Study On Cryptographical Technology Resist To Key Leakage

Nowadays, with popularity of the Internet, uesers or enterprises can not do without the protection of key. The systems’ key plays an important role in a cryptosystem: only users who have legitimate key can perform encryption(or signature) operations in an encryption(or signature) system. Modern cryptosystems are composed by algorithm and key material according to Kerckhoff assumption. And cryptosystem algorithm is public, its security all depends on the security of the key. How to design a provable cryptosystem which could resist key leakage is a very meaningful research direction. This thesis deeply explores the development process and problems of the cryptographical technology resisting key leakage, focusing on forward secure public key encryption, forward secure public key encryption in untrusted update environment and threshold public key encryption in continual key leakage model. In order to better resist the adversary’s attack, analyse the performance and prove the security of the mechanism or system, to best keep the security of information system based on cryptography. Based on the problem of entire key exposure and partial key leakage, this thesis studies the security of the corresponding public key encryption schemes including depicting adversary model, security definition, construction of cryptosystem and security proof of cryptosystem. In particular, this thesis covers the following five original work:1. Construct an efficient forward secure public key encryption in the random oracle model. The first construction provides a simple method of key evolution based on symmetric encryption. In the random oracle model, this thesis proves this scheme has forward security against chosen ciphertext attack. Moreover, in this scheme, key update algorithm is quite efficient and all the ciphertext and secret keys are kept in constant size, though the size of the public key is linear with the total number of the key period. linearly with the total number of key period. As the first scheme is constructed under the random oracle model, a second scheme based on dual system encryption in standard model is given. And this scheme is also forward secure against chosen ciphertext attack. In addtion, the complexity of all parameters is no more than the square of the logarithm related to the total number of periods. This scheme has the characteristics of constant ciphertext and constant encryption or decryption operation.2. Construct a provable secure and forward secure public key encryption with untrusted update. The proposed forward secure public key encryption scheme with untrusted update had no provable security, so there is doubt about the security of the proposed scheme. So far, there has no provable secure and forward secure public key encryption scheme with untrusted update. Therefore, two provable secure forward secure public key encryption scheme with untrusted update are put forword in this thesis. The first scheme proves the forward security and update security based on symmetric encryption scheme. And this scheme has high efficiency. The second construction describes a generic construction of forward secure public key encryption scheme with untrusted update applying symmetric encryption and binary tree encryption. Moreover, a concrete scheme of forward secure public key encryption scheme with untrusted update employing dual system encryption is put forward. And the scheme is provable secure in the standard model based on three static hardness assumptions.3. Construc an efficient and forward secure threshold public key encryption scheme. From the viewpoint of security improvement, this thesis constructs a new efficient and secure threshold public key encryption scheme. This scheme is interactive in which decryption servers update its secret keys independently and asynchronously. No communication is needed among different servers. Under computational bilinear Diffie-Hellman assumption in a group of prime order, it is very efficient. This thesis prove this scheme is forward secure against chosen ciphertext attack and collusion attack in the random oracle model.4. Construct a secure predicate encryption sche me resist bounded key leakage in the standard model. Bounded leakage is one kind of models of key leakage. A new model of bounded leakage. Under this model, by applying the randomness extractor to predicate encryption scheme, a new leakage-resilient predicate encryption scheme is put forward. In the selectively secure sense, the proposed scheme is leakage resilient and attribute- hiding, applying a sequence of games under two static assumption without random oracle.5. Construct a continual leakage secure threshold public key encryption scheme in the standard model. The continual leakage model is another key leakdage model which has been studied recently. This thesis designs a new formal framework for modeling the leakge available to attackers. This framework firstly depicts continual key leakage model in the threshold setting. The scheme utilises dual system encryption methodology in composite order bilinear groups, which naturally lead to leakage resilience by expanding the semi- functional space to multiple dimensional vectors. Moreover, this scheme accomplishes continual leakage resilience in a(t,n)-threshold setting by employing a t-out-of-n secret sharing approach to split the master key into multiple shares. Each server periodically and asynchronously updates its private key share. Therefore, this scheme is provable secure against continual key leakage attack in the standard model by using a sequence of games based on three static mathematical assumptions which rely on three static hardness problems.