anonymity from asymmetry new constructions for anonymous
play

Anonymity from Asymmetry: New Constructions for Anonymous HIBE - PowerPoint PPT Presentation

Dec 04, 2022 •46 likes •366 views

Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Anonymity from Asymmetry: New Constructions for Anonymous HIBE Ducas L eo, Ecole Normale Superieure, Paris February 23, 2010 Ducas L eo, Ecole Normale

  1. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Anonymity from Asymmetry: New Constructions for Anonymous HIBE Ducas L´ eo, Ecole Normale Superieure, Paris February 23, 2010 Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  2. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Plan 1 Introduction 2 Anonymous IBE Construction 3 Extension to HIBE and HVE 4 Conclusion Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  3. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion 1 Introduction 2 Anonymous IBE Construction 3 Extension to HIBE and HVE 4 Conclusion Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  4. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Identity Based Encryption IBE (Identity Based Encryption System) : any string ca be used as a public key, (knowing some public parameters) HIBE (Hierarchical Identity Based Encryption System) : Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  5. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Identity Based Encryption IBE (Identity Based Encryption System) : any string ca be used as a public key, (knowing some public parameters) corresponding private keys are derived from a master secret HIBE (Hierarchical Identity Based Encryption System) : Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  6. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Identity Based Encryption IBE (Identity Based Encryption System) : any string ca be used as a public key, (knowing some public parameters) corresponding private keys are derived from a master secret HIBE (Hierarchical Identity Based Encryption System) : Public keys are lists of strings, forming a tree Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  7. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Identity Based Encryption IBE (Identity Based Encryption System) : any string ca be used as a public key, (knowing some public parameters) corresponding private keys are derived from a master secret HIBE (Hierarchical Identity Based Encryption System) : Public keys are lists of strings, forming a tree A private key for a node allow derivation of private key for all children nodes Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  8. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Anonymity for (H)IBE Anonymity : Ciphertext should not reveal information about the public Key used to encrypt Building blocks for search on encrypted data systems. Generalizable to Hidden Vector Encryption systems. Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  9. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion (H)IBE construction using pairing Non-anonymous constructions : Boneh & Franklin [BF03] (Bilinear-DH assumption, ROM) Boneh & Boyen [BB04] a.k.a. BB 1 (Bilinear-DH assumption) Waters [Wat05] (Bilinear-DH assumption) Boneh, Boyen & Goh [BBG05] (Bilinear-DH Exponent assumption) Anonymous construction : Boyen & Waters [BW06] (linear assumption) Shi & Waters [SW08] (Composite DH assumption) Seo et al. [SKOS09] (composite DH assumption) Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  10. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Non-anonymity of BB 1 Given a bilinear map e : G × G → G t , and a generator g ∈ G . Setup Choose random α, β, γ, δ ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ . Output PP = ( g , g 1 , g 2 , h ) , mk = g α β Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  11. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Non-anonymity of BB 1 Given a bilinear map e : G × G → G t , and a generator g ∈ G . Setup Choose random α, β, γ, δ ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ . Output PP = ( g , g 1 , g 2 , h ) , mk = g α β mk · ( h I · f ) r , g r � � Extract (I) Choose random r ∈ Z p . Output d I = Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  12. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Non-anonymity of BB 1 Given a bilinear map e : G × G → G t , and a generator g ∈ G . Setup Choose random α, β, γ, δ ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ . Output PP = ( g , g 1 , g 2 , h ) , mk = g α β mk · ( h I · f ) r , g r � � Extract (I) Choose random r ∈ Z p . Output d I = Encrypt (M,I) To encrypt M ∈ G , choose s ∈ Z p and compute C = ( M · e ( g 1 , g 2 ) s , g s , ( h I · f ) s ) Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  13. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Non-anonymity of BB 1 Given a bilinear map e : G × G → G t , and a generator g ∈ G . Setup Choose random α, β, γ, δ ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ . Output PP = ( g , g 1 , g 2 , h ) , mk = g α β mk · ( h I · f ) r , g r � � Extract (I) Choose random r ∈ Z p . Output d I = Encrypt (M,I) To encrypt M ∈ G , choose s ∈ Z p and compute C = ( M · e ( g 1 , g 2 ) s , g s , ( h I · f ) s ) e ( g s , h I ′ f ) = e ( g , ( h I f ) s ) iff I = I ′ . With symmetric pairing anonymity is broken Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  14. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Contribution Tweak on BB 1 [BB04] IBE to make it provably anonymous with asymmetric pairing. Adapt to the Hierarchical version, giving also an Hidden Vector Encryption System The tweak is also applicable to [BBG05] constructions, giving efficiency trade-off alternative for anonymous HIBE. Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  15. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion 1 Introduction 2 Anonymous IBE Construction 3 Extension to HIBE and HVE 4 Conclusion Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  16. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion Assumption Given a bilinear map e : G × ˆ G → G t , and a generators g ∈ ˆ g ∈ G , ˆ G . Our assumption : For randoms a , b , c ∈ Z p and T ∈ G It is hard to distinguish between g , g a , g ab , g c , ˆ g a , ˆ g b , g abc � ∈ G 4 × ˆ G 3 × G � D N := g , ˆ g , g a , g ab , g c , ˆ g a , ˆ g b , T ∈ G 4 × ˆ G 3 × G � � D R := g , ˆ Composition of two classic assumption : decisional- BDH and decisional- XDH Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  17. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion The tweak Setup Choose random α, β, γ, δ, η ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ , t = g η and analogues g 1 = ˆ g α . . . . Output G 3 and g 2 , ˆ ∈ G 5 × ˆ � � PP = g , g 1 , h , f , t , ˆ g , ˆ h g αβ , ˆ t ) ∈ ˆ G 3 f , ˆ mk = (ˆ g 0 = ˆ Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  18. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion The tweak Setup Choose random α, β, γ, δ, η ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ , t = g η and analogues g 1 = ˆ g α . . . . Output G 3 and g 2 , ˆ ∈ G 5 × ˆ � � PP = g , g 1 , h , f , t , ˆ g , ˆ h g αβ , ˆ t ) ∈ ˆ G 3 f , ˆ mk = (ˆ g 0 = ˆ Extract (I) Choose random r , R ∈ Z p . Output � h I ˆ f ) r ˆ g R � g 0 (ˆ t R , ˆ g r , ˆ d I = ˆ Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

