Tracing Malicious Proxies in Proxy Re-encryption
Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
Traitor tracing with constant size ciphertext
Proceedings of the 15th ACM conference on Computer and communications security
Multi-use unidirectional proxy re-signatures
Proceedings of the 15th ACM conference on Computer and communications security
Identity-based mix: Anonymous communications without public key certificates
Computers and Electrical Engineering
Journal of Systems and Software
Unidirectional chosen-ciphertext secure proxy re-encryption
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
A new untraceable off-line electronic cash system
Electronic Commerce Research and Applications
Hi-index | 0.00 |
We present new formal definitions, algorithms, and motivating applications for three natural cryptographic constructions. Our constructions are based on a special type of algebraic group called bilinear groups . (1) Re-signatures. We present the first public key signature scheme where a semi-trusted proxy, given special information, can translate Alice's signature on a message into Bob's signature on the same message. The special information, however, allows nothing else, i.e., the proxy cannot translate from Bob to Alice, nor can it sign on behalf of either Alice or Bob. We show that a path through a graph can be cheaply authenticated using this scheme, with applications to electronic passports. (2) Re-encryption. We present the first public key cryptosystem where a semi-trusted proxy, given special information, can translate an encryption of a message under Alice's key into an encryption of the same message under Bob's key. Again, the special information allows nothing else, i.e. the proxy cannot translate from Bob to Alice, decrypt on behalf of either Alice or Bob, or learn anything else about the message. We apply this scheme to create a new mechanism for secure distributed storage. (3) Compact e-cash with tracing and bounded-anonymity . We present an offline e-cash system where 2ℓ coins can be stored in O(ℓ + k) bits and withdrawn or spent in O(ℓ + k) time, where k is the security parameter. The best previously known schemes required at least one of these complexities to be O(2 ℓ · k). In our system, a user's transactions are anonymous and unlinkable, unless she performs a forbidden action, such as double-spending a coin. Performing a forbidden action reveals the identity of the user, and optionally allows to trace all of her past transactions. We provide solutions without using a trusted party. We argue why features of our system are likely to be crucial to the adoption of any e-cash system. (Copies available exclusively from MIT Libraries, Rm. 14-0551, Cambridge, MA 02139-4307. Ph. 617-253-5668; Fax 617-253-1690.)