References of "Rial, Alfredo 50021916"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailUC Priced Oblivious Transfer with Purchase Statistics and Dynamic Pricing
Damodaran, Aditya Shyam Shankar UL; Dubovitskaya, Maria; Rial, Alfredo UL

in Progress in Cryptology – INDOCRYPT 2019 (2019, December)

Priced oblivious transfer (POT) is a cryptographic protocol that can be used to protect customer privacy in e-commerce applications. Namely, it allows a buyer to purchase an item from a seller without ... [more ▼]

Priced oblivious transfer (POT) is a cryptographic protocol that can be used to protect customer privacy in e-commerce applications. Namely, it allows a buyer to purchase an item from a seller without disclosing to the latter which item was purchased and at which price. Unfortunately, existing POT schemes have some drawbacks in terms of design and functionality. First, the design of existing POT schemes is not modular. Typically, a POT scheme extends a k-out-of-N oblivious transfer (OT) scheme by adding prices to the items. However, all POT schemes do not use OT as a black-box building block with certain security guarantees. Consequently, security of the OT scheme needs to be reanalyzed while proving security of the POT scheme, and it is not possible to swap the underlying OT scheme with any other OT scheme. Second, existing POT schemes do not allow the seller to obtain any kind of statistics about the buyer's purchases, which hinders customer and sales management. Moreover, the seller is not able to change the prices of items without restarting the protocol from scratch. We propose a POT scheme that addresses the aforementioned drawbacks. We prove the security of our POT in the UC framework. We modify a standard POT functionality to allow the seller to receive aggregate statistics about the buyer's purchases and to change prices dynamically. We present a modular construction for POT that realizes our functionality in the hybrid model. One of the building blocks is an ideal functionality for OT. Therefore, our protocol separates the tasks carried out by the underlying OT scheme from the additional tasks needed by a POT scheme. Thanks to that, our protocol is a good example of modular design and can be instantiated with any secure OT scheme as well as other building blocks without reanalyzing security from scratch. [less ▲]

Detailed reference viewed: 92 (25 UL)
Full Text
Peer Reviewed
See detailA conditional access system with revocation for mobile pay-TV systems revisited
Rial, Alfredo UL

in Information Processing Letters (2019), 147

Detailed reference viewed: 85 (2 UL)
Full Text
See detailConcise UC Zero-Knowledge Proofs for Oblivious Updatable Databases
Camenisch, Jan; Dubovitskaya, Maria; Rial, Alfredo UL

E-print/Working paper (2019)

We propose an ideal functionality $\Functionality_{\COMD}$ and a construction for oblivious and updatable committed databases. $\Functionality_{\COMD}$ allows a prover to read, write, and update values in ... [more ▼]

We propose an ideal functionality $\Functionality_{\COMD}$ and a construction for oblivious and updatable committed databases. $\Functionality_{\COMD}$ allows a prover to read, write, and update values in a database and to prove to a verifier in zero-knowledge that a value is read from or written into a certain position. The following properties must hold: (1) values stored in the database remain hidden from the verifier; (2) a value read from a certain position is equal to the value previously written into that position; (3) (obliviousness) both the value read or written and its position remain hidden from the verifier. We describe a construction for $\Functionality_{\COMD}$ based on vector commitments. After the initialization phase, the cost of zero-knowedge proofs for reading and writing is independent of the database size, outperforming other techniques that achieve cost sublinear in the dataset size for prover and/or verifier. Therefore, our construction is especially appealing for cases with large datasets. Finally, we show how to use $\Functionality_{\COMD}$ as a building block in ``commit-and-prove'' two-party protocols, i.e.\ protocols where the prover commits to her inputs and subsequently proves in zero-knowledge statements about the committed values. In comparison to simply using commitment schemes, our construction allows the prover to hide positions read or written efficiently, which is useful to design protocols for e.g.\ cloud-based services, blockchain, privacy-preserving location sharing services and e-commerce, and efficient OR proofs. [less ▲]

