Certificate-based encryption resilient to key leakage

Certificate-based encryption (CBE) is an important class of public key encryption but the existing schemes are secure only under the premise that the decryption key (or private key) and master secret key are absolutely secret. In fact, a lot of side channel attacks and cold boot attacks can leak secret information of a cryptographic system. In this case, the security of the cryptographic system is destroyed, so a new model called leakage-resilient (LR) cryptography is introduced to solve this problem. While some traditional public key encryption and identity-based encryption with resilient-leakage schemes have been constructed, as far as we know, there is no leakage-resilient scheme in certificate-based cryptosystems. This paper puts forward the first certificate-based encryption scheme which can resist not only the decryption key leakage but also the master secret key leakage. Based on composite order bilinear group assumption, the security of the scheme is proved by using dual system encryption. The relative leakage rate of key is close to 1/3. We put forward the formal definition and security model of LR-CBE.We present first certificate-based encryption scheme with leakage resilience.The security of the scheme is reduced to composite order bilinear group assumption.The relative leakage rate of key is close to 1/3.

[1]  Allison Bishop,et al.  Achieving Leakage Resilience through Dual System Encryption , 2011, TCC.

[2]  Jens Groth,et al.  Short Non-interactive Zero-Knowledge Proofs , 2010, ASIACRYPT.

[3]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[4]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[5]  Li Xu,et al.  A Provably Secure Construction of Certificate-Based Encryption from Certificateless Encryption , 2012, Comput. J..

[6]  Allison Bishop,et al.  New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts , 2010, IACR Cryptol. ePrint Arch..

[7]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2009, SIAM J. Comput..

[8]  Yael Tauman Kalai,et al.  Overcoming the Hole in the Bucket: Public-Key Cryptography Resilient to Continual Memory Leakage , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[9]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[10]  Yang Lu,et al.  CONSTRUCTING CERTIFICATE-BASED ENCRYPTION SECURE AGAINST KEY REPLACEMENT ATTACKS , 2012 .

[11]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[12]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[13]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[14]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[15]  Yi Mu,et al.  Constructions of certificate-based signature secure against key replacement attacks , 2010, J. Comput. Secur..

[16]  Ji-Guo Li,et al.  Certificate-Based Key Encapsulation Mechanism with Tags: Certificate-Based Key Encapsulation Mechanism with Tags , 2012 .

[17]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[18]  Zhong Chen,et al.  A New Leakage-Resilient IBE Scheme in the Relative Leakage Model , 2011, DBSec.

[19]  Zhiwei Wang,et al.  Provably secure certificate-based signature scheme without pairings , 2013, Inf. Sci..

[20]  Yanqin Zhu,et al.  Leakage-resilient identity-based encryption scheme , 2010, The 6th International Conference on Networked Computing and Advanced Information Management.

[21]  Moni Naor,et al.  Public-Key Encryption in the Bounded-Retrieval Model , 2010, EUROCRYPT.

[22]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[23]  Yevgeniy Dodis,et al.  Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks , 2010, CRYPTO.

[24]  Tao Wang,et al.  Improving timing attack on RSA-CRT via error detection and correction strategy , 2013, Inf. Sci..

[25]  Xinyi Huang,et al.  Certificate-based signcryption with enhanced security features , 2012, Comput. Math. Appl..

[26]  Brent Waters,et al.  Practical leakage-resilient identity-based encryption from simple assumptions , 2010, CCS '10.

[27]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[28]  Siu-Ming Yiu,et al.  Leakage-resilient certificateless public key encryption , 2013, AsiaPKC '13.

[29]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[30]  Lizhong Xu,et al.  An efficient short certificate-based signature scheme , 2012, J. Syst. Softw..

[31]  Yevgeniy Dodis,et al.  Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model , 2009, CRYPTO.

[32]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[33]  Yang Lu,et al.  Forward-Secure Certificate-Based Encryption and its Generic Construction , 2010, J. Networks.