Brent Waters’s research while affiliated with University of Texas at Austin and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (206)


Adaptively Secure Attribute-Based Encryption from Witness Encryption
  • Chapter

November 2024

Brent Waters

·









Non-Interactive Anonymous Router with Quasi-Linear Router Computation

November 2023

·

10 Reads

·

1 Citation

Lecture Notes in Computer Science

Anonymous routing is an important cryptographic primitive that allows users to communicate privately on the Internet, without revealing their message contents or their contacts. Until the very recent work of Shi and Wu (Eurocrypt’21), all classical anonymous routing schemes are interactive protocols, and their security rely on a threshold number of the routers being honest. The recent work of Shi and Wu suggested a new abstraction called Non-Interactive Anonymous Router (NIAR), and showed how to achieve anonymous routing non-interactively for the first time. In particular, a single untrusted router receives a token which allows it to obliviously apply a permutation to a set of encrypted messages from the senders. Shi and Wu’s construction suffers from two drawbacks: 1) the router takes time quadratic in the number of senders to obliviously route their messages; and 2) the scheme is proven secure only in the presence of static corruptions. In this work, we show how to construct a non-interactive anonymous router scheme with sub-quadratic router computation, and achieving security in the presence of adaptive corruptions. To get this result, we assume the existence of indistinguishability obfuscation and one-way functions. Our final result is obtained through a sequence of stepping stones. First, we show how to achieve the desired efficiency, but with security under static corruption and in a selective, single-challenge setting. Then, we go through a sequence of upgrades which eventually get us the final result. We devise various new techniques along the way which lead to some additional results. In particular, our techniques for reasoning about a network of obfuscated programs may be of independent interest.



Citations (63)


... • Constructions of ABE from null-iO/WE seem to require embedding some form of obfuscation of the access policy in the ciphertext, leading to non-compact ciphertexts, i.e. ciphertext size is dependent on policy size. Explicit constructions of ABE from WE seem to appear only recently [FWW23], which built registered-ABE (RABE) and broadcast encryption (BE) from WE. Indeed, their RABE has non-compact ciphertexts due to the aforementioned obstacle, and the techniques they used for building BE do not seem to translate to an ABE for circuits. In contrast, [Wee22] and our schemes achieve compact ciphertexts. ...

Reference:

Lattice-based Multi-Authority/Client Attribute-based Encryption for Circuits
How to Use (Plain) Witness Encryption: Registered ABE, Flexible Broadcast, and More
  • Citing Chapter
  • August 2023

Lecture Notes in Computer Science

... In the Feature Articles in this issue, the research lab directors explain the aims of their respective laboratories [2][3][4]. In addition, Brent Waters, a distinguished scientist in the area of basic cryptography theory, shares his thoughts on creating a new research lab [5]. ...

Research of Cryptography & Information Security Laboratories
  • Citing Article
  • December 2019

NTT Technical Review

... We need to show that for any set of ciphertexts and any decryption key the probability that the evaluation of the decryption key, associated with a function , on the set of ciphertexts outputs ( ) + with the same probability that was sampled over Δ. schemes relies on the hardness of the general -Linear assumption [41], being still the basis of various state-of-the-art papers, e.g., [46]. It works for any choice of , including the Symmetric External Diffie-Hellman Assumption (SXDH) for = 1 and the Decisional Linear Assumption (DLIN) for = 2. ...

Batch Arguments for NP\textsf{NP} and More from Standard Bilinear Group Assumptions
  • Citing Chapter
  • October 2022

Lecture Notes in Computer Science

... Tracing vs. Watermarking. Goyal et al. [GKWW21] argue that watermarking PRFs are too weak for traitor-tracing applications since programs can easily be useful without retaining input-output behaviour on a large fraction of the input, e.g. by recovering only half of the output value, or when used as subroutines, e.g. as part of a decryption program. In these cases, the watermarking authority may not be able to extract the mark from a forged program, since extraction is only guaranteed if given complete and correct outputs of the PRF. ...

Beyond Software Watermarking: Traitor-Tracing for Pseudorandom Functions
  • Citing Chapter
  • December 2021

Lecture Notes in Computer Science

... All pairing-based cryptographic constructions are vulnerable against quantum adversaries. Currently, all plausibly post-quantum secure candidates are lattice-based, including the schemes of [DKW21,WWW22], and ours. We summarise existing lattice-based MA-ABEs in Table 1, where we also include the state-of-the-art group-based scheme of [DKW23b] for comparison. ...

Decentralized Multi-authority ABE for DNFs from LWE
  • Citing Chapter
  • June 2021

Lecture Notes in Computer Science