Article
PublicKey Cryptosystems Resilient to Key Leakage.
SIAM Journal on Computing (Impact Factor: 0.8). 01/2009; 2009:105. DOI: 10.1007/9783642033568_2
Source: DBLP

Conference Paper: RandomnessDependent message security
[Show abstract] [Hide abstract]
ABSTRACT: Traditional definitions of the security of encryption schemes assume that the messages encrypted are chosen independently of the randomness used by the encryption scheme. Recent works, implicitly by Myers and Shelat (FOCS'09) and Bellare et al (AsiaCrypt'09), and explicitly by Hemmenway and Ostrovsky (ECCC'10), consider randomnessdependent message (RDM) security of encryption schemes, where the message to be encrypted may be selected as a function—referred to as the RDM function—of the randomness used to encrypt this particular message, or other messages, but in a circular way. We carry out a systematic study of this notion. Our main results demonstrate the following: · Full RDM security—where the RDM function may be an arbitrary polynomialsize circuit—is not possible. · Any secure encryption scheme can be slightly modified, by just performing some preprocessing to the randomness, to satisfy boundedRDM security, where the RDM function is restricted to be a circuit of a priori bounded polynomial size. The scheme, however, requires the randomness r needed to encrypt a message m to be slightly longer than the length of m (i.e., r>m+ω(logk), where k is the security parameter). · We present a blackbox provability barrier to compilations of arbitrary publickey encryption into RDMsecure ones using just preprocessing of the randomness, whenever m>r+ω(logk). On the other hand, under the DDH assumption, we demonstrate the existence of boundedRDM secure schemes that can encrypt arbitrarily 'long' messages using 'short' randomness. We finally note that the existence of publickey encryption schemes imply the existence of a fully RDMsecure encryption scheme in an 'ultraweak' RandomOracle Model—where the security reduction need not 'program' the oracle, or see the queries made by the adversary to the oracle; combined with our impossibility result, this yields the first example of a cryptographic task that has a secure implementation in such a weak RandomOracle Model, but does not have a secure implementation without random oracles.Proceedings of the 10th theory of cryptography conference on Theory of Cryptography; 03/2013 
Conference Paper: BoundedCollusion IBE from key homomorphism
[Show abstract] [Hide abstract]
ABSTRACT: In this work, we show how to construct IBE schemes that are secure against a bounded number of collusions, starting with underlying PKE schemes which possess linear homomorphisms over their keys. In particular, this enables us to exhibit a new (boundedcollusion) IBE construction based on the quadratic residuosity assumption, without any need to assume the existence of random oracles. The new IBE's public parameters are of size O(tλlogI) where I is the total number of identities which can be supported by the system, t is the number of collusions which the system is secure against, and λ is a security parameter. While the number of collusions is bounded, we note that an exponential number of total identities can be supported. More generally, we give a transformation that takes any PKE satisfying Linear Key Homomorphism, Identity Map Compatibility, and the Linear Hash Proof Property and translates it into an IBE secure against bounded collusions. We demonstrate that these properties are more general than our quadratic residuositybased scheme by showing how a simple PKE based on the DDH assumption also satisfies these properties.Proceedings of the 9th international conference on Theory of Cryptography; 03/2012  [Show abstract] [Hide abstract]
ABSTRACT: Sidechannel attacks are a major issue for implementation of secure cryptographic schemes. Among these, keyleakage attacks describe a scenario in which an adversary is allowed to learn arbitrary information about the private key, the only constraint being the number of bits learned. In this work, we study keyleakage resilience according to the model presented by Akavia, Goldwasser and Vaikuntanathan at TCC '09. As our main contribution, we present a codebased hash proof system; we obtain our construction by relaxing some of the requirements from the original de�nition of Cramer and Shoup. We then propose a leakageresilient publickey encryption scheme that makes use of this hash proof system. To do so, we adapt a framework featured in a previous work by Alwen et al. regarding identitybased encryption (EUROCRYPT '10). Our construction features errorcorrecting codes as a technical tool, and, as opposed to previous work, does not require the use of a randomness extractor.Lecture Notes in Computer Science 09/2013; 8128:4454. · 0.51 Impact Factor
Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.