Traceable Group Encryption

Group encryption GE is the encryption analogue of group signatures. It allows a sender to verifiably encrypt a message for some certified but anonymous member of a group. The sender is further able to convince a verifier that the ciphertext is a well-formed encryption under some group member's public key. As in group signatures, an opening authority is empowered with the capability of identifying the receiver if the need arises. One application of such a scheme is secure repository at an unknown but authorized cloud server, where the archive is made accessible by a judge order in the case of misbehavior, like a server hosting illegal transaction records this is done in order to balance individual rights and society's safety. In this work we describe Traceable GE system, a group encryption with refined tracing capabilities akin to those of the primitive of "traceable signatures" thus, balancing better privacy vs. safety. Our primitive enjoys the properties of group encryption, and, in addition, it allows the opening authority to reveal a user-specific trapdoor which makes it possible to publicly trace all the ciphertexts encrypted for that user without harming the anonymity of other ciphertexts. In addition, group members are able to non-interactively prove that specific ciphertexts are intended for them or not. This work provides rigorous definitions, concrete constructions in the standard model, and security proofs.

[1]  Tal Rabin Advances in Cryptology - CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 2010. Proceedings , 2010, CRYPTO.

[2]  Douglas Wikström,et al.  Hierarchical Group Signatures , 2005, ICALP.

[3]  Charanjit S. Jutla,et al.  Relatively-Sound NIZKs and Password-Based Key-Exchange , 2012, IACR Cryptol. ePrint Arch..

[4]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, Journal of Cryptology.

[5]  David Pointcheval,et al.  Mediated Traceable Anonymous Encryption , 2010, LATINCRYPT.

[6]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[7]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[8]  Eike Kiltz,et al.  Chosen-Ciphertext Security from Tag-Based Encryption , 2006, TCC.

[9]  R Hakkert,et al.  Buenos Aires , 2011 .

[10]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[11]  Hugo Krawczyk,et al.  Chameleon Signatures , 2000, NDSS.

[12]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[13]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[14]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[15]  Randy Moore,et al.  Thanks … , 2019, Witcraft.

[16]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[17]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[18]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[19]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[20]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[21]  Mihir Bellare,et al.  Simulation without the Artificial Abort: Simplified Proof and Improved Concrete Security for Waters' IBE Scheme , 2009, EUROCRYPT.

[22]  Hovav Shacham,et al.  Pairing-Based Cryptography - Pairing 2009, Third International Conference, Palo Alto, CA, USA, August 12-14, 2009, Proceedings , 2009, Pairing.

[23]  Moti Yung,et al.  Group Encryption: Non-interactive Realization in the Standard Model , 2009, ASIACRYPT.

[24]  Robert H. Deng,et al.  Variations of Diffie-Hellman Problem , 2003, ICICS.

[25]  Moti Yung,et al.  Efficient traceable signatures in the standard model , 2009, Theor. Comput. Sci..

[26]  Jorge Luis Villar,et al.  An Algebraic Framework for Diffie–Hellman Assumptions , 2015, Journal of Cryptology.

[27]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[28]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[29]  Paulo S. L. M. Barreto,et al.  Progress in Cryptology - LATINCRYPT 2010, First International Conference on Cryptology and Information Security in Latin America, Puebla, Mexico, August 8-11, 2010, Proceedings , 2010, LATINCRYPT.

[30]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[31]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[32]  Yehuda Lindell,et al.  More Efficient Constant-Round Multi-Party Computation from BMR and SHE , 2016, IACR Cryptol. ePrint Arch..

[33]  Marc Joye,et al.  Toward Practical Group Encryption , 2013, ACNS.

[34]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[35]  Moti Yung,et al.  Fair Traceable Multi-Group Signatures , 2008, Financial Cryptography.

[36]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[37]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[38]  Masayuki Abe,et al.  Signing on Elements in Bilinear Groups for Modular Protocol Design , 2010, IACR Cryptol. ePrint Arch..

[39]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[40]  Jens Groth,et al.  Fully Anonymous Group Signatures without Random Oracles , 2007, IACR Cryptol. ePrint Arch..

[41]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[42]  Yi Mu,et al.  Publicly Verifiable Privacy-Preserving Group Decryption , 2009, Inscrypt.

[43]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[44]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[45]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[46]  Jens Groth,et al.  Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups , 2011, CRYPTO.

[47]  Sherman S. M. Chow Real Traceable Signatures , 2009, Selected Areas in Cryptography.

[48]  Charanjit S. Jutla,et al.  Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces , 2013, Journal of Cryptology.

[49]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[50]  Moti Yung,et al.  Signatures Resilient to Continual Leakage on Memory and Computation , 2011, IACR Cryptol. ePrint Arch..

[51]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[52]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[53]  Aggelos Kiayias,et al.  Group Encryption , 2007, ASIACRYPT.

[54]  Shai Halevi A sufficient condition for key-privacy , 2005, IACR Cryptol. ePrint Arch..

[55]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[56]  Kaoru Kurosawa,et al.  Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings , 2007, International Conference on the Theory and Application of Cryptology and Information Security.

[57]  Moti Yung,et al.  Non-interactive CCA-Secure Threshold Cryptosystems with Adaptive Security: New Framework and Constructions , 2012, TCC.

[58]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[59]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.