November 2024
What is this page?
This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.
Publications (206)
November 2024
·
2 Citations
November 2024
·
1 Read
·
3 Citations
November 2024
September 2024
August 2024
·
2 Reads
·
2 Citations
August 2024
·
1 Read
·
4 Citations
June 2024
·
1 Read
·
8 Citations
November 2023
·
10 Reads
·
1 Citation
Lecture Notes in Computer Science
Anonymous routing is an important cryptographic primitive that allows users to communicate privately on the Internet, without revealing their message contents or their contacts. Until the very recent work of Shi and Wu (Eurocrypt’21), all classical anonymous routing schemes are interactive protocols, and their security rely on a threshold number of the routers being honest. The recent work of Shi and Wu suggested a new abstraction called Non-Interactive Anonymous Router (NIAR), and showed how to achieve anonymous routing non-interactively for the first time. In particular, a single untrusted router receives a token which allows it to obliviously apply a permutation to a set of encrypted messages from the senders. Shi and Wu’s construction suffers from two drawbacks: 1) the router takes time quadratic in the number of senders to obliviously route their messages; and 2) the scheme is proven secure only in the presence of static corruptions. In this work, we show how to construct a non-interactive anonymous router scheme with sub-quadratic router computation, and achieving security in the presence of adaptive corruptions. To get this result, we assume the existence of indistinguishability obfuscation and one-way functions. Our final result is obtained through a sequence of stepping stones. First, we show how to achieve the desired efficiency, but with security under static corruption and in a selective, single-challenge setting. Then, we go through a sequence of upgrades which eventually get us the final result. We devise various new techniques along the way which lead to some additional results. In particular, our techniques for reasoning about a network of obfuscated programs may be of independent interest.
November 2023
·
5 Reads
·
3 Citations
Citations (63)
... • Constructions of ABE from null-iO/WE seem to require embedding some form of obfuscation of the access policy in the ciphertext, leading to non-compact ciphertexts, i.e. ciphertext size is dependent on policy size. Explicit constructions of ABE from WE seem to appear only recently [FWW23], which built registered-ABE (RABE) and broadcast encryption (BE) from WE. Indeed, their RABE has non-compact ciphertexts due to the aforementioned obstacle, and the techniques they used for building BE do not seem to translate to an ABE for circuits. In contrast, [Wee22] and our schemes achieve compact ciphertexts. ...
- Citing Chapter
August 2023
Lecture Notes in Computer Science
... In the Feature Articles in this issue, the research lab directors explain the aims of their respective laboratories [2][3][4]. In addition, Brent Waters, a distinguished scientist in the area of basic cryptography theory, shares his thoughts on creating a new research lab [5]. ...
- Citing Article
December 2019
NTT Technical Review
... As such many pairing-based schemes (e.g. [LW11,DKW23a,DKW23b,AG23], see also [DKW23b, Table 1]) can be interpreted as MA-ABE for NC1 circuits. ...
- Citing Chapter
April 2023
Lecture Notes in Computer Science
... An alternative option based on early encoding leverages attribute-based encryption (ABE) [25,40]. In an ABE scheme, each participant receives a secret key linked to some attributes (e.g., geographical location), while ciphertexts are linked to policies. ...
- Citing Chapter
April 2023
Lecture Notes in Computer Science
... As such many pairing-based schemes (e.g. [LW11,DKW23a,DKW23b,AG23], see also [DKW23b, Table 1]) can be interpreted as MA-ABE for NC1 circuits. ...
- Citing Article
April 2023
Journal of Cryptology
... We need to show that for any set of ciphertexts and any decryption key the probability that the evaluation of the decryption key, associated with a function , on the set of ciphertexts outputs ( ) + with the same probability that was sampled over Δ. schemes relies on the hardness of the general -Linear assumption [41], being still the basis of various state-of-the-art papers, e.g., [46]. It works for any choice of , including the Symmetric External Diffie-Hellman Assumption (SXDH) for = 1 and the Decisional Linear Assumption (DLIN) for = 2. ...
- Citing Chapter
October 2022
Lecture Notes in Computer Science
... Tracing vs. Watermarking. Goyal et al. [GKWW21] argue that watermarking PRFs are too weak for traitor-tracing applications since programs can easily be useful without retaining input-output behaviour on a large fraction of the input, e.g. by recovering only half of the output value, or when used as subroutines, e.g. as part of a decryption program. In these cases, the watermarking authority may not be able to extract the mark from a forged program, since extraction is only guaranteed if given complete and correct outputs of the PRF. ...
- Citing Chapter
December 2021
Lecture Notes in Computer Science
... All pairing-based cryptographic constructions are vulnerable against quantum adversaries. Currently, all plausibly post-quantum secure candidates are lattice-based, including the schemes of [DKW21,WWW22], and ours. We summarise existing lattice-based MA-ABEs in Table 1, where we also include the state-of-the-art group-based scheme of [DKW23b] for comparison. ...
- Citing Chapter
June 2021
Lecture Notes in Computer Science
... In the construction, we set p D ‚.2 / and dim.s/ to a large enough polynomial in . tions imply a vast array of cryptographic objects, so much so that iO has been conjectured to be a "central hub" [71,92] for cryptography. ...
Reference:
Indistinguishability obfuscation
- Citing Article
May 2021
SIAM Journal on Computing
... Instantiations. Compute and compare obfuscators with almost perfect correctness are constructed in [GKW17,WZ17] based on quantum LWE, and recently with perfect correctness in [GKVW19] based on quantum LWE. ...
- Citing Chapter
December 2020
Lecture Notes in Computer Science