Browse ORBilu by Open Access ORBilu The ORBilu Project
ISSN: 2354-5011

ORBilu is a project developed by

 References of "Rial, Alfredo 50021916"      in Complete repository Arts & humanities   Archaeology   Art & art history   Classical & oriental studies   History   Languages & linguistics   Literature   Performing arts   Philosophy & ethics   Religion & theology   Multidisciplinary, general & others Business & economic sciences   Accounting & auditing   Production, distribution & supply chain management   Finance   General management & organizational theory   Human resources management   Management information systems   Marketing   Strategy & innovation   Quantitative methods in economics & management   General economics & history of economic thought   International economics   Macroeconomics & monetary economics   Microeconomics   Economic systems & public economics   Social economics   Special economic topics (health, labor, transportation…)   Multidisciplinary, general & others Engineering, computing & technology   Aerospace & aeronautics engineering   Architecture   Chemical engineering   Civil engineering   Computer science   Electrical & electronics engineering   Energy   Geological, petroleum & mining engineering   Materials science & engineering   Mechanical engineering   Multidisciplinary, general & others Human health sciences   Alternative medicine   Anesthesia & intensive care   Cardiovascular & respiratory systems   Dentistry & oral medicine   Dermatology   Endocrinology, metabolism & nutrition   Forensic medicine   Gastroenterology & hepatology   General & internal medicine   Geriatrics   Hematology   Immunology & infectious disease   Laboratory medicine & medical technology   Neurology   Oncology   Ophthalmology   Orthopedics, rehabilitation & sports medicine   Otolaryngology   Pediatrics   Pharmacy, pharmacology & toxicology   Psychiatry   Public health, health care sciences & services   Radiology, nuclear medicine & imaging   Reproductive medicine (gynecology, andrology, obstetrics)   Rheumatology   Surgery   Urology & nephrology   Multidisciplinary, general & others Law, criminology & political science   Civil law   Criminal law & procedure   Criminology   Economic & commercial law   European & international law   Judicial law   Metalaw, Roman law, history of law & comparative law   Political science, public administration & international relations   Public law   Social law   Tax law   Multidisciplinary, general & others Life sciences   Agriculture & agronomy   Anatomy (cytology, histology, embryology...) & physiology   Animal production & animal husbandry   Aquatic sciences & oceanology   Biochemistry, biophysics & molecular biology   Biotechnology   Entomology & pest control   Environmental sciences & ecology   Food science   Genetics & genetic processes   Microbiology   Phytobiology (plant sciences, forestry, mycology...)   Veterinary medicine & animal health   Zoology   Multidisciplinary, general & others Physical, chemical, mathematical & earth Sciences   Chemistry   Earth sciences & physical geography   Mathematics   Physics   Space science, astronomy & astrophysics   Multidisciplinary, general & others Social & behavioral sciences, psychology   Animal psychology, ethology & psychobiology   Anthropology   Communication & mass media   Education & instruction   Human geography & demography   Library & information sciences   Neurosciences & behavior   Regional & inter-regional studies   Social work & social policy   Sociology & social sciences   Social, industrial & organizational psychology   Theoretical & cognitive psychology   Treatment & clinical psychology   Multidisciplinary, general & others     Showing results 1 to 20 of 20 1 2 A Compiler for Stateful Zero Knowledge Data StructuresDamodaran, Aditya Shyam Shankar ; Rial, Alfredo Software (2022)Detailed reference viewed: 25 (3 UL) Implementations for Unlinkable Updatable Hiding Databases and Privacy-Preserving Loyalty ProgramsDamodaran, Aditya Shyam Shankar ; Rial, Alfredo Software (2021)Detailed reference viewed: 55 (8 UL) Unlinkable Updatable Hiding Databases and Privacy-Preserving Loyalty ProgramsDamodaran, Aditya Shyam Shankar ; Rial, Alfredo in Proceedings on Privacy Enhancing Technologies (2021, July), 2021(3), 95-121Loyalty programs allow vendors to profile buyers based on their purchase histories, which can reveal privacy sensitive information. Existing privacy friendly loyalty programs force buyers to choose ... [more ▼]Loyalty programs allow vendors to profile buyers based on their purchase histories, which can reveal privacy sensitive information. Existing privacy friendly loyalty programs force buyers to choose whether their purchases are linkable. Moreover, vendors receive more purchase data than required