| Linear maps or pairings, which are useful as well as powerful mathematical tools, play a significant role in modern cryptography, and there are numerous cryptographic schemes based on various kinds of linear maps. Linear maps used in cryptography can be categorized into two classes, bilinear maps and multilinear maps, both of which find their significant places in plenty of scenarios. From the initial usage of bilinear maps into cryptography, e.g., one round three-party Diffie-Hellman key exchange protocol and identity-based encryption (IBE) scheme, research related to bilinear maps has become one of the mainstream research subjects in modern cryptography. Besides, as a matured tool, the typical applications of bilinear maps also include attribute-based encryption (ABE) scheme, part of functional en-cryption (FE) schemes, efficient non-interactive zero-knowledge (NIZK) proofs, etc.. Al-though multilinear maps are not full-fledged enough, there are as well some applications based on this kind of promising tool, like indistinguishability obfuscation (iO), which in turn leads to plenty of other novel cryptographic schemes in recent years. Roughly speak-ing, research works with respect to linear maps include those on linear maps themselves and those on the applications of them. In this dissertation, we mainly focus on the latter.Though powerful and successful as a mathematical tool for cryptography, pairings and re-lated pairing based cryptographic schemes are not all-powerful. For instance, pairing based schemes always suffer from low efficiency since pairing operations e:G×G→GT between groups are slower than operations within groups. Therefore, a scheme without pairings is in general more efficient than its pairing based counterpart with the same functionality, making research on schemes without pairings a research direction in cryptography. And research works in this direction mainly focus on improving efficiency and reducing hardness of un-derlying assumptions. Besides, although there are quite a lot of schemes based on linear maps, still a substantial number of works need to be designed from scratch or refined from existing ones. In this dissertation, we mainly explore the applications of linear maps with two focuses on functionality and underlying assumptions. More specifically, the contribu-tions of this work are summarized as follows:(1) For verifiable computation (VC). We have proposed two FE-based verifiable com-putation schemes. Our first scheme is an inner-product encryption (IPE) based VC scheme with more desirable privacy-related features. More specifically, compared with the previous work of Parno et al. without input privacy (IP) or function privacy (FP), our Construction I achieves both of the two properties. This scheme supporting inner product functions is less expressive than those designed for general circuits, but enough for usage in reality. Our second scheme is an ABE-based VC scheme for gen-eral circuits, largely extending the scope of available delegated functions. However, as a tradeoff, the shortcoming is that bare-bones Construction Ⅱ achieves neither IP nor FP. Therefore, we have developed two methods for it to obtain (weak) IP which in turn result in two variants. Although the second variant does not achieve FP, it provides a candidate partial solution to the open problem by Ananth et al. at PKC 2014.(2) For Identity-based (Proxy) Re-encryption (IBPRE). We have proposed two identity-based (proxy) re-encryption schemes, which use similar idea, achieve analogous func-tionality, and are both established on fully homomorphic encryption (FHE) as well as identity-based re-encryption. The main difference between the two schemes is that the first one only supports single-hop re-encrypted ciphertexts while the second one is capable of supporting multi-hop re-encrypted ciphertexts. The main reasons for this situation, namely the second scheme has stronger feature than the first one, attribute to the group element X and the underlying IBE algorithms. And this makes the FHE evaluation circuit of the second scheme more complicated. Those two schemes are both very useful in a scenario where the client with limited resource can accomplish re-encryption tasks with very lightweight workload, avoiding some extra expenditure, e.g., sending some information w.r.t. her secret key to the server.(3) For Secure Multi-party Computation. We have proposed two secure three-party com-putation protocols for securely computing the area of a triangle, which do not need any pairings. In addition to this merit, the greatest advantages of them are the build-ing blocks and the underlying assumptions. On the building blocks, the two protocols completely avoid the use of oblivious transfer (OT), which is usually a fundamental (if not the most fundamental) building block in most of secure multi-party compu-tation protocols. On the underlying assumptions, our protocols rely on a very weak assumption that only supposes the existence of pseudorandom generators. At last, our simulation-based proofs also have certain innovation, which permit adaptively-chosen output of the protocol by the adversary, and then proceed to simulation.
|
PDF Full Text Request