Leakage‐resilient ID‐based signature scheme in the generic bilinear group model

Wu, Jui-Di; Tseng, Yuh‐Min; Huang, Sen–Shan

doi:10.1002/sec.1580

Cited by 20 publications

(19 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Subsequently, Yuen et al (2012) presented an improvement on Brakerski et al's scheme in terms of computational costs. under the continual leakage model, Wu et al (2016) proposed the first leakage-resilient ID-based signature (LR-IBS) scheme.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Leakage-Resilient Revocable Identity-Based Signature with Cloud Revocation Authority

Wu¹,

Tseng²,

Huang³

et al. 2020

Informatica

Self Cite

View full text Add to dashboard Cite

Very recently, side-channel attacks have threatened all traditional cryptographic schemes. Typically, in traditional cryptography, private/secret keys are assumed to be completely hidden to adversaries. However, by side-channel attacks, an adversary may extract fractional content of these private/secret keys. To resist side-channel attacks, leakage-resilient cryptography is a countermeasure. Identity-based public-key system (ID-PKS) is an attractive public-key setting. ID-PKS settings not only discard the certificate requirement, but also remove the construction of the public-key infrastructure. For solving the user revocation problem in ID-PKS settings, revocable ID-PKS (RID-PKS) setting has attracted significant attention. Numerous cryptographic schemes based on RID-PKS settings have been proposed. However, under RID-PKS settings, no leakage-resilient signature or encryption scheme is proposed. In this article, we present the first leakage-resilient revocable ID-based signature (LR-RIBS) scheme with cloud revocation authority (CRA) under the continual leakage model. Also, a new adversary model of LR-RIBS schemes with CRA is defined. Under this new adversary model, security analysis is made to demonstrate that our LR-RIBS scheme with CRA is provably secure in the generic bilinear group (GBG) model. Finally, performance analysis is made to demonstrate that our scheme is suitable for mobile devices.

show abstract

Section: Related Workmentioning

confidence: 99%

“…To achieve overall unbounded leakage property (Galindo and Virek, 2013;Wu et al, 2016Wu et al, , 2018Wu et al, , 2019, a private/secret key must be split into two components. Additionally, each private/secret key participated in the associated algorithm is also refreshed before/after each algorithm invocation.…”

Section: Frameworkmentioning

confidence: 99%

Leakage-Resilient Revocable Identity-Based Signature with Cloud Revocation Authority

Wu¹,

Tseng²,

Huang³

et al. 2020

Informatica

Self Cite

View full text Add to dashboard Cite

show abstract

“…In our scheme, adversaries are given the complete leakage abilities to continuously gain partial information of the CA's system secret key, the user's private key and certificate, and random values. The design principle of the proposed LR-CB-KE scheme is to employ the key refreshing technique [17], [22], [36] to update the CA's system secret key, and each user's private key and certificate after each invocation. In the key refreshing technique, the CA partitions the system secret key into two parts and updates the two parts after each certificate generation procedure.…”

Section: B Contribution and Organizationmentioning

confidence: 99%

“…At most 2λ bits of c is helpless to gain the current system secret key SSK for A I . (SSK i−1,1 , SSK i−1,2 ): By the multiplicative blinding technique[17],[22],[36], the CA's system secret key SSK satisfies the equality SSK= SSK i−1,1 • SSK i−1,2 = SSK i,1 • SSK i,2 .Note that the leaked information of both SSK i−1,1 and SSK i−1,2 is independent of that of both SSK i,1 and SSK i,2 . Hence, at most λ bits of SSK i−1,1 and SSK i−1,2 are leaked to A I .…”

mentioning

confidence: 99%

Leakage-Resilient Certificate-based Key Encapsulation Scheme Resistant to Continual Leakage

Tseng

Huang

et al. 2020

IEEE Open J. Comput. Soc.

Self Cite

View full text Add to dashboard Cite

In the past, the security of most public-key encryption or key encapsulation schemes is shown in an ideal model, where private keys, secret keys and random values are assumed to be absolutely secure to adversaries. However, this ideal model is not practical due to side-channel attacks in the sense that adversaries could gain partial information of these secret values involved in decryption operations by perceiving energy consumption or execution timing. In such a case, these schemes under the ideal model could suffer from side-channel attacks. Recently, leakage-resilient cryptography resistant to side-channel attacks is an emerging research topic. Certificatebased encryption (CBE) or certificate-based key encapsulation (CB-KE) schemes are a class of important public-key encryption. However, little work addresses the design of leakageresilient CBE (LR-CBE) or leakage-resilient CB-KE (LR-CB-KE) schemes. In this paper, we present the first LR-CB-KE scheme with overall unbounded leakage property which permits adversaries to continuously gain partial information of the system secret key of a trusted certificate authority (CA), the private keys and certificates of users, and random values. In the generic bilinear group model, formal security analysis is made to prove that the proposed LR-CB-KE scheme is secure against chosen ciphertext attacks.

show abstract

“…ey measured the leakage by the induced decrease of the minimum entropy of the secret (noisy leakage). Under these formulations, some leakage resilient primitives are successfully designed, including signature schemes [3][4][5] and key agreement protocol [6,7].…”

Section: Introductionmentioning

confidence: 99%

CCA Secure Public Key Encryption against After-the-Fact Leakage without NIZK Proofs

Zhao

Liang

Yang

et al. 2019

Security and Communication Networks

View full text Add to dashboard Cite

In leakage resilient cryptography, there is a seemingly inherent restraint on the ability of the adversary that it cannot get access to the leakage oracle after the challenge. Recently, a series of works made a breakthrough to consider a postchallenge leakage. They presented achievable public key encryption (PKE) schemes which are semantically secure against after-the-fact leakage in the split-state model. This model puts a more acceptable constraint on adversary’s ability that the adversary cannot query the leakage of secret states as a whole but the functions of several parts separately instead of prechallenge query only. To obtain security against chosen ciphertext attack (CCA) for PKE schemes against after-the-fact leakage attack (AFL), existing works followed the paradigm of “double encryption” which needs noninteractive zero knowledge (NIZK) proofs in the encryption algorithm. We present an alternative way to achieve AFL-CCA security via lossy trapdoor functions (LTFs) without NIZK proofs. First, we formalize the definition of LTFs secure against AFL (AFLR-LTFs) and all-but-one variants (ABO). Then, we show how to realize this primitive in the split-state model. This primitive can be used to construct AFLR-CCA secure PKE scheme in the same way as the method of “CCA from LTFs” in traditional sense.

show abstract

Leakage‐resilient ID‐based signature scheme in the generic bilinear group model

Cited by 20 publications

References 37 publications

Leakage-Resilient Revocable Identity-Based Signature with Cloud Revocation Authority

Leakage-Resilient Revocable Identity-Based Signature with Cloud Revocation Authority

Leakage-Resilient Certificate-based Key Encapsulation Scheme Resistant to Continual Leakage

CCA Secure Public Key Encryption against After-the-Fact Leakage without NIZK Proofs

Contact Info

Product

Resources

About