Article

The dual receiver cryptosystem and its applications

Authors:

Theodore Diament,

Angelos D. Keromytis,

Moti YungAuthors Info & Claims

CCS '04: Proceedings of the 11th ACM conference on Computer and communications security

Pages 330 - 343

https://doi.org/10.1145/1030083.1030128

Published: 25 October 2004 Publication History

Abstract

We put forth the notion of a dual receiver cryptosystem and implement it based on bilinear pairings over certain elliptic curve groups. The cryptosystem is simple and efficient yet powerful, as it solves two problems of practical importance whose solutions have proven to be elusive before:(1) A provably secure "combined" public-key cryptosystem (with a single secret key per user in space-limited environment) where the key is used for both decryption and signing and where encryption can be escrowed and recovered, while the signature capability never leaves its owner. This is an open problem proposed by the work of Haber and Pinkas. (2) A puzzle is a method for rate-limiting remote users by forcing them to solve a computational task (the puzzle). Puzzles have been based on cryptographic challenges in the past, but the successful design of embedding a useful cryptographic task inside a puzzle, originally posed by Dwork and Naor, remained an open problem till today. We model and present "useful security puzzles" applicable in two scenarios: a secure fileserver, and an online transaction server (such as a webserver).

References

[1]

M. Abadi, M. Burrow, M. Manasse, and T. Wobber. Moderately Hard, Memory-bound Functions. In Proceedings of the ISOC Symposium on Network and Distributed Systems Security (SNDSS), February 2003.]]

[2]

B. Aiello, S. Bellovin, M. Blaze, R. Canetti, J. Ioannidis, A. Keromytis, and O. Reingold. Efficient, dos-resistant secure key exchange for internet protocols. In ACM Computers and Communications Security conference (CCS), 2002.]]

Digital Library

[3]

D. Andersen, H. Balakrishnan, M. Kaashoek, and R. Morris. Resilient Overlay Networks. In Proceedings of the 18th Symposium on Operating Systems Principles (SOSP), October 2001.]]

Digital Library

[4]

T. Aura and P. Nikander. Stateless connections. In Proceedings of International Conferenec on Information and Communications Security (ICICS), Lecture Notes in Computer Science volume 1334, pages 87--97. Springer, November 1997.]]

Digital Library

[5]

A. Back. Hashcash - A Denial of Service Counter-Measure. http://www.cypherspace.org/hashcash/hashcash.pdf, August 2002.]]

[6]

D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. In J. Kilian, editor, Advances in Cryptology | CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 213--229. Springer-Verlag, 2001.]]

Digital Library

[7]

D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing. In C. Boyd, editor, Advances in Cryptology | ASIACRYPT 2001, volume 2248 of Lecture Notes in Computer Science, pages 514--532. Springer-Verlag, 2001.]]

Digital Library

[8]

D. Boneh and M. Naor. Timed Commitments (Extended Abstract). In Proceedings of CRYPTO, pages 236--254, August 2000.]]

Digital Library

[9]

D. Dean and A. Stubblefield. Using Client Puzzles to Protect TLS. In Proceedings of the 10th USENIX UNIX Security Symposium, August 2001.]]

Digital Library

[10]

W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Trans. on Information Theory, IT-22(6):644--654, Nov. 1976.]]

Digital Library

[11]

C. Dwork and M. Naor. Pricing via Processing, or Combating Junk Mail. In Proceedings of CRYPTO, pages 139--147, August 1992.]]

Digital Library

[12]

P. Fouque and D. Pointcheval. Thrshold cryptosystems secure against chosen-ciphertext attacks. In C. Boyd, editor, Advances in Cryptology | ASIACRYPT 2001, volume 2248 of Lecture Notes in Computer Science, pages 351--368. Springer-Verlag, 2001.]]

Digital Library

[13]

Y. Frankel and M. Yung. Escrow encryption systems visited: attacks, analysis and designs. In D. Coppersmith, editor, Advances in Cryptology | CRYPTO 1995, volume 963 of Lecture Notes in Computer Science, pages 222--235. Springer-Verlag, 1995.]]

Digital Library

[14]

G. Frey, M. Müller, and H.-G. R. uck. The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems. IEEE Transactions on Information Theory, 45(5):1717--1719, 1999.]]