  19. Introduction Anonymous IBE Construction Extension to HIBE and HVE Conclusion The tweak Setup Choose random α, β, γ, δ, η ∈ Z p , set g 1 = g α , g 2 = g β , h = g γ , f = g δ , t = g η and analogues g 1 = ˆ g α . . . . Output G 3 and g 2 , ˆ ∈ G 5 × ˆ � � PP = g , g 1 , h , f , t , ˆ g , ˆ h g αβ , ˆ t ) ∈ ˆ G 3 f , ˆ mk = (ˆ g 0 = ˆ Extract (I) Choose random r , R ∈ Z p . Output � h I ˆ f ) r ˆ g R � g 0 (ˆ t R , ˆ g r , ˆ d I = ˆ Encrypt (M,I) To encrypt M ∈ G , choose s ∈ Z p and compute g 2 ) s , g s , ( h I f ) s , t s � � C = M · e ( g 1 , ˆ Ducas L´ eo, Ecole Normale Superieure, Paris Anonymity from Asymmetry: New Constructions for Anonymous HIBE

Recommend

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

438 views • 33 slides
Tokumei Anonymous Social Networking Keefer Rourke 19 October 2016 https://tokumei.co/ Prepared

Tokumei Anonymous Social Networking Keefer Rourke 19 October 2016 https://tokumei.co/ Prepared

Tokumei Anonymous Social Networking Keefer Rourke 19 October 2016 https://tokumei.co/ Prepared for the Guelph Coding Community (GCC) The Importance of Anonymity Anonymity Definition: The condition of being anonymous; having no method for

482 views • 27 slides
Anonymous Communication Martijn Terpstra & Max Tijssen Introduction 1. Definition of

Anonymous Communication Martijn Terpstra & Max Tijssen Introduction 1. Definition of

Anonymous Communication Martijn Terpstra & Max Tijssen Introduction 1. Definition of anonymity 2. Reasons 3. Problems 4. Legal issues and implications 5. PETs 6. Crowds 7. I2P Definition of anonymity The state or quality

607 views • 36 slides
for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

Anonymity Trilemma not all is lost for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 Universitaet zu Luebeck Anonymous Communication (AC) Networks

449 views • 21 slides
The Free Haven project: Distributed Anonymous Storage Service R. Dingledine (MIT), M.J.

The Free Haven project: Distributed Anonymous Storage Service R. Dingledine (MIT), M.J.

http://www.freehaven.net The Free Haven project: Distributed Anonymous Storage Service R. Dingledine (MIT), M.J. Freedman(MIT) and S. Molnar(Harvard) Proceedings of the Workshop on Design Issues in Anonymity and Unobservability, July 2000

446 views • 40 slides
Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

551 views • 44 slides
Relationships Between Broadcast and Shared Memory in Reliable Anonymous Distributed Systems

Relationships Between Broadcast and Shared Memory in Reliable Anonymous Distributed Systems

