Generic Constructions of Parallel Key-Insulated Encryption: Stronger Security Model and Novel Schemes

Exposure of a secret key is a significant threat in practice. As a notion of security against key exposure, Dodis et al. advocated key-insulated security, and proposed concrete key-insulated encryption (KIE) schemes in which secret keys are periodically updated by using a physically “insulated” helper key. For significantly reducing possibility of exposure of the helper key, Hanaoka et al. further proposed the notion of parallel KIE (PKIE) in which multiple helper keys are used in alternate shifts. They also pointed out that in contrast to the case of the standard KIE, PKIE cannot be straightforwardly obtained from identity-based encryption (IBE). In this paper, we first discuss that previous security models for PKIE are somewhat weak, and thus re-formalize stronger security models for PKIE. Then we clarify that PKIE can be generically constructed (even in the strenghthened security models) by using a new primitive which we call one-time forward secure public key encryption (OTFS-PKE) and show that it is possible to construct OTFS-PKE from arbitrary IBE or hierarchical IBE (without degenerating into IBE). By using our method, we can obtain various new PKIE schemes which yield desirable properties. For example, we can construct first PKIE schemes from lattice or quadratic residuosity problems (without using bilinear maps), and PKIE with short ciphertexts and cheaper computational cost for both encryption and decryption. Interestingly, the resulting schemes can be viewed as the partial solutions to the open problem left by Libert, Quisquarter and Yung in PKC’07.

[1]  Qixiang Mei,et al.  Direct chosen ciphertext security from identity-based techniques , 2005, CCS '05.

[2]  Jian Weng,et al.  Identity-Based Parallel Key-Insulated Encryption Without Random Oracles: Security Notions and Construction , 2006, INDOCRYPT.

[3]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[4]  David Cash,et al.  How to Delegate a Lattice Basis , 2009, IACR Cryptol. ePrint Arch..

[5]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2006 .

[6]  Hideki Imai,et al.  A Hierarchical Non-interactive Key-Sharing Scheme with Low Memory Size and High Resistance against Collusion Attacks , 2002, Comput. J..

[7]  Hideki Imai,et al.  Parallel Key-Insulated Public Key Encryption , 2006, Public Key Cryptography.

[8]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[9]  Hovav Shacham,et al.  Available from the IACR Cryptology ePrint Archive as Report 2006/297. Forward-Secure Signatures with Untrusted Update , 2006 .

[10]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[11]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[12]  A. Lewko,et al.  Fully Secure HIBE with Short Ciphertexts , 2009 .

[13]  Craig Gentry,et al.  Space-Efficient Identity Based EncryptionWithout Pairings , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[14]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[15]  Jonathan Katz,et al.  Chosen-Ciphertext Security of Multiple Encryption , 2005, TCC.

[16]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[17]  Chris Peikert,et al.  Bonsai Trees (or, Arboriculture in Lattice-Based Cryptography) , 2009, IACR Cryptol. ePrint Arch..

[18]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[19]  J. Davenport Editor , 1960 .

[20]  Masao Kasahara,et al.  ID based Cryptosystems with Pairing on Elliptic Curve , 2003, IACR Cryptol. ePrint Arch..

[21]  Junji Shikata,et al.  Identity-Based Hierarchical Strongly Key-Insulated Encryption and Its Application , 2005, ASIACRYPT.

[22]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[23]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[24]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[25]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[26]  Gene Itkis,et al.  SiBIR: Signer-Base Intrusion-Resilient Signatures , 2002, CRYPTO.

[27]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[28]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[29]  Nicholas Pippenger,et al.  On the evaluation of powers and related problems , 1976, 17th Annual Symposium on Foundations of Computer Science (sfcs 1976).

[30]  Jian Weng,et al.  Identity-Based Threshold Key-Insulated Encryption without Random Oracles , 2008, CT-RSA.

[31]  Jian Weng,et al.  Generic Constructions of Parallel Key-Insulated Encryption , 2010, SCN.

[32]  Moti Yung,et al.  Forward-secure signatures in untrusted update environments: efficient and generic constructions , 2007, CCS '07.

[33]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[34]  Hideki Imai,et al.  Reducing the Spread of Damage of Key Exposures in Key-Insulated Encryption , 2006, VIETCRYPT.

[35]  Mihir Bellare,et al.  Protecting against key-exposure: strongly key-insulated encryption with optimal threshold , 2005, Applicable Algebra in Engineering, Communication and Computing.

[36]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[37]  Matthew K. Franklin,et al.  A Generic Construction for Intrusion-Resilient Public-Key Encryption , 2004, CT-RSA.

[38]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[39]  Moti Yung,et al.  Parallel Key-Insulated Public Key Encryption Without Random Oracles , 2007, Public Key Cryptography.

[40]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[41]  Ross J. Anderson,et al.  Two remarks on public key cryptology , 2002 .

[42]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.