Public-Key Encryption in the Bounded-Retrieval Model

Alwen, Joël; Dodis, Yevgeniy; Naor, Moni; Segev, Gil; Walfish, Shabsi; Wichs, Daniel

doi:10.1007/978-3-642-13190-5_6

Cited by 157 publications

(213 citation statements)

References 32 publications

Supporting

Mentioning

212

Contrasting

Order By: Relevance

“…The model is described in, for example, the works [15,16]. Since an adversary can choose its leakage function after seeing the public key(s), in effect we consider functions that leak on the public and secret keys together.…”

Section: Adaptive Leakage On Leveled Fhementioning

confidence: 99%

“…Since an adversary can choose its leakage function after seeing the public key(s), in effect we consider functions that leak on the public and secret keys together. This framework has been previously considered for non-homomorphic public key and identity based encryption schemes based on bilinear groups, lattices, and quadratic residuosity [16,26,29]. Additionally, both RPKE and "dual Regev", schemes based on DLWE, can be made leakage resilient; Akavia, Goldwasser, and Vaikunatanathan achieve adaptive leakageresilient RPKE [15], and Dodis, Goldwasser, Kalai, Peikert, and Vaikuntanathan construct leakage-resilient "dual Regev" [19].…”

Section: Adaptive Leakage On Leveled Fhementioning

confidence: 99%

“…This has been an active topic of research over the past 15 years (see [15,16,17,18,19,20,21,22,23,24,25,26,13,14] and the references therein), resulting in many different leakage models, and cryptographic primitives such as public key encryption schemes and signature schemes secure in each model.…”

Section: Introduction and Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Leakage Resilient Fully Homomorphic Encryption

Berkoff

Liu

2014

Theory of Cryptography

View full text Add to dashboard Cite

Abstract. We construct the first leakage resilient variants of fully homomorphic encryption (FHE) schemes. Our leakage model is bounded adaptive leakage resilience. We first construct a leakage-resilient leveled FHE scheme, meaning the scheme is homomorphic for all circuits of depth less than some pre-established maximum set at key generation. We do so by applying ideas from recent works analyzing the leakage resilience of public key encryption schemes based on the decision learning with errors (DLWE ) assumption to the Gentry, Sahai and Waters ([1]) leveled FHE scheme. We then move beyond simply leveled FHE, removing the need for an a priori maximum circuit depth, by presenting a novel way to combine schemes. We show that by combining leakage resilient leveled FHE with multi-key FHE, it is possible to create a leakage resilient scheme capable of homomorphically evaluating circuits of arbitrary depth, with a bounded number of distinct input ciphertexts.

show abstract

Section: Adaptive Leakage On Leveled Fhementioning

confidence: 99%

Section: Adaptive Leakage On Leveled Fhementioning

confidence: 99%

See 1 more Smart Citation

Leakage Resilient Fully Homomorphic Encryption

Berkoff

Liu

2014

Theory of Cryptography

View full text Add to dashboard Cite

show abstract

“…Which means that designing algorithms such that their description already provides security against those attacks. Leakage-resilient cryptography is an increasingly active area in recent years and many leakage models have been proposed, such as only computation leaks information (OCLI) [19,21,27, 24], memory leakage [1,17], bounded retrieval [2,3,14], and auxiliary input models [15,21,20,34], etc. In this work, we design leakage-resilient signature schemes based on the following two leakage models:…”

Section: Introductionmentioning

confidence: 99%

Efficient Leakage-Resilient Signature Schemes in the Generic Bilinear Group Model

Tang

Niu

et al. 2014

Information Security Practice and Experience

View full text Add to dashboard Cite

Abstract. We extend the techniques of Kiltz et al. (in ASIACRYPT 2010) and Galindo et al. (in SAC 2012) to construct two efficient leakage-resilient signature schemes. Our schemes based on Boneh-LynnShacham (BLS) short signature and Waters signature schemes, respectively. Both of them are more efficient than Galindo et al.'s scheme, and can tolerate leakage of (1 − o (1))/2 of the secret key at every signature invocation. The security of the proposed schemes are proved in the generic bilinear group model (additionally, in our first scheme which based on the BLS short signature, a random oracle is needed for the proof).

show abstract

“…To sum up these two models, l is defined as a fraction of the key (either in terms of the bit size or the entropy). The bounded retrieval model (e.g., see [2,8]), on the other hand, treats the leakage l as a system parameter. The size of the secret key can be increased to allow l bits of leakage, without affecting the public key size, communication and computation efficiency.…”

Section: Introductionmentioning

confidence: 99%

Identity-Based Encryption Resilient to Continual Auxiliary Leakage

Yuen

Chow

Zhang

et al. 2012

Advances in Cryptology – EUROCRYPT 2012

View full text Add to dashboard Cite

Abstract.We devise the first identity-based encryption (IBE) that remains secure even when the adversary is equipped with auxiliary input (STOC '09) -any computationally uninvertible function of the master secret key and the identity-based secret key. In particular, this is more general than the tolerance of Chow et al.'s IBE schemes (CCS '10) and Lewko et al.'s IBE schemes (TCC '11), in which the leakage is bounded by a pre-defined number of bits; yet our construction is also fully secure in the standard model based on only static assumptions, and can be easily extended to give the first hierarchical IBE with auxiliary input.Furthermore, we propose the model of continual auxiliary leakage (CAL) that can capture both memory leakage and continual leakage. The CAL model is particularly appealing since it not only gives a clean definition when there are multiple secret keys (the master secret key, the identity-based secret keys, and their refreshed versions), but also gives a generalized definition that does not assume secure erasure of secret keys after each key update. This is different from previous definitions of continual leakage (FOCS '10, TCC '11) in which the length-bounded leakage is only the secret key in the current time period. Finally, we devise an IBE scheme which is secure in this model. A major tool we use is the modified Goldreich-Levin theorem (TCC '10), which until now has only been applied in traditional public-key encryption with a single private key.

show abstract

Public-Key Encryption in the Bounded-Retrieval Model

Cited by 157 publications

References 32 publications

Leakage Resilient Fully Homomorphic Encryption

Leakage Resilient Fully Homomorphic Encryption

Efficient Leakage-Resilient Signature Schemes in the Generic Bilinear Group Model

Identity-Based Encryption Resilient to Continual Auxiliary Leakage

Contact Info

Product

Resources

About