Identity-based cryptosystems and signature schemes
Proceedings of CRYPTO 84 on Advances in cryptology
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
Invariant Signatures and Non-Interactive Zero-Knowledge Proofs are Equivalent (Extended Abstract)
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
On the Existence of 3-Round Zero-Knowledge Protocols
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
On the Complexity of Constant Round ZKIP of Possession of Knowledge
ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
Priced Oblivious Transfer: How to Sell Digital Goods
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
An Identity Based Encryption Scheme Based on Quadratic Residues
Proceedings of the 8th IMA International Conference on Cryptography and Coding
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Computational Complexity: A Conceptual Perspective
Computational Complexity: A Conceptual Perspective
How to generate and exchange secrets
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Random self-reducibility and zero knowledge interactive proofs of possession of information
SFCS '87 Proceedings of the 28th Annual Symposium on Foundations of Computer Science
An equivalence between zero knowledge and commitments
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Interactive and noninteractive zero knowledge are equivalent in the help model
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Secret-sharing schemes: a survey
IWCC'11 Proceedings of the Third international conference on Coding and cryptology
Efficient identity-based encryption without random oracles
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Fuzzy identity-based encryption
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Bonsai trees, or how to delegate a lattice basis
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Efficient lattice (H)IBE in the standard model
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Perfect non-interactive zero knowledge for NP
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Resettable statistical zero knowledge
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
New directions in cryptography
IEEE Transactions on Information Theory
A characterization of non-interactive instance-dependent commitment-schemes (NIC)
ICALP'07 Proceedings of the 34th international conference on Automata, Languages and Programming
Attribute-based encryption for circuits
Proceedings of the forty-fifth annual ACM symposium on Theory of computing
| Hi-index | 0.00 |
We put forth the concept of witness encryption. A witness encryption scheme is defined for an NP language L (with corresponding witness relation R). In such a scheme, a user can encrypt a message M to a particular problem instance x to produce a ciphertext. A recipient of a ciphertext is able to decrypt the message if x is in the language and the recipient knows a witness w where R(x,w) holds. However, if x is not in the language, then no polynomial-time attacker can distinguish between encryptions of any two equal length messages. We emphasize that the encrypter himself may have no idea whether $x$ is actually in the language. Our contributions in this paper are threefold. First, we introduce and formally define witness encryption. Second, we show how to build several cryptographic primitives from witness encryption. Finally, we give a candidate construction based on the NP-complete Exact Cover problem and Garg, Gentry, and Halevi's recent construction of "approximate" multilinear maps. Our method for witness encryption also yields the first candidate construction for an open problem posed by Rudich in 1989: constructing computational secret sharing schemes for an NP-complete access structure.