Leakage-resilient certificate-based encryption

Certificate-based encryption is a new cryptography primitive, which can be used to construct efficient public key infrastructure. However, side-channel attacks are not considered in certificate-based encryption. In order to capture these attacks, we formalize security model of certificate-based encryption with leakage resilience. Furthermore, we present a leakage-resilient certificate-based encryption LR-CBE scheme. To the best of our knowledge, this is the first LR-CBE scheme. Based on decision bilinear Diffie-Hellman assumption and decision generalized bilinear Diffie-Hellman assumption, we prove that our scheme is secure against adaptive chosen ciphertext attacks in the random oracle model. Our scheme includes a certificate-based key encapsulation algorithm and a symmetric encryption algorithm, where the encapsulated information is a symmetric key that is used to encrypt message. In order to obtain leakage-resilient property, two-source extractor is used to randomize the symmetric key. The designed scheme can resist entropy leakage. The performance analysis of leakage resilience shows that the relative leakage ratio almost amounts to 1. Copyright © 2015 John Wiley & Sons, Ltd.

[1]  Rufen Huang,et al.  Provably Secure Certificate-based Signature Scheme Without Pairings , 2013 .

[2]  Yevgeniy Vahlis,et al.  On Protecting Cryptographic Keys Against Continual Leakage , 2010, IACR Cryptol. ePrint Arch..

[3]  Srinivas Vivek,et al.  A Practical Leakage-Resilient Signature Scheme in the Generic Group Model , 2012, Selected Areas in Cryptography.

[4]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[5]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[6]  Yunlei Zhao,et al.  Efficient Public Key Cryptosystem Resilient to Key Leakage Chosen Ciphertext Attacks , 2013, CT-RSA.

[7]  Limin Shen,et al.  Efficient leakage-resilient public key encryption from DDH assumption , 2013, Cluster Computing.

[8]  Yanqin Zhu,et al.  Leakage-resilient identity-based encryption scheme , 2010, The 6th International Conference on Networked Computing and Advanced Information Management.

[9]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[10]  Ji-Guo Li,et al.  Certificate-Based Key Encapsulation Mechanism with Tags: Certificate-Based Key Encapsulation Mechanism with Tags , 2012 .

[11]  Dongdai Lin,et al.  Generalized (identity-based) hash proof system and its applications , 2016, Secur. Commun. Networks.

[12]  Yi Mu,et al.  Constructions of certificate-based signature secure against key replacement attacks , 2010, J. Comput. Secur..

[13]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[14]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[15]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[16]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2009, SIAM J. Comput..

[17]  Yang Lu,et al.  Generic Construction of Certificate-Based Encryption in the Standard Model , 2009, 2009 Second International Symposium on Electronic Commerce and Security.

[18]  Brent Waters,et al.  Practical leakage-resilient identity-based encryption from simple assumptions , 2010, CCS '10.

[19]  Kaoru Kurosawa,et al.  Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM , 2005, EUROCRYPT.

[20]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[21]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[22]  Keisuke Tanaka,et al.  Leakage-Resilience of Stateless/Stateful Public-Key Encryption from Hash Proofs , 2013 .

[23]  Lizhong Xu,et al.  An efficient short certificate-based signature scheme , 2012, J. Syst. Softw..

[24]  Yevgeniy Dodis,et al.  Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model , 2009, CRYPTO.

[25]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[26]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[27]  Carmit Hazay,et al.  Leakage-Resilient Cryptography from Minimal Assumptions , 2013, EUROCRYPT.

[28]  Xinyi Huang,et al.  Certificate-based signcryption with enhanced security features , 2012, Comput. Math. Appl..

[29]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[30]  Yang Lu,et al.  CONSTRUCTING CERTIFICATE-BASED ENCRYPTION SECURE AGAINST KEY REPLACEMENT ATTACKS , 2012 .

[31]  Tao Wang,et al.  Improving timing attack on RSA-CRT via error detection and correction strategy , 2013, Inf. Sci..

[32]  Yang Lu,et al.  Forward-Secure Certificate-Based Encryption and its Generic Construction , 2010, J. Networks.

[33]  Siu-Ming Yiu,et al.  Fully Leakage-Resilient Signatures with Auxiliary Inputs , 2012, ACISP.

[34]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[35]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[36]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[37]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[38]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, Theory of Cryptography Conference.

[39]  Zhong Chen,et al.  A New Leakage-Resilient IBE Scheme in the Relative Leakage Model , 2011, DBSec.

[40]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[41]  Carmit Hazay,et al.  Signature Schemes Secure Against Hard-to-Invert Leakage , 2015, Journal of Cryptology.