for the sake of profiling. We propose a privacy-preserving loyalty program where purchases are always unlinkable, yet a vendor can profile a buyer based on her purchase history, which remains hidden from the vendor. Our protocol is based on a new building block, an unlinkable updatable hiding database (HD), which we define and construct. HD allows the vendor to initialize and update databases stored by buyers that contain their purchase histories and their accumulated loyalty points. Updates are unlinkable and, at each update, the database is hidden from the vendor. Buyers can neither modify the database nor use old versions of it. Our construction for HD is practical for large databases. [less ▲]Detailed reference viewed: 96 (25 UL) Concise UC Zero-Knowledge Proofs for Oblivious Updatable DatabasesCamenisch, Jan; Dubovitskaya, Maria; Rial, Alfredo in 2021 34th IEEE Computer Security Foundations Symposium (2021)Detailed reference viewed: 235 (31 UL) Implementations for Unlinkable Updatable Databases and Oblivious Transfer with Access ControlDamodaran, Aditya Shyam Shankar ; Rial, Alfredo Software (2020)Detailed reference viewed: 21 (3 UL) Implementations for UC Updatable Databases and ApplicationsDamodaran, Aditya Shyam Shankar ; Rial, Alfredo Software (2020)Detailed reference viewed: 23 (2 UL) UC Updatable Databases and ApplicationsDamodaran, Aditya Shyam Shankar ; Rial, Alfredo in 12th International Conference on Cryptology (2020)We define an ideal functionality $\Functionality_{\UD}$ and a construction $\mathrm{\Pi_{\UD}}$ for an updatable database ($\UD$). $\UD$ is a two-party protocol between an updater and a reader. The ... [more ▼]We define an ideal functionality $\Functionality_{\UD}$ and a construction $\mathrm{\Pi_{\UD}}$ for an updatable database ($\UD$). $\UD$ is a two-party protocol between an updater and a reader. The updater sets the database and updates it at any time throughout the protocol execution. The reader computes zero-knowledge (ZK) proofs of knowledge of database entries. These proofs prove that a value is stored at a certain position in the database, without revealing the position or the value. (Non-)updatable databases are implicitly used as building block in priced oblivious transfer, privacy-preserving billing and other privacy-preserving protocols. Typically, in those protocols the updater signs each database entry, and the reader proves knowledge of a signature on a database entry. Updating the database requires a revocation mechanism to revoke signatures on outdated database entries. Our construction $\mathrm{\Pi_{\UD}}$ uses a non-hiding vector commitment (NHVC) scheme. The updater maps the database to a vector and commits to the database. This commitment can be updated efficiently at any time without needing a revocation mechanism. ZK proofs for reading a database entry have communication and amortized computation cost independent of the database size. Therefore, $\mathrm{\Pi_{\UD}}$ is suitable for large databases. We implement $\mathrm{\Pi_{\UD}}$ and our timings show that it is practical. In existing privacy-preserving protocols, a ZK proof of a database entry is intertwined with other tasks, e.g., proving further statements about the value read from the database or the position where it is stored. $\Functionality_{\UD}$ allows us to improve modularity in protocol design by separating those tasks. We show how to use $\Functionality_{\UD}$ as building block of a hybrid protocol along with other functionalities. [less ▲]Detailed reference viewed: 191 (27 UL) (Universal) Unconditional Verifiability in E-Voting without Trusted PartiesIovino, Vincenzo; Rial, Alfredo ; Roenne, Peter et alin 2020 IEEE 33rd Computer Security Foundations Symposium (2020)Detailed reference viewed: 168 (5 UL) Verifiable Inner Product Encryption SchemeSoroush, Najmeh ; Iovino, Vincenzo; Rial, Alfredo et alin Public-Key Cryptography – PKC 2020 (2020)Detailed reference viewed: 154 (11 UL) "The Simplest Protocol for Oblivious Transfer'' RevisitedGenç, Ziya Alper ; Iovino, Vincenzo; Rial, Alfredo in Information Processing Letters (2020)In 2015, Chou and Orlandi presented an oblivious transfer protocol that already drew a lot of attention both from theorists and practitioners due to its extreme simplicity and high efficiency. Chou and ... [more ▼]In 2015, Chou and Orlandi presented an oblivious transfer protocol that already drew a lot of attention both from theorists and practitioners due to its extreme simplicity and high efficiency. Chou and Orlandi claimed that their protocol is universally composable secure (UC-secure) in the random oracle model under dynamic corruptions. UC-security is a very strong security guarantee that assures that, not only the protocol in itself is secure, but