| Bilinear pairing has recently become an important constructive tool in cryptography. It is widely exploited for devising cryptographic systems previously difficult in the context of large integer factorization and discrete logarithm or improving the existing schemes. This thesis further investigates in this area and focuses on pairng-based group cryptosysems with the following main contributions in group signature, group decryption and group key exchange.We propose an extremely short group signature proven secure in the standard model. The security proofs adopt a stronger group signature definition in the universally composable model so that the proofs work not only when soly implemented but also when composed with other secure primitives. Compared with the state-of-the-art of group signatures without random oracles which are constructed from pairings, for a mid-scale group, our signature in size is only one fourteenth of the Boyen-Waters scheme in Eurocrypt 2007, and about half of the very recent random-oracle-free group signature due to Ateniese et al., approximate long as a normal RSA signature.We introduce the notion of group decryption and realize the first implementation from pairings. Anonymity is one of the main concerns in group cryptography. However, most efforts, for instance, group signatures and ring signatures, are only made to provide anonymity on the sender's point of view. There is only few work done to ensure anonymity in a cryptographic sense on the recipient's point of view. We and three cryptographers, i.e., Kiayias, Tsiounis and Yung, independently formalize similiar notions of group decryption/encryption, which can be viewed as an analog of group signature in the context of encryptions where a sender can encrypt a committed message intended to any member of a group, managed by a group manager, while the recipient of the ciphertext remains anonymous. The sender can convince a verifier about this fact without leaking the plaintext or the identity of the recipient. If required, the group manager can verifiably open the identity of the recipient. We propose an efficient group decryption scheme that is proven secure in the random oracle model. The overhead in both computation and communication is independent of the group size.We present the first one-round asymmetric group key exchange protocol. We first revisit the GKE definition and distinguish the conventional (symmetric) group key exchange from asymmetric group key exchange (ASGKE) protocols, and propose a generic construction of one-round static ASGKEs by exploiting a new cryptographic primitive referred to as signature-based encryption of independent interest. We instantiate efficient signature-based encryption and one-round ASGKE schemes relying on our short signature converted from the ElGamal ecrypiton in the context of pairings.Signature-based encryption can also be used as a scalable broadcast or conference key distributing scheme, while one-round ASGKE can be used a broadcast scheme in ad hoc settings without a trusted party, which addresses the key-escrow problem in existing broadcast systems.
|
PDF Full Text Request