Biblio

A grouping-proof protocol aims to generate an evidence that two or more RFID (Radio Frequency Identification) tags in a group are coexistent, which has been widely deployed in practical scenarios, such as healthcare, supply-chain management, and so on. However, existing grouping-proof protocols have many issues in security and efficiency, either incompatible with EPCglobal Class-1 Generation-2 (C1G2) standard, or vulnerable to different attacks. In this paper, we propose a lightweight grouping-proof protocol which only utilizes bitwise operations (AND, XOR) and 128-bit pseudorandom number generator (PRNG). 2-round interactions between the reader and the tags allow them to cooperate on fast authentication in parallel mode where the reader broadcasts its round messages rather than hang on for the prior tag and then fabricate apposite output for the next tag consecutively. Our design enables the reader to aggregate the first round proofs (to bind the membership of tags in the same group) generated by the tags to an authenticator of constant size (independent of the number of tags) that can then be used by the tags to generate the second round proofs (and that will be validated by the verifier). Formal security (i.e., PPT adversary cannot counterfeit valid grouping-proof that can be accepted by any verifier) of the proposed protocol relies on the hardness of the learning parity with noise (LPN) problem, which can resist against quantum computing attacks. Other appealing features (e.g., robustness, anonymity, etc.) are also inspected. Performance evaluation shows its applicability to C1G2 RFID.

In cloud computing, computationally weak users are always willing to outsource costly computations to a cloud, and at the same time they need to check the correctness of the result provided by the cloud. Such activities motivate the occurrence of verifiable computation (VC). Recently, Parno, Raykova and Vaikuntanathan showed any VC protocol can be constructed from an attribute-based encryption (ABE) scheme for a same class of functions. In this paper, we propose two practical and efficient semi-adaptively secure key-policy attribute-based encryption (KP-ABE) schemes with constant-size ciphertexts. The semi-adaptive security requires that the adversary designates the challenge attribute set after it receives public parameters but before it issues any secret key query, which is stronger than selective security guarantee. Our first construction deals with small universe while the second one supports large universe. Both constructions employ the technique underlying the prime-order instantiation of nested dual system groups, which are based on the \$d\$-linear assumption including SXDH and DLIN assumptions. In order to evaluate the performance, we implement our ABE schemes using \$\textbackslashtextsf\Python\\$ language in Charm. Compared with previous KP-ABE schemes with constant-size ciphertexts, our constructions achieve shorter ciphertext and secret key sizes, and require low computation costs, especially under the SXDH assumption.

In cloud computing, computationally weak users are always willing to outsource costly computations to a cloud, and at the same time they need to check the correctness of the result provided by the cloud. Such activities motivate the occurrence of verifiable computation (VC). Recently, Parno, Raykova and Vaikuntanathan showed any VC protocol can be constructed from an attribute-based encryption (ABE) scheme for a same class of functions. In this paper, we propose two practical and efficient semi-adaptively secure key-policy attribute-based encryption (KP-ABE) schemes with constant-size ciphertexts. The semi-adaptive security requires that the adversary designates the challenge attribute set after it receives public parameters but before it issues any secret key query, which is stronger than selective security guarantee. Our first construction deals with small universe while the second one supports large universe. Both constructions employ the technique underlying the prime-order instantiation of nested dual system groups, which are based on the \$d\$-linear assumption including SXDH and DLIN assumptions. In order to evaluate the performance, we implement our ABE schemes using \$\textbackslashtextsf\Python\\$ language in Charm. Compared with previous KP-ABE schemes with constant-size ciphertexts, our constructions achieve shorter ciphertext and secret key sizes, and require low computation costs, especially under the SXDH assumption.