How to keep a secret: leakage deterring public-key cryptosystems

How is it possible to prevent the sharing of cryptographic functions? This question appears to be fundamentally hard to address since in this setting the owner of the key is the adversary: she wishes to share a program or device that (potentially only partly) implements her main cryptographic functionality. Given that she possesses the cryptographic key, it is impossible for her to be prevented from writing code or building a device that uses that key. She may though be deterred from doing so. We introduce leakage-deterring public-key cryptosystems to address this problem. Such primitives have the feature of enabling the embedding of owner-specific private data into the owner's public-key so that given access to any (even partially functional) implementation of the primitive, the recovery of the data can be facilitated. We formalize the notion of leakage-deterring in the context of encryption, signature, and identification and we provide efficient generic constructions that facilitate the recoverability of the hidden data while retaining privacy as long as no sharing takes place.

[1]  Brent Waters,et al.  Lossy trapdoor functions and their applications , 2008, SIAM J. Comput..

[2]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[3]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[4]  Venkatesan Guruswami,et al.  Expander-based constructions of efficiently decodable codes , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[5]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[6]  W. Marsden I and J , 2012 .

[7]  Amos Fiat,et al.  Tracing traitors , 2000, IEEE Trans. Inf. Theory.

[8]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[9]  Feng Bao,et al.  Designated Verifier Signature Schemes: Attacks, New Security Notions and a New Construction , 2005, ICALP.

[10]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[11]  Brent Waters,et al.  Black-box accountable authority identity-based encryption , 2008, CCS.

[12]  Chi-Jen Lu,et al.  Conditional Computational Entropy, or Toward Separating Pseudoentropy from Compressibility , 2007, EUROCRYPT.

[13]  Reihaneh Safavi-Naini,et al.  Construction of Universal Designated-Verifier Signatures and Identity-Based Signatures from Standard Signatures , 2008, Public Key Cryptography.

[14]  Vipul Goyal,et al.  Reducing Trust in the PKG in Identity Based Cryptosystems , 2007, CRYPTO.

[15]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[16]  Birgit Pfitzmann,et al.  Self-Delegation with Controlled Propagation - or - What If You Lose Your Laptop , 1998, CRYPTO.

[17]  Aggelos Kiayias,et al.  Traitor Deterring Schemes: Using Bitcoin as Collateral for Digital Content , 2015, CCS.

[18]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[19]  David Naccache,et al.  How to Copyright a Function? , 1999, Public Key Cryptography.

[20]  Reihaneh Safavi-Naini,et al.  Attribute-based encryption without key cloning , 2012, Int. J. Appl. Cryptogr..

[21]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[22]  Amit Sahai,et al.  Fully Secure Accountable-Authority Identity-Based Encryption , 2011, Public Key Cryptography.

[23]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[24]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[25]  Benny Pinkas,et al.  Securely combining public-key cryptosystems , 2001, CCS '01.

[26]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[27]  I. Damgård,et al.  The protocols. , 1989, The New Zealand nursing journal. Kai tiaki.

[28]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[29]  Hideki Imai,et al.  Efficient Asymmetric Self-Enforcement Scheme with Public Traceability , 2001, Public Key Cryptography.

[30]  Aggelos Kiayias,et al.  Breaking and Repairing Asymmetric Public-Key Traitor Tracing , 2002, Digital Rights Management Workshop.

[31]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[32]  Markus Jakobsson,et al.  Proprietary Certificates , 2002, CT-RSA.

[33]  Aggelos Kiayias,et al.  Making Any Identity-Based Encryption Accountable, Efficiently , 2015, ESORICS.

[34]  Moni Naor,et al.  Digital signets: self-enforcing protection of digital information (preliminary version) , 1996, STOC '96.

[35]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[36]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[37]  Benoît Libert,et al.  Towards Black-Box Accountable Authority IBE with Short Ciphertexts and Private Keys , 2008, Public Key Cryptography.

[38]  Mihir Bellare,et al.  GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks , 2002, CRYPTO.

[39]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[40]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[41]  Frank McSherry,et al.  Data Collection with Self-Enforcing Privacy , 2008, TSEC.

[42]  Amnon Ta-Shma,et al.  Auditable, Anonymous Electronic Cash Extended Abstract , 1999, CRYPTO.