Detailed reference viewed: 118 (9 UL)
Full Text
See detailUC Updatable Non-Hiding Committed Database with Efficient Zero-Knowledge Proofs
Rial, Alfredo UL

E-print/Working paper (2019)

We define an ideal functionality $\Functionality_{\DB}$ and a protocol $\mathrm{\Pi_{\DB}}$ for an updatable non-hiding committed database ($\DB$). $\DB$ is described as the task of storing a database ... [more ▼]

We define an ideal functionality $\Functionality_{\DB}$ and a protocol $\mathrm{\Pi_{\DB}}$ for an updatable non-hiding committed database ($\DB$). $\DB$ is described as the task of storing a database into a suitable data structure that allows you to efficiently prove in zero-knowledge (ZK) that a value is stored in the database at a certain position. The database is \emph{non-hiding} because both prover and verifier know its content. It is \emph{committed} in the sense that only ZK proofs about position-value pairs that are actually stored are possible. It is \emph{updatable} because its contents can be modified dynamically throughout the protocol execution. The $\DB$ task is used implicitly as building block of privacy-preserving protocols for e-commerce, smart billing and access control. In those protocols, this task is intertwined with others. Our functionality $\Functionality_{\DB}$ allows us to study constructions for this task in isolation. Furthermore, it allows us to improve modularity in protocol design, by using $\Functionality_{\DB}$ as building block of those protocols along with functionalities for other tasks. Our construction $\mathrm{\Pi_{\DB}}$ uses a non-hiding vector commitment (VC) scheme as building block. Thanks to the efficiency properties of non-hiding VC schemes, $\mathrm{\Pi_{\DB}}$ provides ZK proofs whose computation cost (after initialization) and whose size are both independent of the database size. Therefore, $\mathrm{\Pi_{\DB}}$ is suitable for large databases. Moreover, the database can be updated dynamically and very efficiently. [less ▲]

Detailed reference viewed: 100 (31 UL)
Full Text
Peer Reviewed
See detailUsing Selene to Verify your Vote in JCJ
Iovino, Vincenzo UL; Rial, Alfredo UL; Roenne, Peter UL et al

in Workshop on Advances in Secure Electronic Voting (VOTING'17) (2017, April 07)

Detailed reference viewed: 239 (29 UL)
Full Text
Peer Reviewed
See detailPrivate Mobile Pay-TV From Priced Oblivious Transfer
Biesmans, Wouter; Balasch, Josep; Rial, Alfredo UL et al

in IEEE Transactions on Information Forensics & Security (2017)

In pay-TV, a service provider offers TV programs and channels to users. To ensure that only authorized users gain access, conditional access systems (CAS) have been proposed. In existing CAS, users ... [more ▼]

In pay-TV, a service provider offers TV programs and channels to users. To ensure that only authorized users gain access, conditional access systems (CAS) have been proposed. In existing CAS, users disclose to the service provider the TV programs and channels they purchase. We propose a pay-per-view and a pay-per-channel CAS that protect users' privacy. Our pay-per-view CAS employs priced oblivious transfer (POT) to allow a user to purchase TV programs without disclosing which programs were bought to the service provider. In our pay-per-channel CAS, POT is employed together with broadcast attribute-based encryption (BABE) to achieve low storage overhead, collusion resistance, efficient revocation and broadcast efficiency. We propose a new POT scheme and show its feasibility by implementing and testing our CAS on a representative mobile platform. [less ▲]

Detailed reference viewed: 111 (6 UL)
Full Text
Peer Reviewed
See detailIssuer-Free Oblivious Transfer with Access Control Revisited
Rial, Alfredo UL

in Information Processing Letters (2017)

Oblivious transfer with access control (OTAC) is an extension of oblivious transfer where each message is associated with an access control policy. A receiver can obtain a message only if her attributes ... [more ▼]

