Certificate-Based Encryption Resilient to Key Leakage

Certificate-based encryption (CBE) is an important class of public key encryption but the existing schemes are secure only under the premise that the decryption key (or private key) and master private key are absolutely secret. In fact, a lot of side channel attacks and cold boot attacks can leak secret information of a cryptographic system. In this case, the security of the cryptographic system is destroyed, so a new model called leakage-resilient (LR) cryptography is introduced to solve this problem. While some traditional public key encryption and identity-based encryption with resilient-leakage schemes have been constructed, as far as we know, there is no leakage-resilient scheme in certificate-based cryptosystems. This paper puts forward the first certificate-based encryption scheme which can resist not only the decryption key leakage but also the master secret key leakage. Based on composite order bilinear group assumption, the security of the scheme is proved by using dual system encryption. The relative leakage rate of key is close to 1/3

Leakage-Resilient Certificateless Public Key Encryption

In certificateless public key encryption (CL-PKE), the Private Key Generator (PKG) keeps a master secret key to generate a partial private key corresponding to a user's identity. Together with a secret value generated by the user, a full private key can be constructed for decryption. Traditional security model for CL-PKE assumes that (i) both the master secret key of the PKG and the full private key of the user under attack are in absolute secrecy; and (ii) the attacker can only obtain either the target user's secret value without any partial knowledge of the partial private key or vice versa. However, the advancement of practical side-channel attacks enable attackers to obtain partial information of both keys easily, making the above assumption invalid. In this paper, we give the first leakage-resilient CL-PKE. We consider different leakage conditions for Type I (third party attackers) and Type II (honest-but-curious PKG) attackers, following the classification in traditional CL-PKE. We give a concrete construction in the composite order bilinear group. We prove the security of our scheme in the standard model, overcoming some technical difficulties in the security proofs for both Type I and Type II attackers of CL-PKE. © 2013 ACM

Leakage resilient cryptographic scheme and GPU-based pairing operation

Cryptographic schemes are designed to protect the privacy of the users. Numerous schemes have been proposed for different purposes. One important type of schemes is called the secret sharing scheme. In a secret sharing scheme, a secret value can be shard among authorized parties. Another important type of schemes is identity based encryption and its variant: certificateless encryption. Traditionally, both of them assume the absolute privacy of secret shares or secret keys. However, this assumption may not hold in the real world. Side-channel attack, such as time analysis and memory attack will enable the attackers to get partial information about them. Therefore, we propose the leakage resilient cryptographic schemes to guarantee the privacy under various key-exposure attack. Generally speaking, there are three leakage models: the bounded leakage model, continual leakage model and auxiliary input model. We will focus on the first two models in this thesis. This thesis addresses two leakage resilient cryptographic schemes. The first one is called Continual Leakage-Resilient Dynamic Secret Sharing. In this scheme, the attacker can continuously leak on the private value owned by the user with the constrain that the length of the leaked information should be less than ℓ bits between updates. The dealer is able to dynamically choose a set of n users and a threshold of t users (which is called authorized set) to reconstruct secret with the same broadcast message. The user can also dynamic join and leave the scheme. The privacy of the secret value can be guaranteed even up to t-1 users are corrupted and the information of all other users are leaked. The second one is called Leakage-Resilient Certificateless Public-Key Encryption. Certificateless encryption is proposed to solve the key escrow problem in PKG. Instead of relying on the PKG to generate the full secret key in the traditional model, we generate partial secret key on PKG. We then combine it with our selected secret value to generate the final secret key. This will solve the key escrow problem since the PKG has no knowledge about the secret value chosen. Our scheme is the first leakage-resilient version of certificateless encryption. In our security model, both the master key held by the PKG and the secret key (including the secret value) held by the user can be leaked by the attacker. We first construct the scheme in bounded leakage model and then extend it to continual leakage model. Finally, all of these schemes require lots of composite order bilinear pairing operations. We will describe how to improve the efficient of it on graphics hardware in chapter 4. We run the parings in parallel on GPU to accelerate them. The implement scheme and efficient are presented in this thesis.published_or_final_versionComputer ScienceDoctoralDoctor of Philosoph