can be also used safely in larger protocols. Unfortunately, in this work we point out a flaw in their security proof for the case of a corrupt sender. In more detail, we define a decisional problem and we prove that, if a correct security proof for the Chou and Orlandi's protocol is provided, then this problem can be solved correctly with overwhelming probability. Therefore, the protocol of Chou and Orlandi cannot be instantiated securely with groups for which our decisional problem cannot be solved correctly with overwhelming probability. Consequently, the protocol of Chou and Orlandi cannot be instantiated with {\em all} groups $\G$ in which the CDH problem is intractable, but only with groups in which both the CDH problem is intractable and our decisional problem can be solved with overwhelming probability. After the appearance of our work, Chou and Orlandi acknowledged the problems we pointed out in their security proof and subsequent works showed additional issues, removing the claims of UC security of their protocol. [less ▲]Detailed reference viewed: 115 (6 UL) Unlinkable Updatable Databases and Oblivious Transfer with Access ControlDamodaran, Aditya Shyam Shankar ; Rial, Alfredo in 25th Australasian Conference on Information Security and Privacy (2020)An oblivious transfer with access control protocol (OTAC) allows us to protect privacy of accesses to a database while enforcing access control policies. Existing OTAC have several shortcomings. First ... [more ▼]An oblivious transfer with access control protocol (OTAC) allows us to protect privacy of accesses to a database while enforcing access control policies. Existing OTAC have several shortcomings. First, their design is not modular. Typically, to create an OTAC, an adaptive oblivious transfer protocol (OT) is extended ad-hoc. Consequently, the security of the OT is reanalyzed when proving security of the OTAC, and it is not possible to instantiate the OTAC with any secure OT. Second, existing OTAC do not allow for policy updates. Finally, in practical applications, many messages share the same policy. However, existing OTAC cannot take advantage of that to improve storage efficiency. We propose an UC-secure OTAC that addresses the aforementioned shortcomings. Our OTAC uses as building blocks the ideal functionalities for OT, for zero-knowledge (ZK) and for an \emph{unlinkable updatable database} ($\UUD$), which we define and construct. $\UUD$ is a protocol between an updater $\fuudUpdater$ and multiple readers $\fuudReader_k$. $\fuudUpdater$ sets up a database and updates it. $\fuudReader_k$ can read the database by computing UC ZK proofs of an entry in the database, without disclosing what entry is read. In our OTAC, $\UUD$ is used to store and read the policies. We construct an $\UUD$ based on subvector commitments (SVC). We extend the definition of SVC with update algorithms for commitments and openings, and we provide an UC ZK proof of a subvector. Our efficiency analysis shows that our $\UUD$ is practical. [less ▲]Detailed reference viewed: 202 (42 UL) UC Priced Oblivious Transfer with Purchase Statistics and Dynamic PricingDamodaran, Aditya Shyam Shankar ; Dubovitskaya, Maria; Rial, Alfredo in Progress in Cryptology – INDOCRYPT 2019 (2019, December)Priced oblivious transfer (POT) is a cryptographic protocol that can be used to protect customer privacy in e-commerce applications. Namely, it allows a buyer to purchase an item from a seller without ... [more ▼]Priced oblivious transfer (POT) is a cryptographic protocol that can be used to protect customer privacy in e-commerce applications. Namely, it allows a buyer to purchase an item from a seller without disclosing to the latter which item was purchased and at which price. Unfortunately, existing POT schemes have some drawbacks in terms of design and functionality. First, the design of existing POT schemes is not modular. Typically, a POT scheme extends a k-out-of-N oblivious transfer (OT) scheme by adding prices to the items. However, all POT schemes do not use OT as a black-box building block with certain security guarantees. Consequently, security of the OT scheme needs to be reanalyzed while proving security of the POT scheme, and it is not possible to swap the underlying OT scheme with any other OT scheme. Second, existing POT schemes do not allow the seller to obtain any kind of statistics about the buyer's purchases, which hinders customer and sales management. Moreover, the seller is not able to change the prices of items without restarting the protocol from scratch. We propose a POT scheme that addresses the aforementioned drawbacks. We prove the security of our POT in the UC framework. We modify a standard POT functionality to allow the seller to receive aggregate