle, find a tuple (\( \MakeUppercase {m} , \MakeUppercase {ID} , \varsigma , \varsigma '\)) such that , yet \(\varsigma \ne \varsigma '\). We define this security notion as outsider unicity, with the game formally defined in Fig. 10. As always, the advantage of the adversary is her probability of winning the game.
Our certificate based \({\textsc {UIBSS}}\) scheme achieves outsider unicity due to the unicity property of the underlying unique signature scheme, as well as it’s notion of unforgeability. Informally, the unicity of signatures forces an adversary to find a forgery on .
Lemma 7
(Outsider unicity of \({\textsc {UIBSS}}\) construction). For all adversaries , there exists an adversary such that
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Hovd, M.N., Stam, M. (2020). Vetted Encryption. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds) Progress in Cryptology – INDOCRYPT 2020. INDOCRYPT 2020. Lecture Notes in Computer Science(), vol 12578. Springer, Cham. https://doi.org/10.1007/978-3-030-65277-7_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-65277-7_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65276-0
Online ISBN: 978-3-030-65277-7
eBook Packages: Computer ScienceComputer Science (R0)