| With more and more cryptosystems being applied to insecure environments such asmobile devices, key-exposure seems inevitable. The secret key plays an important role in ancryptosystem, and its exposure will mean that the security is entirely lost. In conventionalpublic key infrastructures, whenever key-exposure happens, certificate revocation list (CRL)can be used to revoke the compromised keys. However, it is hard for identity-based cryp-tosystems to deal with this problem, since the identity information acts as the user's publickey and is not desirable to be changed. Therefore, it is necessary and worthwhile to dealwith the key-exposure problem in identity-based scenarios. In this paper, we study on thisproblem, and achieve the following results:1) The existing definition and security notions for identity-based key-insulated signature(IBKIS) is not so rigorous. So, in this paper we reformalize the definition and secu-rity notions for IBKIS, and then propose a new IBKIS scheme. In the random oraclemodel, the proposed IBKIS scheme is proved to be perfectly key-insulated, strongkey-insulated and secure key-updates. It also supports random-access key-updates andunbounded number of time periods. We further discuss the relations between hierar-chical identity-based signature (HIBS) and IBKIS, and show a generic construction ofIBKIS from any 2-HIBS scheme.2) We extend the parallel key-insulated mechanism to identity-based encryption scenar-ios, and then introduce the primitive of identity-based parallel key-insulated encryp-tion(IBPKIE). After formalizing the definition and security notions for IBPKIE, a con-crete IBPKIE scheme is presented. The proposed IBPKIE scheme not only allowsfrequent key-updating, but also retains a low risk of helper's key-exposure, and henceoverall increases the security of the system. Another favorite property of the proposedscheme is that, its security can be proved without using the random oracle heuristic.This is especially attractive, since a proof in the random oracle can only serve as aheuristic argument and can not imply the security in the real implementation. 3) We also extend the parallel key-insulated mechanism to identity-based signature sce-narios, and propose a primitive named identity-based parallel key-insulated signature(IBPKIS). We formalize the formal definition and security notions for IBPKIS, andthen proposed two IBPKIS schemes: one is proved in the random oracle model, andthe other can be proved without random oracle model. The two proposed IBPKISschemes not only support frequent key-updating but also retain a lower risk of helper'skey-exposure, and hence strengthen the security of the system.4) Parallel key-insulation mechanism can enhance the ability against key-exposure. How-ever, it lacks of ?exibility, and there exist some situations hard for it to tackle. So, weintroduce another new mechanism named threshold key-insulation, and present theprimitive of identity-based threshold key-insulated encryption (IBTKIE). We formal-ize the security notions for IBTKIE and then propose the first IBTKIE scheme. Onthe one hand, this new primitive can enhance the security of the system, and on theother hand, it can provide ?exibility and efficiency. Again, the security of our pro-posed IBTKIE scheme can be proved without resorting to the random oracle model.We also formalize the definition and security notions for identity-based threshold key-insulated key encapsulation mechanism (IBTKIKEM), and propose an IBTKIKEMscheme secure against adaptive chosen-ciphertext attack in the standard model.
|
PDF Full Text Request