Research On The(Continuous)Leakage Resilience Of Several Cryptographic Primitives

In a traditional security model,legitimate participants hold internal secret states,such as those for the private key of user,which are assumed completely inaccessible to the adversary.However,in the real world,an adversary can learn some information about internal secret states through various leakage attacks such as side-channel attacks,cold-boot attacks,etc.Thus,if an adversary obtains a certain amount of leakage on the internal secret states in the leakage setting,then the traditional cryptographic schemes may not keep their claimed security.Therefore,leakage of confidential information including secret keys has become a threat to security of computing systems.It has become a common security requirement that a cryptographic scheme should withstand various leakage attacks,even the continuous leakage attacks.The analysis shows that the previous constructions with leakage resilience have the following deficiencies:(1)only consider the bound leakage attacks,and cannot resist the continuous leakage attacks;(2)in some constructions,all elements in ciphertext are not random in the adversary's view,and an adversary can obtain some leakage on the secret key from the corresponding given ciphertext;(3)some schemes could tolerate a leakage bound that depends on the length of message,which can only reduce the length of plaintext to enhance the leakage resilience;(4)the leakage-resilient security of several identity-based proposals is proved from a stronger security assumption that depends on the number of secret key generation queries made by the adversary;(5)some schemes cannot achieve the higher leakage rate,where the leakage rate is a ratio of the size of bits leaked to the length of secret key.Therefore,to obtain the better performances for the cryptographic primitives,we will work on the design of chosen-ciphertext attacks(CCA)secure(continuous)leakage-resilient cryptographic primitives,such as public-key encryption(PKE)scheme,identity-based encryption(IBE)scheme,certificateless public-key encryption(CL-PKE)scheme,etc.Also,the security of our constructions will be proved based on the classic static assumption,as well as the leakage parameter is independent of the plaintext space and has the constant size.In addition,all elements in the ciphertext are random in the adversary's view,and any adversary cannot obtain the leakage on the secret key from the corresponding given ciphertext.Also,we try to improve the leakage rate of the corresponding constructions.Our results are summarized as follows:(1)The formal definitions and(continuous)leakage-resilient security models of PKE scheme,IBE scheme and CL-PKE scheme are described,such as leakage-resilient chosen-plaintext attacks(LR-CPA)security,leakage-resilient chosen-ciphertext attacks(LR-CCA)security,continuous leakage-resilient chosen-plaintext attacks(CLR-CPA)security and continuous leakage-resilient chosen-ciphertext attacks(CLR-CCA)security,etc.(2)Based on the universal hash function,we present a new method to construct the more practical CCA secure leakage-resilient PKE scheme,and the scheme's security is based on the hardness of classical decisional Diffie-Hellman(DDH)assumption.Moreover,our construction enjoys better performance.To achieve the efficient PKE scheme which can keep its original security in the continuous leakage setting,we propose two new constructions of CCA secure PKE scheme with continuous leakage resilience,and the security of proposed PKE schemes is based on the hardness of DDH assumption.In these constructions,the secret key will be updated by running the matrix operations or exponent operations while the public key is unchanged.(3)To get an IBE scheme which can keep its original security in the continuous leakage model,we propose a new costructions of CCA secure continuous leakage-resilient IBE(CLR-IBE)scheme with the universal hash function,and the continuous leakage-resilient CCA security of proposed scheme is proved based on the hardness of the decisional bilinear Diffie-Hellman(DBDH)assumption.Furthermore,a CCA secure CLR-IBE scheme with better performance is proposed.Specially,our improved scheme allows continuous leakage of multiple keys,i.e.,continuous leakage of the master secret key and the private key of user.That is,in this construction,the continuous leakage attacks for the master secret key are perimetted.(4)A new CCA2 secure leakage-resilient CL-PKE scheme is presented from the stronger randomness extractor,and whose security is based on the DDH assumption.Because of without bilinear pairings,our construction is more efficient than previous constructions.To obtain continuous leakage resilience for the CL-PKE scheme,a new construction of CCA secure continuous leakage-resilient CL-PKE(CLR-CL-PKE)scheme is proposed,and the scheme's security is proved based on the hardness of DDH assumption.According to the results of analysis,we have that our construction not only tolerates continuous leakage attacks on the private key through periodically update,but also has better performances.