Oblivious transfer with access control (OTAC) is an extension of oblivious transfer where each message is associated with an access control policy. A receiver can obtain a message only if her attributes satisfy the access control policy for that message. In most schemes, the receiver's attributes are certified by an issuer. Recently, two Issuer-Free OTAC protocols have been proposed. We show that the security definition for Issuer-Free OTAC fulfilled by those schemes poses a problem. Namely, the sender is not able to attest whether a receiver possesses a claimed attribute. Because of this problem, in both Issuer-Free OTAC protocols, any malicious receiver can obtain any message from the sender, regardless of the access control policy associated with the message. To address this problem, we propose a new security definition for Issuer-Free OTAC. Our definition requires the receiver to prove in zero-knowledge to the sender that her attributes fulfill some predicates. Our definition is suitable for settings with multiple issuers because it allows the design of OTAC protocols where the receiver, when accessing a record, can hide the identity of the issuer that certified her attributes. [less ▲]

Detailed reference viewed: 90 (10 UL)
Full Text
Peer Reviewed
See detailOn the Insecurity of a Method for Providing Secure and Private Fine-Grained Access to Outsourced Data
Rial, Alfredo UL

in Abstract book of 2016 IEEE 8th International Conference on Cloud Computing Technology and Science (CloudCom) (2016, December)

The protection of sensitive data stored in the cloud is paramount. Among the techniques proposed to provide protection, attribute-based access control, which frequently uses ciphertext-policy attribute ... [more ▼]

The protection of sensitive data stored in the cloud is paramount. Among the techniques proposed to provide protection, attribute-based access control, which frequently uses ciphertext-policy attribute-based encryption (CPABE), has received a lot of attention in the last years. Recently, Jahan et al.~(IEEE 40th Conference on Local Computer Networks, 2015) propose a scheme based on CPABE where users have reading and writing access to the outsourced data. We analyze the scheme by Jahan et al.\ and we show that it has several security vulnerabilities. For instance, the cloud server can get information about encrypted messages by using a stored ciphertext and an update of that ciphertext. As another example, users with writing access are able to decrypt all the messages regardless of their attributes. We discuss the security claims made by Jahan et al.\ and point out the reasons why they do not hold. We also explain that existing schemes can already provide the advantages claimed by Jahan et al. [less ▲]

Detailed reference viewed: 112 (3 UL)
Full Text
Peer Reviewed
See detailPrivacy-preserving smart metering revisited
Rial, Alfredo UL; Danezis, George; Kohlweiss, Markulf

in International Journal of Information Security (2016)

Detailed reference viewed: 107 (4 UL)
Full Text
Peer Reviewed
See detailUC Commitments for Modular Protocol Design and Applications to Revocation and Attribute Tokens
Camenisch, Jan; Dubovitskaya, Maria; Rial, Alfredo UL

in Advances in Cryptology – CRYPTO 2016 (2016, August 14)

Complex cryptographic protocols are often designed from simple cryptographic primitives, such as signature schemes, encryption schemes, verifiable random functions, and zero-knowledge proofs, by bridging ... [more ▼]

Complex cryptographic protocols are often designed from simple cryptographic primitives, such as signature schemes, encryption schemes, verifiable random functions, and zero-knowledge proofs, by bridging between them with commitments to some of their inputs and outputs. Unfortunately, the known universally composable (UC) functionalities for commitments and the cryptographic primitives mentioned above do not allow such constructions of higher-level protocols as hybrid protocols. Therefore, protocol designers typically resort to primitives with property-based definitions, often resulting in complex monolithic security proofs that are prone to mistakes and hard to verify. We address this gap by presenting a UC functionality for non-interactive commitments that enables modular constructions of complex protocols within the UC framework. We also show how the new functionality can be used to construct hybrid protocols that combine different UC functionalities and use commitments to ensure that the same inputs are provided to different functionalities. We further provide UC functionalities for attribute tokens and revocation that can be used as building blocks together with our UC commitments. As an example of building a complex system from these new UC building blocks, we provide a construction (a hybrid protocol) of anonymous attribute tokens with revocation. Unlike existing accumulator-based schemes, our scheme allows one to accumulate several revocation lists into a single commitment value and to hide the revocation status of a user from other users and verifiers. [less ▲]

Detailed reference viewed: 119 (11 UL)