Relationships Between Broadcast and Shared Memory in Reliable Anonymous Distributed Systems James Aspnes, Yale University Faith Ellen Fich, University of Toronto Eric Ruppert, York University Anonymity Processes do not have identifiers and

773 views • 22 slides
Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is

764 views • 54 slides
Monero an anonymous altcoin Dionysis Zindros ATHECRYPT 2016 Overview Bitcoins problems

Monero an anonymous altcoin Dionysis Zindros ATHECRYPT 2016 Overview Bitcoins problems

Monero an anonymous altcoin Dionysis Zindros ATHECRYPT 2016 Overview Bitcoins problems Moneros solutions Fungibility Anonymity Unlinkability Untraceability Acknowledgments Bitcoin Genve, Universit

734 views • 52 slides
Deployed Anonymity Networks: A brief history Nick Mathewson <nickm@freehaven.net> The

Deployed Anonymity Networks: A brief history Nick Mathewson <nickm@freehaven.net> The

Deployed Anonymity Networks: A brief history Nick Mathewson <nickm@freehaven.net> The Free Haven Project This presentation About me Introduction to anonymous communication High-latency networks Low-latency networks

792 views • 39 slides
How to Bootstrap Anonymous Communication Sune K. Jakobsen 1 Claudio Orlandi 2 1 Queen Mary,

How to Bootstrap Anonymous Communication Sune K. Jakobsen 1 Claudio Orlandi 2 1 Queen Mary,

How to Bootstrap Anonymous Communication Sune K. Jakobsen 1 Claudio Orlandi 2 1 Queen Mary, University of London 2 Aarhus University January 16, 2016 How can you get anonymity? Contact a journalist or publisher, and tell them you want to be

561 views • 34 slides
Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine The Free Haven Project {nickm,arma}@freehaven.net Scope Introduction to anonymity How we got started Introduction to mix-nets

649 views • 27 slides
Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work with Ben Kreuter, Tancrde Lepoint, Mariana Raykova ia.cr/2020/072 1 Definition Anonymous tokens are lightweight, single-use anonymous credentials.

657 views • 61 slides
Alcoh oholics olics Anonymous nymous A Source ce of Hope for the Person on Suff ffering

Alcoh oholics olics Anonymous nymous A Source ce of Hope for the Person on Suff ffering

Alcoh oholics olics Anonymous nymous A Source ce of Hope for the Person on Suff ffering ering from m Alcoho oholism lism AA Area 28 CPC Committee CPC@area28aa.org Endorsed d by by Area 28 PI Committee A.A. A. Anonymity nymity

434 views • 16 slides
Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not given or known - Anonymity != Privacy != Security - Anonymity: they can see what you do, but not who you are - Privacy: they can see

379 views • 33 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides
The Wisdom of Crowds: attacks and optimal constructions George Danezis 1 Claudia Diaz 2 asper 2

The Wisdom of Crowds: attacks and optimal constructions George Danezis 1 Claudia Diaz 2 asper 2

Outline Anonymous Peer-to-Peer Routing via Crowds The Always Down-or-Up Scheme (ESORICS 08) Optimality of Crowds The Wisdom of Crowds: attacks and optimal constructions George Danezis 1 Claudia Diaz 2 asper 2 Emilia K Carmela Troncoso 2 1

357 views • 15 slides
Particle Hole Asymmetry in the Pseudogap Particle-Hole Asymmetry in the Pseudogap Phase of the

Particle Hole Asymmetry in the Pseudogap Particle-Hole Asymmetry in the Pseudogap Phase of the

Particle Hole Asymmetry in the Pseudogap Particle-Hole Asymmetry in the Pseudogap Phase of the High Tc Superconductors Peter Johnson Condensed Matter Physics and Materials Science Department BNL BNL Hvar 2008 Hvar 2008 A Cuprate Bi 2 Sr 2 Ca

425 views • 31 slides
11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008 Bitcoin is only pseudonymous Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice

821 views • 40 slides
Anonymous classes Polymorphism Anonymous classes motivation You probably have many buttons

Anonymous classes Polymorphism Anonymous classes motivation You probably have many buttons

Two cool ideas: Anonymous classes Polymorphism Anonymous classes motivation You probably have many buttons and/or menu items in your VectorGraphics project Three approaches for responding to the events from selecting those buttons /

406 views • 6 slides
12-STEP PROGRAMS Alcoholics Anonymous The Preamble Alcoholics Anonymous is a fellowship

12-STEP PROGRAMS Alcoholics Anonymous The Preamble Alcoholics Anonymous is a fellowship

12-STEP PROGRAMS Alcoholics Anonymous The Preamble Alcoholics Anonymous is a fellowship of men and women who share their experience, strength and hope with each other that they may solve their common problem and help others to recover

1.11k views • 76 slides

More recommend