Leakage-resilient certificateless public key encryption

In certificateless public key encryption (CL-PKE), the Private Key Generator (PKG) keeps a master secret key to generate a partial private key corresponding to a user's identity. Together with a secret value generated by the user, a full private key can be constructed for decryption. Traditional security model for CL-PKE assumes that (i) both the master secret key of the PKG and the full private key of the user under attack are in absolute secrecy; and (ii) the attacker can only obtain either the target user's secret value without any partial knowledge of the partial private key or vice versa. However, the advancement of practical side-channel attacks enable attackers to obtain partial information of both keys easily, making the above assumption invalid. In this paper, we give the first leakage-resilient CL-PKE. We consider different leakage conditions for Type I (third party attackers) and Type II (honest-but-curious PKG) attackers, following the classification in traditional CL-PKE. We give a concrete construction in the composite order bilinear group. We prove the security of our scheme in the standard model, overcoming some technical difficulties in the security proofs for both Type I and Type II attackers of CL-PKE.

[1]  Kenneth G. Paterson,et al.  Certificateless Encryption Schemes Strongly Secure in the Standard Model , 2008, Public Key Cryptography.

[2]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[3]  Allison Bishop,et al.  Achieving Leakage Resilience through Dual System Encryption , 2011, TCC.

[4]  Pooya Farshim,et al.  Generic Constructions of Identity-Based and Certificateless KEMs , 2008, Journal of Cryptology.

[5]  Yi Mu,et al.  Malicious KGC attacks in certificateless cryptography , 2007, ASIACCS '07.

[6]  Yael Tauman Kalai,et al.  Overcoming the Hole in the Bucket: Public-Key Cryptography Resilient to Continual Memory Leakage , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[7]  Alexander W. Dent,et al.  A survey of certificateless encryption schemes and security models , 2008, International Journal of Information Security.

[8]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[9]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[10]  Allison Bishop,et al.  New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts , 2010, IACR Cryptol. ePrint Arch..

[11]  Volker Roth,et al.  General Certificateless Encryption and Timed-Release Encryption , 2008, IACR Cryptol. ePrint Arch..

[12]  Guomin Yang,et al.  Certificateless cryptography with KGC trust level 3 , 2011, Theor. Comput. Sci..

[13]  Jean-Jacques Quisquater,et al.  On Constructing Certificateless Cryptosystems from Identity Based Encryption , 2006, Public Key Cryptography.

[14]  Colin Boyd,et al.  Security-Mediated Certificateless Cryptography , 2006, Public Key Cryptography.

[15]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[16]  Siu-Ming Yiu,et al.  Identity-Based Encryption Resilient to Continual Auxiliary Leakage , 2012, EUROCRYPT.