Digital Library

[15]

S. D. Galbraith, K. Harrison, and D. Soldera. Implementing the Tate pairing. In C. Fieker and D. R. Kohel, editors, Proc. Algorithmic Number Theory, 5th International Symposium (ANTS-V), volume 2369 of Lecture Notes in Computer Science, pages 324--337. Springer-Verlag, 2002.]]

Digital Library

[16]

J. A. Garay and M. Jakobsson. Timed Release of Standard Digital Signatures. In Proceedings of the 6th Conference on Financial Cryptography, pages 168--182, February 2002.]]

Digital Library

[17]

C. Gentry and A. Silverberg. Hierarchical ID-based cryptography. In Y. Zheng, editor, Advances in Cryptology | ASIACRYPT 2002, volume 2501 of Lecture Notes in Computer Science, pages 548--566. Springer-Verlag, 2002.]]

Digital Library

[18]

V. D. Gligor. Guaranteeing Access in Spite of Distributed Service-Flooding Attacks. In Proceedings of the Security Protocols Workshop, April 2003.]]

[19]

S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270--299, Apr. 1984.]]

[20]

S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281--308, Apr. 1988.]]

Digital Library

[21]

S. Haber and B. Pinkas. Securely combining public-key cryptosystems. In P. Samarti, editor, Proc. 8th ACM Conference on Computer and Communications Security, pages 215--224. ACM Press, 2001.]]

Digital Library

[22]

D. Harkins and D. Carrel. The Internet Key Exchange (IKE). Request for Comments (Proposed Standard) 2409, Internet Engineering Task Force, Nov. 1998.]]

Digital Library

[23]

L. Heberlein and M. Bishop. Attack Class: Address Spoofing. In Proceedings of the 19th National Information Systems Security Conference, pages 371--377, October 1996.]]

[24]

S. Hirose and K. Matsuura. Enhancing the resistance of a provably secure key agreement protocol to a denial-of-service attack. In Proceedings of the 2nd International Conference on Information and Communication Security (ICICS), pages 169--182, November 1999.]]

Digital Library

[25]

K. Houle, G. Weaver, N. Long, and R. Thomas. Trends in Denial of Service Attack Technology. http://www.cert.org/archive/pdf/DoS_trends.pdf, October 2001.]]

[26]

M. Jakobsson and A. Juels. Proofs of Work and Bread Pudding Protocols. In Proceedings of the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security, September 1999.]]

Digital Library

[27]

P. Janson, G. Tsudik, and M. Yung. Scalability and flexibility in authentication services: the KryptoKnight approach. In Proceedings of IEEE INFOCOM, pages 725--736, April 1997.]]

Digital Library

[28]

A. Joux. A one-round protocol for tripartite Diffie-Hellman. In W. Bosma, editor, Proc. Algorithmic Number Theory, 4th International Symposium (ANTS-IV), volume 1838 of Lecture Notes in Computer Science, pages 385--394. Springer-Verlag, 2000.]]

Digital Library

[29]

A. Joux. The Weil and Tate pairings as building blocks for public key cryptosystems. In C. Fieker and D. R. Kohel, editors, Proc. Algorithmic Number Theory, 5th International Symposium (ANTS-V), volume 2369 of Lecture Notes in Computer Science, pages 20--32. Springer-Verlag, 2002.]]

Digital Library

[30]

A. Joux and K. Nguyen. Separating Decision Diffie-Hellman from Diffie-Hellman in cryptographic groups. Manuscript. Available from eprint.iacr.org, 2001.]]

[31]

A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proceedings of the ISOC Symposium on Network and Distributed Systems Security (SNDSS), pages 151--165, February 1999.]]

[32]

P. Karn and W. Simpson. Photuris: Session-key management protocol. Request for Comments (Experimental) 2522, Internet Engineering Task Force, Mar. 1999.]]

Digital Library

[33]

C. Kaufman, R. Perlman, and M. Speciner. Network Security, 2nd Edition. Prentice Hall, 2002.]]

[34]

A. D. Keromytis, V. Misra, and D. Rubenstein. SOS: Secure Overlay Services. In Proceedings of ACM SIGCOMM, pages 61--72, August 2002.]]

