Protecting Encrypted Signature Functions Against Intrusions on Computing Devices by Obfuscation

Digital signature schemes are widely used to protect information integrity in computer communications. However, conventional digital signature schemes are secure only in normal attack contexts. Technically, these schemes assume that the signing algorithm implementation is running in a perfectly secure platform protected from various kinds of attacks and intrusions. To complement existing studies, this paper studies how to securely generate identity-based signatures, key-insulated signatures, and fuzzy identity-based signatures in a more austere attack context, such as on a computing device that is potentially controlled by an attacker. We use program obfuscation for achieving a higher security level. Concretely, we give three specialized signature functions-encrypted identity-based signature, encrypted key-insulated signature, and encrypted fuzzy identity-based signature, and then propose an obfuscator for the three encrypted signature functions. The efficiency of the proposed obfuscator is theoretically analyzed, and the correctness and security are proved. Finally, we present experimental results that show the proposed scheme is efficient. As a result, the obfuscated implementations of these encrypted signature functions can be applied to many protocols and enhance their security.

[1]  Xiao Feng,et al.  Secure Obfuscation for Tightly Structure-Preserving Encrypted Proxy Signatures , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[2]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[3]  Yohei Watanabe,et al.  Identity-Based Hierarchical Key-Insulated Encryption Without Random Oracles , 2016, Public Key Cryptography.

[4]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[5]  Yael Tauman Kalai,et al.  On the impossibility of obfuscation with auxiliary input , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[6]  Guy N. Rothblum,et al.  Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding , 2014, TCC.

[7]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[8]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[9]  Nir Bitansky,et al.  On the impossibility of approximate obfuscation and applications to resettable cryptography , 2013, STOC '13.

[10]  Yang Shi,et al.  Secure Obfuscation for Encrypted Group Signatures , 2015, PloS one.

[11]  Shouhuai Xu,et al.  Strong Key-Insulated Signature Schemes , 2003, Public Key Cryptography.

[12]  Yael Tauman Kalai,et al.  Protecting Obfuscation against Algebraic Attacks , 2014, EUROCRYPT.

[13]  Guy N. Rothblum,et al.  On Best-Possible Obfuscation , 2007, TCC.

[14]  Xiao Feng,et al.  A Secure Obfuscator for Encrypted Blind Signature Functionality , 2015, NSS.

[15]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[16]  Abhi Shelat,et al.  Securely Obfuscating Re-Encryption , 2007, Journal of Cryptology.

[17]  Chao Li,et al.  Secure Obfuscation of a Two-Step Oblivious Signature , 2012 .

[18]  Ryo Nishimaki,et al.  Verifiably encrypted signatures with short keys based on the decisional linear problem and obfuscation for encrypted VES , 2013, Des. Codes Cryptogr..

[19]  Craig Gentry,et al.  Zeroizing Without Low-Level Zeroes: New MMAP Attacks and their Limitations , 2015, CRYPTO.

[20]  Xiaolei Dong,et al.  Fuzzy identity based signature with applications to biometric authentication , 2011, Comput. Electr. Eng..

[21]  Hongfei Fan,et al.  Obfuscatable multi-recipient re-encryption for secure privacy-preserving personal health record services. , 2015, Technology and health care : official journal of the European Society for Engineering and Medicine.

[22]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[23]  Brice Minaud,et al.  Cryptanalysis of the New Multilinear Map over the Integers , 2015, IACR Cryptol. ePrint Arch..

[24]  Feng-Hao Liu,et al.  Re-encryption, Functional Re-encryption, and Multi-hop Re-encryption: A Framework for Achieving Obfuscation-Based Security and Instantiations from Lattices , 2014, Public Key Cryptography.

[25]  Fangguo Zhang,et al.  Secure Obfuscation of Conditional Re-encryption with Keyword Search , 2013, 2013 5th International Conference on Intelligent Networking and Collaborative Systems.

[26]  Tibor Jager,et al.  Tightly secure signatures and public-key encryption , 2012, Designs, Codes and Cryptography.

[27]  Lidong Chen,et al.  New Group Signature Schemes (Extended Abstract) , 1994, EUROCRYPT.

[28]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[29]  Fangguo Zhang,et al.  Obfuscation for multi‐use re‐encryption and its application in cloud computing , 2015, Concurr. Comput. Pract. Exp..

[30]  Satoshi Hada,et al.  Secure Obfuscation for Encrypted Signatures , 2010, EUROCRYPT.

[31]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[32]  Stefan Katzenbeisser,et al.  Group homomorphic encryption: characterizations, impossibility results, and applications , 2013, Des. Codes Cryptogr..

[33]  Bo Zhang,et al.  Secure Obfuscation of Encrypted Verifiable Encrypted Signatures , 2011, ProvSec.

[34]  Vinod Vaikuntanathan,et al.  Functional Re-encryption and Collusion-Resistant Obfuscation , 2012, TCC.

[35]  Minglei Shu,et al.  IRIBE: Intrusion-resilient identity-based encryption , 2016, Inf. Sci..