Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange

@article{Derler2018BloomFE,
  title={Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange},
  author={David Derler and Kai Gellert and Tibor Jager and Daniel Slamanig and Christoph Striecks},
  journal={J. Cryptol.},
  year={2018},
  volume={34},
  pages={13}
}
Forward secrecy is considered an essential design goal of modern key establishment (KE) protocols, such as TLS 1.3, for example. Furthermore, efficiency considerations such as zero round-trip time (0-RTT), where a client is able to send cryptographically protected payload data along with the very first KE message, are motivated by the practical demand for secure low-latency communication. For a long time, it was unclear whether protocols that simultaneously achieve 0-RTT and full forward… 
Fine-Grained Forward Secrecy: Allow-List/Deny-List Encryption and Applications
TLDR
DFPE significantly enhances and generalizes previous variants of PE by allowing an interleaved application of allowand deny-list operations, and presents a construction of DFPE in prime-order bilinear groups.
Puncturable Symmetric KEMs for Forward-Secret 0-RTT Key Exchange
TLDR
This work explores the possibility to achieve forward secrecy for resumed sessions in 0-RTT mode, mitigating the security risks presently adherent to it, and introduces a new primitive which is called symmetric-key key encapsulation mechanisms (S-KEMs).
Puncturable Encryption: A Generic Construction from Delegatable Fully Key-Homomorphic Encryption
TLDR
Basing on the framework, the first post-quantum secure PE instantiation that is based on the learning with errors problem, selective secure under chosen plaintext attacks (CPA) in the standard model is obtained.
Forward-Secure 0-RTT Goes Live: Implementation and Performance Analysis in QUIC
TLDR
This work provides the first concrete performance analysis of a modern 0-RTT protocol with full forward security, by integrating the Bloom Filter Encryption scheme of Derler et al. (EUROCRYPT 2018) in the Chromium QUIC implementation and comparing it to Google’s original QUIC protocol.
Construction and Security Analysis of 0-RTT Protocols
TLDR
This thesis presents the first 0-RTT session resumption protocol that indeed achieves forward security for all messages and shows that the protocol can be incorporated into the recently standardized TLS 1.3 handshake without modifications to client-side implementations.
Forward-Secure Public Key Encryption Without Key Update from Proof-of-Stake Blockchain
TLDR
This paper shows the feasibility of constructing a forward-secure PKE scheme without key update, assuming the existence of a proof-of-stake blockchain with the distinguishable forking property introduced by Goyal et al. (TCC 2017).
Practical Backward-Secure Searchable Encryption from Symmetric Puncturable Encryption
TLDR
This paper introduces a new form of symmetric encryption, named symmetric puncturable encryption (SPE), and construct a generic primitive from simple cryptographic tools, and presents a backward-secure SSE scheme that can revoke a server's searching ability on deleted data.
Hierarchical Identity-based Puncturable Encryption from Lattices with Application to Forward Security
TLDR
A new primitive called hierarchical identity-based puncturable encryption (HIBPE) is introduced that enhances the concept of PE by allowing more general key delegation and flexible key puncture and provides quantum-safe protection for secret keys from exposure in multi-level encrypted data sharing by evolving the keys with time.
CCA-Secure (Puncturable) KEMs from Encryption with Non-Negligible Decryption Errors
TLDR
This work shows how to generically transform weakly secure deterministic or randomized PKEs into CCA-secure KEMs in the (Q)ROM using variants of HHK and shows the first approach towards post-quantum secure BFKEMs generically from lattices and codes by applying the techniques to identity-based encryption (IBE) schemes with (non-)negligible correctness error.
Forward-Secure Puncturable Identity-Based Encryption for Securing Cloud Emails
TLDR
This paper formalizes a new cryptographic primitive named forward-secure puncturable identity-based encryption (fs-PIBE) for enhancing the security and privacy of cloud email systems, and proposes a concrete construction of fs-P IBE with constant size of ciphertext, to prove its security in the standard model.
...
...

References

SHOWING 1-10 OF 58 REFERENCES
0-RTT Key Exchange with Full Forward Secrecy
TLDR
0-RTT protocols are a class of KE protocols which allow a client to send cryptographically protected payload in zero round-trip time (0- RTT) along with the very first KE protocol message, thereby minimizing latency.
Forward-Secure 0-RTT Goes Live: Implementation and Performance Analysis in QUIC
TLDR
This work provides the first concrete performance analysis of a modern 0-RTT protocol with full forward security, by integrating the Bloom Filter Encryption scheme of Derler et al. (EUROCRYPT 2018) in the Chromium QUIC implementation and comparing it to Google’s original QUIC protocol.
A Forward-Secure Public-Key Encryption Scheme
TLDR
The first constructions of (non-interactive) forward-secure public-key encryption schemes are presented and the main construction achieves security against chosen-plaintext attacks in the standard model, and all parameters are poly-logarithmic in the total number of time periods.
Construction and Security Analysis of 0-RTT Protocols
TLDR
This thesis presents the first 0-RTT session resumption protocol that indeed achieves forward security for all messages and shows that the protocol can be incorporated into the recently standardized TLS 1.3 handshake without modifications to client-side implementations.
Public-Key Puncturable Encryption: Modular and Compact Constructions
TLDR
A generic construction of puncturable key encapsulation mechanism from the former by merging the idea of distributed key-distribution and revocable encryption is proposed, which gets a comparable scheme proven secure under the standard DBDH assumption, which enjoys both faster encryption and decryption than previous works based on the same assumption.
T0RTT: Non-Interactive Immediate Forward-Secret Single-Pass Circuit Construction
TLDR
Inspired by the latest advancements in zero round-trip time key exchange (0-RTT), a new CCP protocol Tor 0- RTT (T0RTT) is presented, which uses modern cryptographic primitives such as puncturable encryption to achieve immediate forward secrecy using only 𝒪(n) messages.
Session Resumption Protocols and Efficient Forward Security for TLS 1.3 0-RTT
TLDR
This paper gives a new generic construction that provably provides forward security and replay resilience, based on puncturable pseudorandom functions (PPRFs), and describes two new constructions of PPRFs which are particularly suitable for use for forward-secure and replay-resilient session resumption in TLS 1.3.
Fully Secure Attribute-Based Systems with Short Ciphertexts/Signatures and Threshold Access Structures
TLDR
This paper aims to achieve both full security and short ciphertexts/signatures for threshold access structures in the ABE/ABS setting, and proposes generic property-preserving conversions from inner-product systems to attribute-based systems.
Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions
  • Brent Waters
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2009
TLDR
This work presents a new methodology for proving security of encryption systems using what it calls Dual System Encryption, and defines semi-functional keys and ciphertexts, which are the first HIBE system and the first IBE system with short parameters under simple assumptions.
Chosen-Ciphertext Security from Identity-Based Encryption
TLDR
This work proposes a simple and efficient construction of a CCA-secure public-key encryption scheme from any CPA-secure identity-based encryption (IBE) scheme, which avoids non-interactive proofs of “well-formedness” which were shown to underlie most previous constructions.
...
...