Michel Abdalla (DI/ENS, Paris, France)
Password-Based Authenticated Key Exchange: An Overview.

Abstract: Password-based authenticated key exchange (PAKE) protocols are a particular case of authenticated key exchange protocols in which the secret key or password used for authentication is not uniformly distributed over a large space, but rather chosen from a small set of possible values (a four-digit pin, for example). Since PAKE protocols rely on short and easily memorizable secrets, they also seem more convenient to use as they do not require an additional cryptographic devices capable of storing high-entropy secret keys. In this survey, we consider the problem of designing authenticated key exchange protocols in the password-based setting. In particular, we discuss the different security goals that one can consider as well as different ways of realizing these goals. Finally, we re-call some of the most recent results in the area and discuss some of the issues regarding the implementation of these protocols.

Duncan S. Wong (Exploratory Research Laboratory, ASTRI, Hong Kong)
Practical and Provably Secure Attribute Based Encryption.

Abstract: We discuss about the properties that are crucial to making an Attribute-Based Encryption scheme practical, and investigate the techniques, which could be used for constructing a provably secure Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme, which possesses the properties we identified that could make the scheme practical. In CP-ABE, a user’s decryption key is associated with attributes which in general are not related to the user’s identity, and the same set of attributes could be shared between multiple users. From the decryption key, if the user created a decryption blackbox for sale, this malicious user could be difficult to identify from the blackbox. Hence in practice, a useful CP-ABE scheme should have some tracing mechanism to identify this ‘traitor’ from the blackbox. In addition, being able to revoke compromised keys is also an important step towards practicality, and for scalability, the scheme should support an exponentially large number of attributes. We refer to these three important properties as (1) blackbox traceability, (2) revocation, and (3) large universe. In this talk, we also describe one of the first CP-ABE schemes of this type achieving the sub-linear overhead, and at the same time, attaining the fully collusion-resistant traceability against policy-specific decryption blackbox against selective attackers in the standard model. We also discuss about the proofing techniques, as well as the techniques applied in the construction of our CP-ABE scheme for achieving large attribute universe, and retaining highly expressivity on policies.