Digital Library

[35]

J. Leiwo, P. Nikander, and T. Aura. Towards network denial of service resistant protocols. In Proceedings of the 15th International Information Security Conference (IFIP/SEC), August 2000.]]

Digital Library

[36]

J. Lemmon. Resisting SYN-flood DoS Attacks with a SYN Cache. In Proceedings of the USENIX BSD Conference (BSDCon), February 2001.]]

Digital Library

[37]

M. Naor and M. Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In Proc. 22nd Annual ACM Symposium on Theory of Computing (STOC), volume 547 of Lecture Notes in Computer Science, pages 427--437. Springer-Verlag, 1990.]]

Digital Library

[38]

T. Okamoto and D. Pointcheval. REACT: Rapid enhanced-security asymmetric cryptosystem transform. In B. Preneel, editor, Topics in Cryptology | CT-RSA 2002, volume 2271 of Lecture Notes in Computer Science, pages 159--175. Springer-Verlag, 2002.]]

Digital Library

[39]

R. Oppliger. Protecting key exchange and management protocols against resource clogging attacks. In Proceedings of the IFIP TC6 and TC11 Joint Working Conference on Communications and Multimedia Security (CMS), pages 163--175, September 1999.]]

Digital Library

[40]

B. Pinkas. Personal communication.]]

[41]

C. Racko and D. R. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In J. Feigenbaum, editor, Advances in Cryptology | CRYPTO 1991, volume 576 of Lecture Notes in Computer Science, pages 433--444. Springer-Verlag, 1991.]]

Digital Library

[42]

R. Rivest and A. Shamir. PayWord and MicroMint. CryptoBytes, 2(1):7--11, 1996.]]

[43]

R. L. Rivest, A. Shamir, and D. A. Wagner. Time-lock Puzzles and Timed-release Crypto. Technical Report MIT/LCS/TR-684, MIT, 1996.]]

Digital Library

[44]

K. Rubin and A. Silverberg. Supersingular abelian varieties in cryptography. In M. Yung, editor, Advances in Cryptology | CRYPTO 2002, volume 2442 of Lecture Notes in Computer Science, pages 336--353. Springer-Verlag, 2002.]]

Digital Library

[45]

C. Schuba, I. Krsul, M. Kuhn, E. Spafford, A. Sundaram, and D. Zamboni. Analysis of a Denial of Service Attack on TCP. In IEEE Security and Privacy Conference, pages 208--223, May 1997.]]

Digital Library

[46]

E. R. Verheul. Evidence that XTR is more secure than supersingluar elliptic curve cryptosystems. In B. Pfizmann, editor, Advances in Cryptology | EUROCRYPT 2001, volume 2045 of Lecture Notes in Computer Science, pages 195--210. Springer-Verlag, 2001.]]

Digital Library

[47]

X. Wang and M. K. Reiter. Defending Against Denial-of-Service Attacks with Puzzle Auctions (Extended Abstract). In Proceedings of the IEEE Symposium on Security and Privacy, May 2003.]]

Digital Library

[48]

A. D. Wood and J. A. Stankovic. Denial of Service in Sensor Networks. IEEE Computer, 35(10):54--62, Oct. 2002.]]

Digital Library

[49]

A. Yaar, A. Perrig, and D. Song. SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks. In Proceedings of the IEEE Security and Privacy Symposium, May 2004.]]

Cited By

Abouelkheir EEl-Sherbiny S(2024)A Pairing Free Provable Public Key Dual Receiver Encryption SchemeIEEE Access10.1109/ACCESS.2024.338888812(55918-55924)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3388888
Abouelkheir E(2024)Efficient provable dual receiver hybrid and light weight public key schemes based on the discrete logarithm problem without pairingsIET Communications10.1049/cmu2.12836Online publication date: 18-Sep-2024
https://doi.org/10.1049/cmu2.12836
Benz LBeskorovajnov WEilebrecht SGröll RMüller MMüller-Quade J(2024)Chosen-Ciphertext Secure Dual-Receiver Encryption in the Standard Model Based on Post-quantum AssumptionsPublic-Key Cryptography – PKC 202410.1007/978-3-031-57728-4_9(257-288)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57728-4_9
Show More Cited By

