How to Keep a Secret: Leakage Deterring Public-key Cryptography

How is it possible to prevent the sharing of cryptographic functions? This question appears to be fundamentally hard to address since in this setting the owner of the key is the adversary: she wishes to share a program or device that (potentially only partly) implements her main cryptographic functionality. Given that she possesses the cryptographic key, it is impossible for her to be prevented from writing code or building a device that uses that key. She may though be deterred from doing so. We introduce leakage-deterring public-key cryptographic primitives to address this problem. Such primitives have the feature of enabling the embedding of owner-specific private data into the owner’s publickey so that given access to any (even partially functional) implementation of the primitive, the recovery of the data can be facilitated. We formalize the notion of leakage-deterring in the context of encryption, signature, and identification and we provide efficient generic constructions that facilitate the recoverability of the hidden data while retaining privacy as long as no sharing takes place.

[1]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[2]  W. Marsden I and J , 2012 .

[3]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[4]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[5]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[6]  Brent Waters,et al.  Black-box accountable authority identity-based encryption , 2008, CCS.

[7]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[8]  Benny Pinkas,et al.  Securely combining public-key cryptosystems , 2001, CCS '01.

[9]  Birgit Pfitzmann,et al.  Self-Delegation with Controlled Propagation - or - What If You Lose Your Laptop , 1998, CRYPTO.

[10]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[11]  I. Damgård,et al.  The protocols. , 1989, The New Zealand nursing journal. Kai tiaki.

[12]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[13]  Hideki Imai,et al.  Efficient Asymmetric Self-Enforcement Scheme with Public Traceability , 2001, Public Key Cryptography.

[14]  Frank McSherry,et al.  Data Collection with Self-Enforcing Privacy , 2008, TSEC.

[15]  Aggelos Kiayias,et al.  Breaking and Repairing Asymmetric Public-Key Traitor Tracing , 2002, Digital Rights Management Workshop.

[16]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[17]  Brent Waters,et al.  Lossy trapdoor functions and their applications , 2008, SIAM J. Comput..

[18]  Chi-Jen Lu,et al.  Conditional Computational Entropy, or Toward Separating Pseudoentropy from Compressibility , 2007, EUROCRYPT.

[19]  Reihaneh Safavi-Naini,et al.  Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from Standard Signatures , 2008, Public Key Cryptography.

[20]  Vipul Goyal,et al.  Reducing Trust in the PKG in Identity Based Cryptosystems , 2007, CRYPTO.

[21]  Venkatesan Guruswami,et al.  Expander-based constructions of efficiently decodable codes , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[22]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[23]  Markus Jakobsson,et al.  Proprietary Certificates , 2002, CT-RSA.

[24]  Amit Sahai,et al.  Fully Secure Accountable-Authority Identity-Based Encryption , 2011, Public Key Cryptography.

[25]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[26]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[27]  Amnon Ta-Shma,et al.  Auditable, Anonymous Electronic Cash Extended Abstract , 1999, CRYPTO.

[28]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[29]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[30]  Amos Fiat,et al.  Tracing traitors , 2000, IEEE Trans. Inf. Theory.

[31]  Feng Bao,et al.  Designated Verifier Signature Schemes: Attacks, New Security Notions and a New Construction , 2005, ICALP.

[32]  David Naccache,et al.  How to Copyright a Function? , 1999, Public Key Cryptography.

[33]  Moni Naor,et al.  Digital signets: self-enforcing protection of digital information (preliminary version) , 1996, STOC '96.

[34]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[35]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[36]  Benoît Libert,et al.  Towards Black-Box Accountable Authority IBE with Short Ciphertexts and Private Keys , 2008, Public Key Cryptography.

[37]  Mihir Bellare,et al.  GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks , 2002, CRYPTO.

[38]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[39]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.