New approach to practical leakage-resilient public-key cryptography

AbstractWe present a new approach to construct several leakage-resilient cryptographic primitives, including leakage-resilient public-key encryption (PKE) schemes, authenticated key exchange (AKE) protocols and low-latency key exchange (LLKE) protocols. To this end, we introduce a new primitive called leakage-resilient non-interactive key exchange (LR-NIKE) protocol. We introduce an appropriate security model for LR-NIKE protocols in the bounded memory leakage (BML) settings. We then show a secure construction of the LR-NIKE protocol in the BML setting that achieves an optimal leakage rate, i.e., 1 – o(1). Our construction of LR-NIKE requires a minimal use of a leak-free hardware component. We argue that the use of such a leak-free hardware component seems to be unavoidable in any construction of an LR-NIKE protocol, even in the BML setting. Finally, we show how to construct the aforementioned leakage-resilient primitives from such an LR-NIKE protocol as summarized below. All these primitives also achieve the same (optimal) leakage rate as the underlying LR-NIKE protocol. We show how to construct a leakage-resilient (LR) IND-CCA-2-secure PKE scheme in the BML model generically from a bounded LR-NIKE (BLR-NIKE) protocol. Our construction of LR-IND-CCA-2 secure PKE differs significantly from the state-of-the-art constructions of these primitives, which mainly use hash proof techniques to achieve leakage resilience. Moreover, our transformation preserves the leakage-rate of the underlying BLR-NIKE protocol. We introduce a new leakage model for AKE protocols, in the BML setting, and present a leakage-resilient AKE protocol construction from the LR-NIKE protocol. We introduce the first-ever leakage model for LLKE protocols in the BML setting and the first construction of such a leakage-resilient LLKE from the LR-NIKE protocol.

Download Full-text

Secure key exchange scheme for WPA/WPA2-PSK using public key cryptography

2016 IEEE International Conference on Consumer Electronics-Asia (ICCE-Asia) ◽

10.1109/icce-asia.2016.7804782 ◽

2016 ◽

Cited By ~ 4

Author(s):

Jaewon Noh ◽

Jeehyeong Kim ◽

Giwon Kwon ◽

Sunghyun Cho

Keyword(s):

Public Key Cryptography ◽

Key Exchange ◽

Public Key

Download Full-text

Probing Security through Input-Output Separation and Revisited Quasilinear Masking

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i3.599-640 ◽

2021 ◽

pp. 599-640

Author(s):

Dahmun Goudarzi ◽

Thomas Prest ◽

Matthieu Rivain ◽

Damien Vergnaud

Keyword(s):

Leakage Rate ◽

Security Model ◽

Input Output ◽

Leakage Model ◽

Original Proposal ◽

Security Proof ◽

Tight Reduction ◽

Security Notion ◽

New Framework ◽

Composition Theorem

The probing security model is widely used to formally prove the security of masking schemes. Whenever a masked implementation can be proven secure in this model with a reasonable leakage rate, it is also provably secure in a realistic leakage model known as the noisy leakage model. This paper introduces a new framework for the composition of probing-secure circuits. We introduce the security notion of input-output separation (IOS) for a refresh gadget. From this notion, one can easily compose gadgets satisfying the classical probing security notion –which does not ensure composability on its own– to obtain a region probing secure circuit. Such a circuit is secure against an adversary placing up to t probes in each gadget composing the circuit, which ensures a tight reduction to the more realistic noisy leakage model. After introducing the notion and proving our composition theorem, we compare our approach to the composition approaches obtained with the (Strong) Non-Interference (S/NI) notions as well as the Probe-Isolating Non-Interference (PINI) notion. We further show that any uniform SNI gadget achieves the IOS security notion, while the converse is not true. We further describe a refresh gadget achieving the IOS property for any linear sharing with a quasilinear complexity Θ(n log n) and a O(1/ log n) leakage rate (for an n-size sharing). This refresh gadget is a simplified version of the quasilinear SNI refresh gadget proposed by Battistello, Coron, Prouff, and Zeitoun (ePrint 2016). As an application of our composition framework, we revisit the quasilinear-complexity masking scheme of Goudarzi, Joux and Rivain (Asiacrypt 2018). We improve this scheme by generalizing it to any base field (whereas the original proposal only applies to field with nth powers of unity) and by taking advantage of our composition approach. We further patch a flaw in the original security proof and extend it from the random probing model to the stronger region probing model. Finally, we present some application of this extended quasilinear masking scheme to AES and MiMC and compare the obtained performances.

Download Full-text

Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model

Advances in Cryptology - CRYPTO 2009 - Lecture Notes in Computer Science ◽

10.1007/978-3-642-03356-8_3 ◽

2009 ◽

pp. 36-54 ◽

Cited By ~ 151

Author(s):

Joël Alwen ◽

Yevgeniy Dodis ◽

Daniel Wichs

Keyword(s):

Public Key Cryptography ◽

Public Key ◽

Retrieval Model ◽

Leakage Resilient ◽

Bounded Retrieval Model

Download Full-text

Secure Key Exchange over an Insecure Medium with Public Key Cryptography

Implementing SSL/TLS Using Cryptography and PKI ◽

10.1002/9781118255797.ch3 ◽

2011 ◽

pp. 91-155

Keyword(s):

Public Key Cryptography ◽

Key Exchange ◽

Public Key

Download Full-text

A Certificateless Authenticated Key Agreement Scheme for the Power IoT

Energies ◽

10.3390/en14196317 ◽

2021 ◽

Vol 14 (19) ◽

pp. 6317

Author(s):

Wenchao Cui ◽

Rui Cheng ◽

Kehe Wu ◽

Yuling Su ◽

Yuqing Lei

Keyword(s):

Key Management ◽

Key Agreement ◽

Public Key Cryptography ◽

Public Key ◽

Security Model ◽

Operating Environment ◽

Authenticated Key Agreement ◽

Certificateless Public Key Cryptography ◽

Actual Application ◽

Identity Based

Power Internet of Things (IoT) is the application of IoT technology in the field of power grid, which can better control all kinds of power equipment, power personnel and operating environment. However, access to mass terminals brings higher requirements for terminal authentication and key management for the power IoT. And the traditional public key infrastructure (PKI) and identity-based public key cryptography (IB-PKC) exist the problems of certificate management and key escrow. Therefore, the paper proposes a novel authenticated key agreement scheme based on the certificateless public key cryptography (CL-PKC) mechanism. In addition, the proposed scheme is proven with the improved extended Canetti-Krawczyk (eCK) security model. Finally, the implementation of the authenticated key agreement protocol is given based on the actual application requirement of the power IoT, and the analysis and comparison of the simulation demonstrates that the proposed scheme has higher efficiency and would be suitable for the power IoT.

Download Full-text

Secure Certificateless Signature with Revocation in the Standard Model

Mathematical Problems in Engineering ◽

10.1155/2014/728591 ◽

2014 ◽

Vol 2014 ◽

pp. 1-16 ◽

Cited By ~ 5

Author(s):

Tung-Tso Tsai ◽

Sen-Shan Huang ◽

Yuh-Min Tseng

Keyword(s):

Standard Model ◽

Public Key Cryptography ◽

Public Key ◽

Key Generation ◽

Security Model ◽

Certificateless Public Key Cryptography ◽

Random Oracles ◽

Diffie Hellman ◽

The Standard Model ◽

Certificateless Signature

Certificateless public key cryptography is very attractive in solving the key escrow problem which is inherent in identity- (ID-) based public key cryptography. In the past, a large number of certificateless cryptographic schemes and protocols were presented, but a secure certificateless signature in the standard model (without random oracles) is still not accessible until now. To the best of our knowledge, all the previously proposed certificateless signature schemes were insecure under a considerably strong security model in the sense that they suffered from outsiders’ key replacement attacks or the attacks from the key generation center (KGC). In this paper, we propose a certificateless signature scheme without random oracles. Moreover, our scheme is secure under the strong security model and provides a public revocation mechanism, called revocable certificateless signature (RCLS). Under the standard computational Diffie-Hellman assumption, we formally demonstrate that our scheme possesses existential unforgeability against adaptive chosen-message attacks.

Download Full-text

Updatable Lossy Trapdoor Functions Under Consecutive Leakage

The Computer Journal ◽

10.1093/comjnl/bxz119 ◽

2019 ◽

Vol 63 (4) ◽

pp. 648-656

Author(s):

Meijuan Huang ◽

Bo Yang ◽

Mingwu Zhang ◽

Lina Zhang ◽

Hongxia Hou

Keyword(s):

Provable Security ◽

Public Key ◽

Encryption Scheme ◽

Security Model ◽

Public Key Encryption ◽

Cryptographic Primitives ◽

Trapdoor Functions ◽

Leakage Resilient ◽

Trapdoor Function ◽

Lossy Trapdoor Functions

Abstract Lossy trapdoor functions (LTFs), introduced by Peikert and Waters (STOC’08), have already been found to be a very useful tool in constructing complex cryptographic primitives in a black-box manner, such as one-way trapdoor functions, deterministic public-key encryption, CCA-secure public-key encryption, etc. Due to the existence of the side-channel attack, the leakage of trapdoor information in lossy trapdoor function systems can lead to the impossibility of provable security. Recently, Zhang et al. introduced a model of consecutive and continual leakage-resilient and updatable lossy trapdoor functions (ULTFs) and provided a concrete construction to achieve the security. Meanwhile, they proposed a consecutive and continual leakage-resilient public-key encryption scheme. However, in this paper, we demonstrate that the correctness of injective function can not be satisfied. Furthermore, the attacker can easily distinguish the evaluation key of ULTFs generated by the challenger according to the security model. Finally, we show two new constructions based on the continual leakage-resilient public-key encryption scheme of Brakerski et al. (FOCS 2010) and demonstrate the security of our scheme in the consecutive and continual leakage model.

Download Full-text

The Hardware Design and Implementation of a Key Exchange Protocol for Low-cost IoT Devices

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.b1016.0782s619 ◽

2019 ◽

Vol 8 (2S6) ◽

pp. 79-85

Keyword(s):

Power Consumption ◽

Low Cost ◽

Logic Gates ◽

Public Key Cryptography ◽

Key Exchange ◽

Public Key ◽

Key Exchange Protocol ◽

General Data Protection Regulation ◽

Processor Core ◽

Iot Devices

The General Data Protection Regulation (GDPR) which was enforced in May 2018 clearly stated that the protection of data by organizations is a mandatory task. Protecting or securing data on data collecting and sensing devices used in the Internet-of-Things (IoT) platform is a challenge for the fact that the devices are resource-constrained in terms of operation frequency, hardware area, computational complexity, and power consumption. The first step to securing data on low-cost IoT devices is to generate keys for subsequent encryption and authentication. This paper, therefore, proposes and implements a lightweight key exchange protocol with the capability of authenticating the generated key without the need for public-key cryptography. The protocol is meant to be simple and make use of minimal hardware resources. It uses components such as the pseudorandom number and bit generators, dot product, XOR gates, shift registers and basic logic gates making it very resource-efficient. The hardware architecture of the protocol was implemented using Verilog Hardware Description Language (HDL) and synthesized using Xilinx ISE 14.7 software which includes XPower Analyzer for power estimation. The protocol was tested on a Field Programmable Gate Array (FPGA) board with a synthesizable Reduced Instruction Set Computer Five (RISC-V) processor core. The synthesis and simulation results which include area, maximum frequency, latency, and power consumption show that the protocol is suitable for IoT low-cost devices as compared to standard public-key primitives.

Download Full-text

Leakage-Resilient Outsourced Revocable Certificateless Signature with a Cloud Revocation Server

Information Technology And Control ◽

10.5755/j01.itc.49.4.25927 ◽

2020 ◽

Vol 49 (4) ◽

pp. 464-481

Author(s):

Yuh–Min Tseng ◽

Jui-Di Wu ◽

Sen-Shan Huang ◽

Tung-Tso Tsai

Keyword(s):

Public Key Cryptography ◽

Public Key ◽

Side Channel ◽

Key Generation ◽

Side Channel Attacks ◽

Signature Schemes ◽

Certificateless Cryptography ◽

Secret Keys ◽

Leakage Resilient ◽

Certificateless Signature

Certificateless public-key system (CL-PKS) is a significant public-key cryptography and it solves both the key escrow and certificate management problems. Outsourced revocable certificateless public-key system (ORCL-PKS) with a cloud revocation server (CRS) not only provides a revocation mechanism, but also further outsources the revocation functionality to the CRS to reduce the computational burden of the key generation center (KGC). Recently, side-channel attacks have threatened some existing conventional cryptography (including CL-PKS). Indeed, adversaries can apply side-channel attacks to derive fractional constituents of private (or secret) keys to damage the security of these cryptographic protocols (or schemes). To withstand such attacks, leakage-resilient cryptography is an attractive approach. However, little research concerns with leakage-resilient certificateless cryptography. In this paper, the first leakage-resilient outsourced revocable certificateless signature (LR-ORCLS) scheme is presented. The proposed scheme allows adversaries to continually derive fractional constituents of private (or secret) keys and possesses overall unbounded leakage property. In the generic bilinear group (GBG) model, our scheme is shown to be existential unforgeable against adversaries. Finally, the comparisons between the proposed scheme and the previous revocable certificateless signature schemes are provided to demonstrate the merits of the proposed scheme.

Download Full-text

The Design of Public Key Cryptography for Key Exchange Base on Multivariate Equations

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.513-517.552 ◽

2014 ◽

Vol 513-517 ◽

pp. 552-554 ◽

Cited By ~ 1

Author(s):

Chang Ming Liu ◽

Lei Zhao ◽

Yan Jun Sun

Keyword(s):

Public Key Cryptography ◽

Key Exchange ◽

Public Key ◽

Research Issue ◽

Public Key Encryption ◽

Important Research ◽

Exchange Method ◽

Open Standard ◽

Multivariate Public Key ◽

Encryption Method

. Public key encryption method contrasts with traditional encryption method has the advantage of very powerful, especially in applications and network security. With the development of these years public key encryption method is a mature, open, standard security mechanism for network encryption and digital signatures. The key exchange plays an important role in cryptography. It is an important research issue that how to ensure the security of key exchange. In this paper we present a key exchange method based on multivariate public key cryptography.

Download Full-text