Instant messaging applications like WhatsApp and iMessage have been widely used to exchange public and private information for both individuals and organizations. At the same time, the asynchronicity nature of these applications also introduces various security issues. To this end, considerable efforts have been made to strengthen the security and privacy of these applications, where a major goal is to capture the forward secrecy of asynchronous messaging without sacrificing other reasonable security properties. In this paper, we mainly focus on forward-secure zero round-trip time (0-RTT) key exchange protocols. Such a protocol enables a user to send the encrypted application data along with the first protocol message, and thus is especially suitable for securing asynchronous messaging. Concretely, we introduce a new cryptographic primitive dubbed as puncturable identity-based matchmaking key encapsulation mechanism (PIB-MKEM). It captures the authenticity of ciphertexts, and also allo
The wide use of internet-connected services makes massive personal data collected by service providers without the need of our consent. Although the archived data may enable them to provide better service experiences for users, it also presents serious risks to individual privacy, especially when active or unexpected data breaches have become commonplace. To mitigate this issue, several acts and regulations (e.g., the European Union general data protection regulation) have been issued and specified a lot of security requirements for personal data management. Among these various requirements, we mainly focus on the requirement of giving back the access control of personal data to data owners themselves and the right to be forgotten for data erasure. In this article, we provide a cryptographic solution of achieving these two requirements in the setting of outsourced storage. Specifically, we introduce a personal data management framework built upon a novel cryptographic primitive dubbed
Puncturable encryption (PE), introduced by Green and Miers at IEEE S&P 2015, allows recipients to update their decryption keys to revoke decryption capability for selected messages without communicating with senders. In general, it allows users to control which ciphertexts their keys may decrypt. The notion of PE has been found very useful in many applications, such as asynchronous messaging systems, group messaging systems, public-key watermarking schemes, secure cloud emails, and many more. In this paper, we introduce a new primitive called hierarchical identity-based puncturable encryption (HIBPE) that enhances the concept of PE by allowing more general key delegation and flexible key puncture. It enhances the capability of the data owner for multi-level encrypted data sharing within a group of users by delegating the decryption keys of the users in higher-levels to generate decryption keys for the users in lower-levels. Moreover, it allows users to puncture (update) their decry
The concept of puncturable encryption was introduced by Green and Miers at IEEE S&P 2015. Puncturable encryption allows recipients to update their decryption keys to revoke decryption capability for selected messages without communicating with senders. From the first instantiation, puncturable encryption shows its essence for many interesting applications, such as asynchronous messaging systems, group messaging systems, public-key watermarking schemes, secure cloud emails, and many more. To eliminate the necessity of having a costly certificate verification process, Wei et al. introduced puncturable identity-based encryption at ESORICS 2019. Unfortunately, till today, there is no puncturable identity-based encryption which can withstand quantum attacks. In this paper, we aim to fill this gap in the literature by presenting the first constructions of puncturable identity-based encryption, for both selective and adaptive identity, which are secure in the standard model based on the h