Reducing Trust When Trust Is Essential

Trust is unavoidable in many complex systems. As users demand more functionality and convenient access, there is often a point at which a systems designer has no choice but to ask clients to place some level of trust in one participant in the system, be it a key management server or even just the integrity of some external hardware. This is in contrast to many cryptographic functionalities that will either perform as expected, or at least remain secure, without a client having to trust anything but their own integrity. The main focus of this thesis is to conduct a thorough analysis of two settings in which trust is essential and find new dimensions in which to reduce the amount of trust the participants are asked to put in the system for it to function as expected. First, we analyze remote storage where a third party is trusted to store and do access control on a client's data. Second, we study what additional assumptions are necessary in order to circumvent impossibility of fully secure MPC without an honest majority.

[1]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[2]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[3]  C. Pandu Rangan,et al.  Round Efficient Unconditionally Secure Multiparty Computation Protocol , 2008, INDOCRYPT.

[4]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[5]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[6]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[7]  Benoît Libert,et al.  Adaptive-ID Secure Revocable Identity-Based Encryption , 2009, CT-RSA.

[8]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[9]  Daniel Wichs,et al.  Fully Leakage-Resilient Signatures , 2011, EUROCRYPT.

[10]  Birgit Pfitzmann,et al.  Information-Theoretic Pseudosignatures and Byzantine Agreement for t ≥ n/3 , 2007 .

[11]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[12]  Xiaolei Dong,et al.  Fully secure revocable attribute-based encryption , 2011 .

[13]  Brent Waters,et al.  Black-box accountable authority identity-based encryption , 2008, CCS.

[14]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[15]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[16]  Craig Gentry,et al.  Hierarchical Identity Based Encryption with Polynomially Many Levels , 2009, TCC.

[17]  MARCO CARPENTIERI A perfect threshold secret sharing scheme to identify cheaters , 1995, Des. Codes Cryptogr..

[18]  Vipul Goyal Certificate Revocation Using Fine Grained Certificate Space Partitioning , 2007, Financial Cryptography.

[19]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2009, SIAM J. Comput..

[20]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[21]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[22]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[23]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[24]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[25]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[26]  Shai Halevi,et al.  After-the-Fact Leakage in Public-Key Encryption , 2011, IACR Cryptol. ePrint Arch..

[27]  Yevgeniy Dodis,et al.  Survey: Leakage Resilience and the Bounded Retrieval Model , 2009, ICITS.

[28]  Ueli Maurer,et al.  Linear VSS and Distributed Commitments Based on Secret Sharing and Pairwise Checks , 2002, CRYPTO.

[29]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[30]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[31]  Rafail Ostrovsky,et al.  Fast Digital Identity Revocation (Extended Abstract) , 1998, CRYPTO.

[32]  Rafail Ostrovsky,et al.  Minimal Complete Primitives for Secure Multi-Party Computation , 2001, Journal of Cryptology.

[33]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[34]  S. Micali,et al.  NOVOMODO : Scalable Certificate Validation and Simplified PKI Management , 2002 .

[35]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[36]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[37]  Benoît Libert,et al.  Towards Black-Box Accountable Authority IBE with Short Ciphertexts and Private Keys , 2008, Public Key Cryptography.

[38]  Vipul Goyal,et al.  Reducing Trust in the PKG in Identity Based Cryptosystems , 2007, CRYPTO.

[39]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[40]  Satoshi Obana,et al.  t-Cheater Identifiable (k, n) Threshold Secret Sharing Schemes , 1995, CRYPTO.

[41]  Ashish Choudhury Simple and Asymptotically Optimal t-Cheater Identifiable Secret Sharing Scheme , 2011, IACR Cryptol. ePrint Arch..

[42]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[43]  Ernest F. Brickell,et al.  The Detection of Cheaters in Threshold Schemes , 1990, SIAM J. Discret. Math..

[44]  Amit Sahai,et al.  Worry-free encryption: functional encryption with public keys , 2010, CCS '10.

[45]  Ivan Damgård,et al.  Efficient Multiparty Computations Secure Against an Adaptive Adversary , 1999, EUROCRYPT.

[46]  Amit Sahai,et al.  Fully Secure Accountable-Authority Identity-Based Encryption , 2011, Public Key Cryptography.

[47]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.