statistics about the buyer's purchases and to change prices dynamically. We present a modular construction for POT that realizes our functionality in the hybrid model. One of the building blocks is an ideal functionality for OT. Therefore, our protocol separates the tasks carried out by the underlying OT scheme from the additional tasks needed by a POT scheme. Thanks to that, our protocol is a good example of modular design and can be instantiated with any secure OT scheme as well as other building blocks without reanalyzing security from scratch. [less ▲]Detailed reference viewed: 190 (54 UL) A conditional access system with revocation for mobile pay-TV systems revisitedRial, Alfredo in Information Processing Letters (2019), 147Detailed reference viewed: 130 (4 UL) UC Updatable Non-Hiding Committed Database with Efficient Zero-Knowledge ProofsRial, Alfredo E-print/Working paper (2019)We define an ideal functionality $\Functionality_{\DB}$ and a protocol $\mathrm{\Pi_{\DB}}$ for an updatable non-hiding committed database ($\DB$). $\DB$ is described as the task of storing a database ... [more ▼]We define an ideal functionality $\Functionality_{\DB}$ and a protocol $\mathrm{\Pi_{\DB}}$ for an updatable non-hiding committed database ($\DB$). $\DB$ is described as the task of storing a database into a suitable data structure that allows you to efficiently prove in zero-knowledge (ZK) that a value is stored in the database at a certain position. The database is \emph{non-hiding} because both prover and verifier know its content. It is \emph{committed} in the sense that only ZK proofs about position-value pairs that are actually stored are possible. It is \emph{updatable} because its contents can be modified dynamically throughout the protocol execution. The $\DB$ task is used implicitly as building block of privacy-preserving protocols for e-commerce, smart billing and access control. In those protocols, this task is intertwined with others. Our functionality $\Functionality_{\DB}$ allows us to study constructions for this task in isolation. Furthermore, it allows us to improve modularity in protocol design, by using $\Functionality_{\DB}$ as building block of those protocols along with functionalities for other tasks. Our construction $\mathrm{\Pi_{\DB}}$ uses a non-hiding vector commitment (VC) scheme as building block. Thanks to the efficiency properties of non-hiding VC schemes, $\mathrm{\Pi_{\DB}}$ provides ZK proofs whose computation cost (after initialization) and whose size are both independent of the database size. Therefore, $\mathrm{\Pi_{\DB}}$ is suitable for large databases. Moreover, the database can be updated dynamically and very efficiently. [less ▲]Detailed reference viewed: 152 (38 UL) Using Selene to Verify your Vote in JCJIovino, Vincenzo ; Rial, Alfredo ; Roenne, Peter et alin Workshop on Advances in Secure Electronic Voting (VOTING'17) (2017, April 07)Detailed reference viewed: 300 (31 UL) Private Mobile Pay-TV From Priced Oblivious TransferBiesmans, Wouter; Balasch, Josep; Rial, Alfredo et alin IEEE Transactions on Information Forensics and Security (2017)In pay-TV, a service provider offers TV programs and channels to users. To ensure that only authorized users gain access, conditional access systems (CAS) have been proposed. In existing CAS, users ... [more ▼]In pay-TV, a service provider offers TV programs and channels to users. To ensure that only authorized users gain access, conditional access systems (CAS) have been proposed. In existing CAS, users disclose to the service provider the TV programs and channels they purchase. We propose a pay-per-view and a pay-per-channel CAS that protect users' privacy. Our pay-per-view CAS employs priced oblivious transfer (POT) to allow a user to purchase TV programs without disclosing which programs were bought to the service provider. In our pay-per-channel CAS, POT is employed together with broadcast attribute-based encryption (BABE) to achieve low storage overhead, collusion resistance, efficient revocation and broadcast efficiency. We propose a new POT scheme and show its feasibility by implementing and testing our CAS on a representative mobile platform. [less ▲]Detailed reference viewed: 150 (9 UL) Issuer-Free Oblivious Transfer with Access Control RevisitedRial, Alfredo in Information Processing Letters (2017)Oblivious transfer with access control (OTAC) is an extension of oblivious transfer where each message is associated with an access control policy. A receiver can obtain a message only if her attributes ... [more ▼]Oblivious transfer with access control (OTAC) is an extension of oblivious transfer where each message is associated with an access control policy. A receiver can obtain a message only if her attributes satisfy the