User Tools

Site Tools


Scientific Seminars on Security

Prof. Ferucio Laurențiu Țiplea (Alexandru Ioan Cuza University of Iași)

  • 10-13 April 2017 (Andreas Pfitzmann Building, TU Dresden)

Contents Summary

Complexity of Anonymity for Security Protocols​

Anonymity, as an instance of information hiding, is one of the security properties intensively studied nowadays due to its applications to various fields such as e-voting, e-commerce, e-mail, e -cash, and so on. In this talk we discuss the decidability and complexity status of the anonymity property in security protocols. We show that anonymity is undecidable for unrestricted security protocols, is NEXPTIMEcomplete for bounded security protocols, and it is NP-complete for 1-session bounded security protocols. In order to reach these objectives, an epistemic language and logic to reason about anonymity properties for security protocols under an active intruder, are provided. Agent states are endowed with facts derived from actions performed by agents in protocol executions, and an inference system is provided. To define anonymity, an observational equivalence is used, which is shown to be decidable in deterministic polynomial time.

Sharing Secrets on Boolean Circuits: Application to Key-policy Attribute-based Encryption

Attribute-based encryption (ABE) is a new paradigm in cryptography, where messages are encrypted and decryption keys are computed in accordance with a given set of attributes and an access structure on the set of attributes. There are two forms of ABE: key-policy ABE (KP-ABE) and ciphertext-policy ABE (CP-ABE). In a KP-ABE, each message is encrypted together with a set of attributes and the decryption key is computed for the entire access structure; in a CP-ABE, each message is encrypted together with an access structure while the decryption keys are given for specific sets of attributes.
In this talk two new key-policy attribute-based encryption schemes, based on secret sharing and bilinear maps, are discussed. The first scheme, based on secret sharing and just one bilinear map, is practically efficient for a subclass of Boolean circuits which includes Boolean formulas. The second scheme is based on secret sharing and chained multi-linear maps, a simpler form of leveled multi-linear maps. The scheme works for general Boolean circuits and is more efficient than the existing one based on multi-linear maps. Selective security of the two schemes in the standard model is proved.

Back to EBSIS Events section.