Graded Encryption, or How to Play "Who Wants To Be A Millionaire?" Distributively

Aggelos Kiayias; Murat Osmanoglu; Qiang Tang

doi:10.1007/978-3-319-13257-0_22

Graded Encryption, or How to Play "Who Wants To Be A Millionaire?" Distributively

Aggelos Kiayias, Murat Osmanoglu, Qiang Tang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We propose a new identity-based cryptographic primitive which we call graded encryption. In a graded encryption scheme, there is one central (mostly offline) authority and a number of sub-authorities holding master keys that correspond to different levels. As in identity-based encryption, a sender can encrypt a message using only the identity of the receiver (plus public parameters) but it may also specify a numerical grade i. Users may decrypt messages directed to their identity at grade i as long as they have executed a key-upgrade protocol with sub-authorities 1,…,i. We require a grade i ciphertext to be secure in a strong sense: as long as there is one sub-authority with index j ≤ i that is not corrupted, the plaintext should be hidden from any recipient that has not properly upgraded her identity.

Graded encryption is motivated by multi-stage games (e.g., “who wants to be a millionaire”) played in a distributed fashion. Players unlock ciphertexts that belong to a certain stage i only if they have met all challenges posed by sub-authorities {1,…,i }. This holds true even if players collaborate with some of the sub-authorities. We give an efficient construction that has secret key and ciphertext size of a constant number of group elements. We also demonstrate further applications of graded encryption such as proving that a certain path was followed in a graph.

Original language	English
Title of host publication	Information Security
Subtitle of host publication	17th International Conference, ISC 2014, Hong Kong, China, October 12-14, 2014. Proceedings. Lecture Notes in Computer Science 8783, Springer 2014
Publisher	Springer
Pages	377-387
Number of pages	11
ISBN (Electronic)	978-3-319-13257-0
ISBN (Print)	978-3-319-13256-3
DOIs	https://doi.org/10.1007/978-3-319-13257-0_22 https://doi.org/10.1007/978-3-319-13257-0_22
Publication status	Published - 2014

Publication series

Name	Lecture Notes in Computer Science (LNCS)
Publisher	Springer International Publishing
Volume	8783
ISSN (Print)	0302-9743

Access to Document

Cite this

Kiayias, A., Osmanoglu, M., & Tang, Q. (2014). Graded Encryption, or How to Play "Who Wants To Be A Millionaire?" Distributively. In Information Security: 17th International Conference, ISC 2014, Hong Kong, China, October 12-14, 2014. Proceedings. Lecture Notes in Computer Science 8783, Springer 2014 (pp. 377-387). (Lecture Notes in Computer Science (LNCS); Vol. 8783). Springer. https://doi.org/10.1007/978-3-319-13257-0_22, https://doi.org/10.1007/978-3-319-13257-0_22

Kiayias, Aggelos ; Osmanoglu, Murat ; Tang, Qiang. / Graded Encryption, or How to Play "Who Wants To Be A Millionaire?" Distributively. Information Security: 17th International Conference, ISC 2014, Hong Kong, China, October 12-14, 2014. Proceedings. Lecture Notes in Computer Science 8783, Springer 2014. Springer, 2014. pp. 377-387 (Lecture Notes in Computer Science (LNCS)).

@inproceedings{a1b057b164d841338b952fff830ea02a,

title = "Graded Encryption, or How to Play {"}Who Wants To Be A Millionaire?{"} Distributively",

abstract = "We propose a new identity-based cryptographic primitive which we call graded encryption. In a graded encryption scheme, there is one central (mostly offline) authority and a number of sub-authorities holding master keys that correspond to different levels. As in identity-based encryption, a sender can encrypt a message using only the identity of the receiver (plus public parameters) but it may also specify a numerical grade i. Users may decrypt messages directed to their identity at grade i as long as they have executed a key-upgrade protocol with sub-authorities 1,…,i. We require a grade i ciphertext to be secure in a strong sense: as long as there is one sub-authority with index j ≤ i that is not corrupted, the plaintext should be hidden from any recipient that has not properly upgraded her identity.Graded encryption is motivated by multi-stage games (e.g., “who wants to be a millionaire”) played in a distributed fashion. Players unlock ciphertexts that belong to a certain stage i only if they have met all challenges posed by sub-authorities {1,…,i }. This holds true even if players collaborate with some of the sub-authorities. We give an efficient construction that has secret key and ciphertext size of a constant number of group elements. We also demonstrate further applications of graded encryption such as proving that a certain path was followed in a graph.",

author = "Aggelos Kiayias and Murat Osmanoglu and Qiang Tang",

year = "2014",

doi = "10.1007/978-3-319-13257-0_22",

language = "English",

isbn = "978-3-319-13256-3",

series = "Lecture Notes in Computer Science (LNCS)",

publisher = "Springer",

pages = "377--387",

booktitle = "Information Security",

address = "United Kingdom",

}

Kiayias, A, Osmanoglu, M & Tang, Q 2014, Graded Encryption, or How to Play "Who Wants To Be A Millionaire?" Distributively. in Information Security: 17th International Conference, ISC 2014, Hong Kong, China, October 12-14, 2014. Proceedings. Lecture Notes in Computer Science 8783, Springer 2014. Lecture Notes in Computer Science (LNCS), vol. 8783, Springer, pp. 377-387. https://doi.org/10.1007/978-3-319-13257-0_22, https://doi.org/10.1007/978-3-319-13257-0_22

Graded Encryption, or How to Play "Who Wants To Be A Millionaire?" Distributively. / Kiayias, Aggelos; Osmanoglu, Murat; Tang, Qiang.
Information Security: 17th International Conference, ISC 2014, Hong Kong, China, October 12-14, 2014. Proceedings. Lecture Notes in Computer Science 8783, Springer 2014. Springer, 2014. p. 377-387 (Lecture Notes in Computer Science (LNCS); Vol. 8783).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Graded Encryption, or How to Play "Who Wants To Be A Millionaire?" Distributively

AU - Kiayias, Aggelos

AU - Osmanoglu, Murat

AU - Tang, Qiang

PY - 2014

Y1 - 2014

N2 - We propose a new identity-based cryptographic primitive which we call graded encryption. In a graded encryption scheme, there is one central (mostly offline) authority and a number of sub-authorities holding master keys that correspond to different levels. As in identity-based encryption, a sender can encrypt a message using only the identity of the receiver (plus public parameters) but it may also specify a numerical grade i. Users may decrypt messages directed to their identity at grade i as long as they have executed a key-upgrade protocol with sub-authorities 1,…,i. We require a grade i ciphertext to be secure in a strong sense: as long as there is one sub-authority with index j ≤ i that is not corrupted, the plaintext should be hidden from any recipient that has not properly upgraded her identity.Graded encryption is motivated by multi-stage games (e.g., “who wants to be a millionaire”) played in a distributed fashion. Players unlock ciphertexts that belong to a certain stage i only if they have met all challenges posed by sub-authorities {1,…,i }. This holds true even if players collaborate with some of the sub-authorities. We give an efficient construction that has secret key and ciphertext size of a constant number of group elements. We also demonstrate further applications of graded encryption such as proving that a certain path was followed in a graph.

AB - We propose a new identity-based cryptographic primitive which we call graded encryption. In a graded encryption scheme, there is one central (mostly offline) authority and a number of sub-authorities holding master keys that correspond to different levels. As in identity-based encryption, a sender can encrypt a message using only the identity of the receiver (plus public parameters) but it may also specify a numerical grade i. Users may decrypt messages directed to their identity at grade i as long as they have executed a key-upgrade protocol with sub-authorities 1,…,i. We require a grade i ciphertext to be secure in a strong sense: as long as there is one sub-authority with index j ≤ i that is not corrupted, the plaintext should be hidden from any recipient that has not properly upgraded her identity.Graded encryption is motivated by multi-stage games (e.g., “who wants to be a millionaire”) played in a distributed fashion. Players unlock ciphertexts that belong to a certain stage i only if they have met all challenges posed by sub-authorities {1,…,i }. This holds true even if players collaborate with some of the sub-authorities. We give an efficient construction that has secret key and ciphertext size of a constant number of group elements. We also demonstrate further applications of graded encryption such as proving that a certain path was followed in a graph.

U2 - 10.1007/978-3-319-13257-0_22

DO - 10.1007/978-3-319-13257-0_22

M3 - Conference contribution

SN - 978-3-319-13256-3

T3 - Lecture Notes in Computer Science (LNCS)

SP - 377

EP - 387

BT - Information Security

PB - Springer

ER -

Kiayias A, Osmanoglu M, Tang Q. Graded Encryption, or How to Play "Who Wants To Be A Millionaire?" Distributively. In Information Security: 17th International Conference, ISC 2014, Hong Kong, China, October 12-14, 2014. Proceedings. Lecture Notes in Computer Science 8783, Springer 2014. Springer. 2014. p. 377-387. (Lecture Notes in Computer Science (LNCS)). doi: 10.1007/978-3-319-13257-0_22, 10.1007/978-3-319-13257-0_22

Graded Encryption, or How to Play "Who Wants To Be A Millionaire?" Distributively

Abstract

Publication series

Access to Document

Fingerprint

Cite this