The Fuchsbauer, Kiltz, and Loss (Crypto 2018) claim that (some) hardness results in the algebraic group model imply the same hardness results in the generic group model was recently called into question by Katz, Zhang, and Zhou (Asiacrypt 2022). ...

The KHAPE-HMQV protocol is a state-of-the-art highly efficient asymmetric password-authenticated key exchange protocol that provides several desirable security properties, but has the drawback of being vulnerable to quantum adversaries due to its ...

Attribute-based encryption (ABE) enables fine-grained access control on encrypted data and has a large number of practical applications. This paper presents FABEO: faster pairing-based ciphertext-policy and key-policy ABE schemes that support expressive ...

Attribute-based encryption (ABE) is a cryptographic primitive which supports fine-grained access control on encrypted data, making it an appealing building block for many applications. In this paper, we propose, implement, and evaluate fully automated ...

Homomorphic encryption is a form of encryption that allows computations to be carried out on ciphertext and generate an encrypted result which, when decrypted, matches the result of operations performed on the plaintexts. The feature of homomorphic ...

Recent work on structure‐preserving signatures (SPS) studies optimality of these schemes in terms of the number of group elements needed in the verification key and the signature, and the number of pairing‐product equations in the verification algorithm. ...

Leakage-resilient cryptography aims at capturing side-channel attacks within the provable security framework. Currently there exists a plethora of schemes with provably secure guarantees against a variety of side-channel attacks. However, meeting the ...

Structure preservation captures the notion of pairing-based schemes that rely on generic group operations and where the components are group elements. Their structural properties make it easy to compose them with other pairing-based schemes.

In this ...

Structure-preserving signatures are signatures defined over bilinear groups that rely on generic group operations. In particular, the messages and signatures consist of group elements and the verification of signatures consists of evaluating pairing ...

It is known that there exists a reduction from the CCA1- security of Damgård's Elgamal (DEG) cryptosystem to what we call the ddh^dsdh assumption. We show that ddh^dsdh is unnecessary for DEG- CCA1, while DDH is insufficient for DEG-CCA1. We also show ...

Efficient zero-knowledge proofs of knowledge for group homomorphisms are essential for numerous systems in applied cryptography. Especially, Σ-protocols for proving knowledge of discrete logarithms in known and hidden order groups are of prime ...