Skip to main content
SpringerLink
Log in

Hidden Credential Retrieval without Random Oracles

  • Conference paper
Information Security Applications (WISA 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6513))

Included in the following conference series:

  • 1019 Accesses

Abstract

To address the question of secure and efficient management of the access credentials so that a user can store and retrieve them using a ‘short and easy-to-remember’ password in a connected world, X. Boyen proposed a user-centric model in ASIACCS’09, named Hidden Credential Retrieval (HCR). The protocol was shown secure under random-oracle model. However, the construction does not explicitly prevent an HCR server from colluding with the third party service provider (i.e., an online bank), which can result into retrieving the hidden credential without the user’s participation. In this paper, we show the HCR construction without the random-oracles with enhanced properties based on Okamoto’s blind signature scheme proposed in TCC’06. For the “Insider attack” model, we provide the attacker (server) with more computational ability in trying to recover the plaintext message from the ciphertext that has been stored in the server by the user, being completely offline. Moreover, we include an explicit notion of identity ID that is useful in practice, so that the server knows whose encrypted credential is to be used in the protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Baek, J., Naini, R.S., Susilo, W.: Public Key Encryption with Keyword Search Revisited. In: Gervasi, O., Murgante, B., Laganà, A., Taniar, D., Mun, Y., Gavrilova, M.L. (eds.) ICCSA 2008, Part I. LNCS, vol. 5072, pp. 1249–1259. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  2. Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: IEEE Symposium on Security and Privacy- SP 1992, pp. 72–84 (1992)

    Google Scholar 

  3. Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547–557. Springer, Heidelberg (1990)

    Google Scholar 

  4. Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  5. Boneh, D., Boyen, X.: Short Signatures Without Random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  6. Boneh, D., Crescenzo, G.D., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  7. Boyen, X.: Hidden Credential Retrieval from a Reusable Password. In: The Proceedings of the 4th International Symposium on ACM Symposium on Information, Computer and Communications Security, ASIACCS 2009, pp. 228–238 (2009)

    Google Scholar 

  8. Camenisch, J., Koprowski, M., Warinschi, B.: Efficient Blind Signatures without Random Oracles. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 134–148. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  9. Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively Secure Multi-Party Computation. In: The Proceedings of the 28th Annual ACM Symposium on Theory of Computing, STOC 1996, pp. 639–648 (1996)

    Google Scholar 

  10. Canetti, R., Goldreich, O., Halevi, S.: The Random Oracle Methodology, Revisited. In: The Proceedings of the 30th ACM Symposium on Theory of Computing, STOC 1998, pp. 209–218 (1998)

    Google Scholar 

  11. Cachin, C., Micali, S., Stadler, M.: Computationally private information retrieval with polylogarithmic communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 402–414. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  12. Chaum, D.: Blind signatures for untraceable payments. In: McCurley, K.S., Ziegler, C.D. (eds.) Advances in Cryptology 1981 - 1997. LNCS, vol. 1440, pp. 199–203. Springer, Heidelberg (1999)

    Google Scholar 

  13. Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: IEEE Symposium on Foundations of Computer Science, FOCS 1995, pp. 41–51 (1995)

    Google Scholar 

  14. Goldreich, O., Micali, S., Wigderson, A.: How to Play any Mental Game. In: The 19th Annual ACM Symposium on the Theory of Computing, STOC 1987, pp. 218–229 (1987)

    Google Scholar 

  15. Juels, A., Luby, M., Ostrovsky, R.: Security of blind digital signatures. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 150–164. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  16. Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 475–494. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  17. Kimelfeld, B., Sagiv, Y.: Efficient engines for keyword proximity search. In: WebDB 2005 (2005)

    Google Scholar 

  18. Knuth, D.: The Art of Computer Programming: Sorting and Searching, 3rd edn., vol. 3. Addison-Wesley, Reading (1997)

    MATH  Google Scholar 

  19. Liu, F., Yu, C., Meng, W., Chowdhury, A.: Effective keyword search in relational databases. In: Proceedings of the 2006 ACM SIGMOD 2006, pp. 563–574 (2006)

    Google Scholar 

  20. Naor, M., Pinkas, B.: Oblivious transfer with adaptive queries. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 573–590. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  21. Okamoto, T.: Efficient Blind and Partially Blind Signatures Without Random Oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 80–99. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  22. Okamoto, T.: Efficient Blind and Partially Blind Signatures Without Random Oracles. Cryptology ePrint Archive: Report 2006/102, http://eprint.iacr.org/2006/102

  23. Yao, A.: How to Generate and Exchange Secrets. In: The 27th Annual IEEE Symposium on the Foundations of Computer Science, FOCS 1986, pp. 162–167 (1986)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Science, Japan Advanced Institute of Science and Technology, 1-1 Asahidai, Nomi, Ishikawa, Japan, 923-1292

    Atsuko Miyaji & Mohammad Shahriar Rahman

  2. School of Information Sciences, Hiroshima City University, 3-4-1, Ozuka-higashi Asa-Minami-Ku, Hiroshima, Japan, 731-3194

    Masakazu Soshi

Authors
  1. Atsuko Miyaji
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad Shahriar Rahman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Masakazu Soshi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer and Information Science, Korea University, Chungnam-do, Korea

    Yongwha Chung

  2. Computer Science Department, Google Inc. and Columbia University, NewYork, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Miyaji, A., Rahman, M.S., Soshi, M. (2011). Hidden Credential Retrieval without Random Oracles. In: Chung, Y., Yung, M. (eds) Information Security Applications. WISA 2010. Lecture Notes in Computer Science, vol 6513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17955-6_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17955-6_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17954-9

  • Online ISBN: 978-3-642-17955-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation