Novel Public-Key Encryption with Continuous Leakage Amplification

Leakage of private information, such as the secret keys, has become a threat to the security of computing systems. It has become a common requirement that cryptographic schemes should withstand various leakage attacks, including the continuous leakage attacks. Although some research progresses have been made toward this area, there are still some unsolved issues. In the literature, the public-key encryption (PKE) constructions with (continuous) leakage resilience normally require the upper bound of leakage to be fixed. However, in many real-world applications, this requirement cannot provide sufficient protection against leakage attacks. In order to mitigate these problems, this paper demonstrates how to design a leakage amplified PKE scheme with continuous leakage resilience and chosen-plaintext attacks security. In our proposed PKE scheme, the leakage parameter can have an arbitrary length. Moreover, the length of permitted leakage in our scheme can be flexibly adjusted according to the leakage requirements of application environment. Its security is formally proved under the classic static assumption.

Efficient Side-Channel Secure Message Authentication with Better Bounds

We investigate constructing message authentication schemes from symmetric cryptographic primitives, with the goal of achieving security when most intermediate values during tag computation and verification are leaked (i.e., mode-level leakage-resilience). Existing efficient proposals typically follow the plain Hash-then-MAC paradigm T = TGenK(H(M)). When the domain of the MAC function TGenK is {0, 1}128, e.g., when instantiated with the AES, forgery is possible within time 264 and data complexity 1. To dismiss such cheap attacks, we propose two modes: LRW1-based Hash-then-MAC (LRWHM) that is built upon the LRW1 tweakable blockcipher of Liskov, Rivest, and Wagner, and Rekeying Hash-then-MAC (RHM) that employs internal rekeying. Built upon secure AES implementations, LRWHM is provably secure up to (beyond-birthday) 278.3 time complexity, while RHM is provably secure up to 2121 time. Thus in practice, their main security threat is expected to be side-channel key recovery attacks against the AES implementations. Finally, we benchmark the performance of instances of our modes based on the AES and SHA3 and confirm their efficiency.

Continuous Leakage-Resilient Certificate-Based Encryption Scheme Without Bilinear Pairings

Recently, much attention has been focused on designing provably secure cryptographic primitives in the presence of key leakage, even the continuous leakage attacks. However, several constructions on the (continuous) leakage-resilient certificate-based encryption (CBE) scheme were proposed based on the bilinear pairings, and the corresponding computational efficiency is lower. Also, the leakage on the master secret key is omitted in the previous constructions. In this paper, to further achieve the better performance, a new construction method of continuous leakage-resilient CBE scheme without bilinear pairings is proposed, and the chosen-ciphertext attacks security of designed scheme is proved based on the hardness of the classic decisional Diffie–Hellman assumption. The performance analysis shows that our method not only can obtain higher computational efficiency but also enjoys better security performances, such as the leakage parameter of secret key of user has the constant size, and an adversary cannot obtain any leakage on the secret key of user from the corresponding given ciphertext etc. The advantage is that our proposal allows leakage attacks of multiple keys, i.e. continuous leakage resilience of the secret key of user and bounded leakage resilience of the master secret key. Additionally, to provide the leakage resilience for the cloud computing, a novel data access control scheme for cloud storage service is proposed from our continuous leakage-resilient CBE scheme, which can keep its claimed security in the leakage seting.

Leakage-Resilient Hierarchical Identity-Based Encryption with Recipient Anonymity

As a promising public key cryptographic primitive, hierarchical identity-based encryption (HIBE) introduces key delegation mechanisms into identity-based encryption. However, key leakage and recipient anonymity issues have not been adequately addressed in HIBE. Hence, direct applications of traditional HIBE schemes will violate data security and abuse users’ privacy in practice. In this paper, we propose an anonymous unbounded hierarchical identity-based encryption scheme, which achieves bounded leakage resilience and the hierarchy depth is not limited. Our security proofs based on the dual system encryption technique show that the proposed scheme is capable of resisting key leakage and it realizes recipient anonymity in the standard model. In addition, leakage resilience analysis indicates that our scheme allows the leakage rate of approximate 1/3 no matter the hierarchy depth of identities. Finally, performance comparisons show the practicability of our scheme. In particular, the secret key of our construction is of a fixed-length.