Institutional Repository
| efficient public key cryptosystem resilient to key leakage chosen ciphertext attacks | |
| Liu Shengli; Weng Jian; Zhao Yunlei | |
| 2013 | |
| Conference Name | Cryptographers' Track at the RSA Conference 2013, CT-RSA 2013 |
| Source | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
| Pages | 84-100 |
| Conference Date | February 25, 2013 - March 1, 2013 |
| Conference Place | San Francisco, CA, United states |
| Indexed Type | EI |
| ISSN | 0302-9743 |
| ISBN | 9783642360947 |
| Department | (1) Dept. of Computer Science and Engineering Shanghai Jiao Tong University Shanghai 200240 China; (2) Department of Computer Science Emergency Technology Research Center of Risk Evaluation and Prewarning on Public Network Security Jinan University China; (3) Software School Fudan University Shanghai 201203 China; (4) State Key Laboratory of Information Security Institute of Information Engineering Chinese Academy of Sciences Beijing 100093 China; (5) Shanghai Key Laboratory of Scalable Computing and Systems Shanghai China |
| English Abstract | Leakage-resilient public key encryption (PKE) schemes are designed to resist "memory attacks", i.e., the adversary recovers the cryptographic key in the memory adaptively, but subject to constraint that the total amount of leaked information about the key is bounded by some parameter λ. Among all the IND-CCA2 leakage-resilient PKE proposals, the leakage-resilient version of the Cramer-Shoup cryptosystem (CS-PKE), referred to as the KL-CS-PKE scheme proposed by Naor and Segev in Crypto09, is the most practical one. But, the key leakage parameter λ and plaintext length m of KL-CS-PKE are subject to λ + m &le log q - ω(log κ), where κ is security parameter and q is the prime order of the group on which the scheme is based. Such a dependence between λ and m is undesirable. For example, when λ (resp., m) approaches to log q, m (resp., λ) approaches to 0. In this paper, we designed a new variant of CS-PKE that is resilient to key leakage chosen ciphertext attacks. Our proposal is λ &le log q - ω(log κ) leakage-resilient, and the leakage parameter λ is independent of the plaintext space that has the constant size q (exactly the same as that in CS-PKE). The performance of our proposal is almost as efficient as the original CS-PKE. As far as we know, this is the first leakage-resilient CS-type cryptosystem whose plaintext length is independent of the key leakage parameter, and is also the most efficient IND-CCA2 PKE scheme resilient to up to log q - ω(log κ) leakage. © 2013 Springer-Verlag.; Leakage-resilient public key encryption (PKE) schemes are designed to resist "memory attacks", i.e., the adversary recovers the cryptographic key in the memory adaptively, but subject to constraint that the total amount of leaked information about the key is bounded by some parameter λ. Among all the IND-CCA2 leakage-resilient PKE proposals, the leakage-resilient version of the Cramer-Shoup cryptosystem (CS-PKE), referred to as the KL-CS-PKE scheme proposed by Naor and Segev in Crypto09, is the most practical one. But, the key leakage parameter λ and plaintext length m of KL-CS-PKE are subject to λ + m &le log q - ω(log κ), where κ is security parameter and q is the prime order of the group on which the scheme is based. Such a dependence between λ and m is undesirable. For example, when λ (resp., m) approaches to log q, m (resp., λ) approaches to 0. In this paper, we designed a new variant of CS-PKE that is resilient to key leakage chosen ciphertext attacks. Our proposal is λ &le log q - ω(log κ) leakage-resilient, and the leakage parameter λ is independent of the plaintext space that has the constant size q (exactly the same as that in CS-PKE). The performance of our proposal is almost as efficient as the original CS-PKE. As far as we know, this is the first leakage-resilient CS-type cryptosystem whose plaintext length is independent of the key leakage parameter, and is also the most efficient IND-CCA2 PKE scheme resilient to up to log q - ω(log κ) leakage. © 2013 Springer-Verlag. |
| Keyword | Artificial Intelligence |
| Language | 英语 |
| Content Type | 会议论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/15904 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | Liu Shengli,Weng Jian,Zhao Yunlei. efficient public key cryptosystem resilient to key leakage chosen ciphertext attacks[C],2013:84-100. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment