|
|||||
|
|
Novel generic construction of leakage-resilient PKE scheme with CCA security |
|
| Authors: | Zhou Yanwei Yang Bo Xia Zhe Zhang Mingwu Mu Yi |
| Institution: | 1.School of Computer Science, Shaanxi Normal University, Xi’an, China ;2.State Key Laboratory of Cryptology, P.O. Box 5159, Beijing, China ;3.Guangxi Key Laboratory of Trusted Software, Guilin University of Electronic and Technology, Guilin, China ;4.School of Computer Science and Technology, Wuhan University of Technology, Wuhan, China ;5.Institute of Data Science, City University of Macau, Macao, China ; |
| Abstract: | Leakage of private state information (e.g. the secret keys) through various leakage attacks (e.g. side channel attacks, cold-boot attacks, etc) has become a serious threat to the security of computer systems in practice. Nowadays, it has become a common requirement that cryptographic schemes should withstand the leakage attacks. Although some research progresses have been made towards designing leakage-resilient cryptographic schemes, there are still some unsolved issues. For example, the computational costs of the existing generic construction of leakage-resilient public-key encryption (PKE) schemes is generally very high. One of the main reasons is that the underlying building blocks, e.g. non-interactive zero-knowledge argument, one-time lossy filter or one-time signature, are computationally expensive. Moreover, the above constructions of PKE with leakage resilience normally require the upper bound of leakage to be fixed. However, in many real-world applications, this requirement cannot provide sufficient protection against various leakage attacks. In order to mitigate the above problems, this paper presents a generic method of designing leakage amplified PKE schemes with leakage resilience and chosen-ciphertext attacks (CCA) security. Firstly, we define a new cryptography primitive, called identity-based hash proof system with two encapsulated key (T-IB-HPS). Then, two generic constructions of leakage-resilient PKE schemes are proposed using T-IB-HPS and message authentication code (MAC). The CCA security of our proposed constructions can be reduced to the security of the underlying T-IB-HPS and MAC. In the proposed generic method, the leakage parameter has an arbitrary length that can be flexibly adjusted according to the specific leakage requirements. In order to demonstrate the practicability of our generic method, two instantiations of T-IB-HPS are introduced. The first instantiation is proved based on the truncated augmented bilinear Diffie–Hellman exponent assumption, and the second instantiation is proved based on the related security assumptions over the composite order bilinear group. |
| Keywords: | |
| 本文献已被 SpringerLink 等数据库收录! | |