access control policy for that message. In most schemes, the receiver's attributes are certified by an issuer. Recently, two Issuer-Free OTAC protocols have been proposed. We show that the security definition for Issuer-Free OTAC fulfilled by those schemes poses a problem. Namely, the sender is not able to attest whether a receiver possesses a claimed attribute. Because of this problem, in both Issuer-Free OTAC protocols, any malicious receiver can obtain any message from the sender, regardless of the access control policy associated with the message. To address this problem, we propose a new security definition for Issuer-Free OTAC. Our definition requires the receiver to prove in zero-knowledge to the sender that her attributes fulfill some predicates. Our definition is suitable for settings with multiple issuers because it allows the design of OTAC protocols where the receiver, when accessing a record, can hide the identity of the issuer that certified her attributes. [less ▲]Detailed reference viewed: 130 (14 UL) On the Insecurity of a Method for Providing Secure and Private Fine-Grained Access to Outsourced DataRial, Alfredo in Abstract book of 2016 IEEE 8th International Conference on Cloud Computing Technology and Science (CloudCom) (2016, December)The protection of sensitive data stored in the cloud is paramount. Among the techniques proposed to provide protection, attribute-based access control, which frequently uses ciphertext-policy attribute ... [more ▼]The protection of sensitive data stored in the cloud is paramount. Among the techniques proposed to provide protection, attribute-based access control, which frequently uses ciphertext-policy attribute-based encryption (CPABE), has received a lot of attention in the last years. Recently, Jahan et al.~(IEEE 40th Conference on Local Computer Networks, 2015) propose a scheme based on CPABE where users have reading and writing access to the outsourced data. We analyze the scheme by Jahan et al.\ and we show that it has several security vulnerabilities. For instance, the cloud server can get information about encrypted messages by using a stored ciphertext and an update of that ciphertext. As another example, users with writing access are able to decrypt all the messages regardless of their attributes. We discuss the security claims made by Jahan et al.\ and point out the reasons why they do not hold. We also explain that existing schemes can already provide the advantages claimed by Jahan et al. [less ▲]Detailed reference viewed: 144 (5 UL) Privacy-preserving smart metering revisitedRial, Alfredo ; Danezis, George; Kohlweiss, Markulfin International Journal of Information Security (2016)Detailed reference viewed: 146 (9 UL) UC Commitments for Modular Protocol Design and Applications to Revocation and Attribute TokensCamenisch, Jan; Dubovitskaya, Maria; Rial, Alfredo in Advances in Cryptology – CRYPTO 2016 (2016, August 14)Complex cryptographic protocols are often designed from simple cryptographic primitives, such as signature schemes, encryption schemes, verifiable random functions, and zero-knowledge proofs, by bridging ... [more ▼]Complex cryptographic protocols are often designed from simple cryptographic primitives, such as signature schemes, encryption schemes, verifiable random functions, and zero-knowledge proofs, by bridging between them with commitments to some of their inputs and outputs. Unfortunately, the known universally composable (UC) functionalities for commitments and the cryptographic primitives mentioned above do not allow such constructions of higher-level protocols as hybrid protocols. Therefore, protocol designers typically resort to primitives with property-based definitions, often resulting in complex monolithic security proofs that are prone to mistakes and hard to verify. We address this gap by presenting a UC functionality for non-interactive commitments that enables modular constructions of complex protocols within the UC framework. We also show how the new functionality can be used to construct hybrid protocols that combine different UC functionalities and use commitments to ensure that the same inputs are provided to different functionalities. We further provide UC functionalities for attribute tokens and revocation that can be used as building blocks together with our UC commitments. As an example of building a complex system from these new UC building blocks, we provide a construction (a hybrid protocol) of anonymous attribute tokens with revocation. Unlike existing accumulator-based schemes, our scheme allows one to accumulate several revocation lists into a single commitment value and to hide the revocation status of a user from other users and verifiers. [less ▲]Detailed reference viewed: 171 (22 UL) 1 2