Index Terms

The dual receiver cryptosystem and its applications
1. Security and privacy

Recommendations

A Key Escrow-Free Identity-Based Signature Scheme without using Secure Channel

Over the years, several identity-based signature schemes using bilinear pairings have been proposed, but most of them suffer from key escrow problems and require a secure channel during the private key issuance stage. In this paper, we present an ...
Simulatability and security of certificateless threshold signatures

We analyze the relationship between the notion of certificateless public key cryptography (CL-PKC) and identity-based schemes without a trusted private key generator (PKG), formally define the security of certificateless threshold signatures, and propose ...
Effort-release public-key encryption from cryptographic puzzles
ACISP'12: Proceedings of the 17th Australasian conference on Information Security and Privacy

Timed-release cryptography addresses the problem of "sending messages into the future": a message is encrypted so that it can only be decrypted after a certain amount of time, either (a) with the help of a trusted third party time server, or (b) after a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '04: Proceedings of the 11th ACM conference on Computer and communications security

October 2004

376 pages

ISBN:1581139616

DOI:10.1145/1030083

General Chair:
Vijay Atluri
Rutgers University
,
Program Chairs:
Birgit Pfitzmann
IBM Research, Switzerland
,
Patrick McDaniel
AT&T Labs

Copyright © 2004 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 October 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS04

Sponsor:

CCS04: 11th ACM Conference on Computer and Communications Security 2004

October 25 - 29, 2004

Washington DC, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
893
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Abouelkheir EEl-Sherbiny S(2024)A Pairing Free Provable Public Key Dual Receiver Encryption SchemeIEEE Access10.1109/ACCESS.2024.338888812(55918-55924)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3388888
Abouelkheir E(2024)Efficient provable dual receiver hybrid and light weight public key schemes based on the discrete logarithm problem without pairingsIET Communications10.1049/cmu2.12836Online publication date: 18-Sep-2024
https://doi.org/10.1049/cmu2.12836
Benz LBeskorovajnov WEilebrecht SGröll RMüller MMüller-Quade J(2024)Chosen-Ciphertext Secure Dual-Receiver Encryption in the Standard Model Based on Post-quantum AssumptionsPublic-Key Cryptography – PKC 202410.1007/978-3-031-57728-4_9(257-288)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57728-4_9
Zhao LZhong LLiu JZeng XZhang J(2023)A Regulatable Mechanism for Transacting Data AssetsIEEE Internet of Things Journal10.1109/JIOT.2023.330603010:24(21615-21632)Online publication date: 15-Dec-2023
https://doi.org/10.1109/JIOT.2023.3306030
Gao CChen KWang QChen Z(2022)An Efficient Public-Key Dual-Receiver Encryption SchemeIEEE Access10.1109/ACCESS.2022.314472510(10799-10805)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3144725
Zhao LZhang JZhong L(2022)A blockchain-based transaction system with payment statistics and supervisionConnection Science10.1080/09540091.2022.208018134:1(1751-1771)Online publication date: 14-Jun-2022
https://doi.org/10.1080/09540091.2022.2080181
Liu YWang LShen XLi L(2020)New Constructions of Identity-Based Dual Receiver Encryption from LatticesEntropy10.3390/e2206059922:6(599)Online publication date: 28-May-2020
https://doi.org/10.3390/e22060599
Liu YZhang DDeng YLi B(2019)(Identity-based) dual receiver encryption from lattice-based programmable hash functions with high min-entropyCybersecurity10.1186/s42400-019-0034-y2:1Online publication date: 13-Jun-2019
https://doi.org/10.1186/s42400-019-0034-y
Unger NGoldberg I(2018)Improved Strongly Deniable Authenticated Key Exchanges for Secure MessagingProceedings on Privacy Enhancing Technologies10.1515/popets-2018-00032018:1(21-66)Online publication date: 1-Jan-2018
https://doi.org/10.1515/popets-2018-0003
Zhang DZhang KLi BLu XXue HLi J(2018)Lattice-Based Dual Receiver Encryption and MoreInformation Security and Privacy10.1007/978-3-319-93638-3_30(520-538)Online publication date: 13-Jun-2018
https://doi.org/10.1007/978-3-319-93638-3_30
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents