Academic
Publications
Group Encryption: Non-interactive Realization in the Standard Model

Group Encryption: Non-interactive Realization in the Standard Model,10.1007/978-3-642-10366-7_11,Julien Cathalo,Benoît Libert,Moti Yung

Group Encryption: Non-interactive Realization in the Standard Model   (Citations: 5)
BibTex | RIS | RefWorks Download
Group encryption (GE) schemes, introduced at Asiacrypt’07, are an encryption analogue of group signatures with a number of interesting applications. They allow a sender to encrypt a message (in the CCA2 security sense) for some member of a PKI group concealing that member’s identity (in a CCA2 security sense, as well); the sender is able to convince a verifier that, among other things, the ciphertext is valid and some anonymous certified group member will be able to decrypt the message. As in group signatures, an opening authority has the power of pinning down the receiver’s identity. The initial GE construction uses interactive proofs as part of the design (which can be made non-interactive using the random oracle model) and the design of a fully non-interactive group encryption system is still an open problem. In this paper, we give the first GE scheme, which is a pure encryption scheme in the standard model, i.e., a scheme where the ciphertext is a single message and proofs are non-interactive (and do not employ the random oracle heuristic). As a building block, we use a new public key certification scheme which incurs the smallest amount of interaction, as well.
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
    • ...crypted signatures [BGLS03, RS09], non-interactive group encryption [CLY09] and many more...
    • ...Independently of our work, Cathalo, Libert and Yung [CLY09] gave a practical scheme based on a combination of the hidden strong Diffie-Hellman assumption, Structure-Preserving Signatures and Commitments to Group Elements 215...
    • ...The 2-out-of-3 CDH assumption [KP06] states that given (G, G a ,H ), it is hard to output (G r ,H ar ) for an arbitrary r � . To break theFlexible CDH assumption [LV08, CLY09], an adversary must additionally compute G ar .W e further weaken the assumption by defining a solution as (G r ,G ar ,H r ,H ar ), and gener-...

    Masayuki Abeet al. Structure-Preserving Signatures and Commitments to Group Elements

    • ...In contrast, group signature scheme with concurrent join has been proposed in [39] and can also be constructed based on group encryption [22]...

    Man Ho Auet al. Proof-of-Knowledge of Representation of Committed Value and Its Applic...

    • ...Structure-preserving signature schemes [8,5,3,2,1] allow to sign group elements as a message without applying a hash function and prove one’s possession of a...
    • ...even unbounded. For instance, for the schemes in [8,3,2], a verification-key is inherently larger than the message space...
    • ...Case 1 (k ≥ 3). When the basic scheme Σ k can sign 3 group elements or more, like the ones in [8,3,2], one can sign arbitrary number of group elements by first generating random one-time tag t ∈ G and computing...

    Masayuki Abeet al. Efficient Message Space Extension for Automorphic Signatures

    • ...Cathalo, Libert and Yung [CLY09] constructed a partially structure-preserving signature scheme which signs only a single group element and used it for the construction of a group-encryption scheme...

    Masayuki Abeet al. Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups

Sort by: