Yu Chen,Zongyang Zhang,Dongdai Lin,Zhenfu Cao

DOI: https://doi.org/10.1007/978-3-642-33272-2_10

2012-01-01

Abstract:We introduce the concept of anonymous identity-based hash proof system (IB-HPS), and show how to use it to construct identity-based encryption schemes providing anonymity in the presence of key leakage. We give four different constructions of anonymous IB-HPS based on: (1) the decision bilinear Diffie-Hellman assumption, (2) the decision truncated augmented bilinear Diffie-Hellman exponent assumption, (3) the quadratic residuosity assumption, and (4) the decision learning with errors assumption.

Yu Chen,Zongyang Zhang,Dongdai Lin,Zhenfu Cao

DOI: https://doi.org/10.1002/sec.827

2016-01-01

Abstract:In this work, we generalize the paradigm of the hash proof system HPS proposed by Cramer and Shoup EUROCRYPT 2002. In the center of our generalization, we lift a subset membership problem to a distribution-distinguishing problem. Our generalized HPS clarifies and encompasses all the known public-key encryption PKE schemes that essentially implement the idea of an HPS. Moreover, besides the existing smoothness property, we introduce an additional property named anonymity for HPS. As a natural application, we consider anonymity for PKE in the presence of key leakage and provide a generic construction of leakage-resilient anonymous PKE from an anonymous HPS. We then extend our generalization to the identity-based setting. Concretely, we generalize the paradigm of the identity-based HPS IB-HPS proposed by Bonehet al. FOCS 2007 and Alwenet al. EUROCRYPT 2010 and introduce anonymity for it. As an interesting application of the anonymous IB-HPS, we consider security for PKE with keyword search PEKS in the presence of token leakage and provide a generic construction of leakage-resilient secure PEKS from leakage-resilient anonymous identity-based encryption, which in turn is based on anonymous IB-HPS. Copyright © 2013 John Wiley & Sons, Ltd.

Qiqi Lai,Feng-Hao Liu,Zhedong Wang

DOI: https://doi.org/10.1007/s10623-024-01358-1

IF: 1.4

2024-02-25

Designs Codes and Cryptography

Abstract:We derive the first adaptively secure identity-based encryption ( ) and attribute-based encryption ( ) for t -conjunctive normal form formula (t-CNF), and selectively secure for general circuits from lattices, with leakage rates, in the both relative leakage model and bounded retrieval model ( ). To achieve this, we first identify a new fine-grained security notion for —partially adaptive/selective security, and instantiate this notion from the learning with errors ( ) assumption. Then, by using this notion, we design a new key compressing mechanism for identity-based/attributed-based weak hash proof system ( / - ) for various policy classes, achieving (1) succinct secret keys and (2) adaptive/selective security matching the existing non-leakage resilient lattice-based designs. Using the existing connection between weak hash proof system and leakage resilient encryption, the succinct-key / -  can yield the desired leakage resilient / schemes with the optimal leakage rates in the relative leakage model. Finally, by further improving the prior analysis of the compatible locally computable extractors, we can achieve the optimal leakage rates in the .

mathematics, applied,computer science, theory & methods

Shi-Feng Sun,Dawu Gu,Zhengan Huang

DOI: https://doi.org/10.1093/comjnl/bxu110

2014-01-01

Abstract:With the purpose of taking physical attacks into account in security proofs, leakage-resilient cryptography has been initiated. Recently, many leakage-resilient cryptographic primitives have been proposed. In this paper, we put forward the first leakage-resilient wicked identity-based encryption (wicked IBE) scheme. To achieve this goal, we first present a new wicked IBE scheme in the composite order groups. The security proof of this scheme is achieved via the dual system encryption technique. In contrast with existing wicked IBE schemes, the new proposal can be proved fully secure in the standard model, even when the maximum hierarchy depth is a polynomial in the security parameter. Moreover, its security is based on some standard assumptions in the composite groups, which are independent of the hierarchy depth of the scheme. Based on this newly proposed scheme, we then put forward a fully secure leakage-resilient wicked IBE scheme in the bounded memory-leakage model. The leakage here is not only allowed on the user's secret key, but also on the master secret key. Its security is proved in the standard model by a hybrid argument in a sequence of computationally indistinguishable games. To the best of our knowledge, this is the first wicked IBE scheme in the context of leakage resilience.

Yiming Li,Shengli Liu

DOI: https://doi.org/10.3233/jcs-220121

2024-01-01

Journal of Computer Security

Abstract:Identity-based chameleon hash (IBCH) is a cryptographic primitive with nice properties. IBCH equips each user with a trapdoor and the hash values can be publicly evaluated w.r.t. the identity of any user. On the one hand, it is hard to find collisions for the hash values without the user’s trapdoor. On the other hand, with the help of the user’s trapdoor, finding collisions becomes easy. An important application of IBCH is to upgrade an identity-based signature (IBS) scheme to an on-line/off-line identity-based signature (OO-IBS) scheme. OO-IBS is a useful tool to provide authenticity in lightweight smart devices, since it only involves light on-line computations and does not need key certificate. Up to now, there are many IBCH constructions from traditional number-theoretic assumptions like RSA, CDH, etc. However, none of the existing IBCH schemes achieve the post-quantum security in the standard model. In this paper, we propose a new IBCH scheme from lattices. The security of our IBCH is reduced to a well-accepted lattice-based assumption – the Short Integer Solution (SIS) assumption in the standard model. Our work provides the first post-quantum solution to IBCH in the standard model.

Pengtao Liu,Chengyu Hu,Shanqing Guo,Yilei Wang

DOI: https://doi.org/10.1109/waina.2015.27

2017-01-01

International Journal of High Performance Computing and Networking

Abstract:Memory attacks, inspired by recent realistic physical attacks, have broken many cryptographic schemes which were considered secure. In this paper, we consider the memory leakage resilience in anonymous identity-based encryption schemes. We construct a leakage-resilient anonymous identity based encryption scheme based on dual system encryption. Inspired by Lewko et al.'s techniques, our scheme is built in composite order groups which have four prime order subgroups and blind the public parameters and cipher texts using the random elements of same subgroup to achieve the anonymity. Moreover, we analyze the security of our scheme in the full adaptive-ID model rather than the selective-ID model.

Shuai Han,Shengli Liu,Lin Lyu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-030-26951-7_15

2019-01-01

Abstract:We propose the concept of quasi-adaptive hash proof system (QAHPS), where the projection key is allowed to depend on the specific language for which hash values are computed. We formalize leakage-resilient(LR)-ardency for QAHPS by defining two statistical properties, including LR-< L-0, L-1 >-universal and LR-< L-0, L-1 >-key-switching. We provide a generic approach to tightly leakage-resilient CCA (LR-CCA) secure public-key encryption (PKE) from LR-ardent QAHPS. Our approach is reminiscent of the seminal work of Cramer and Shoup (Eurocrypt'02), and employ three QAHPS schemes, one for generating a uniform string to hide the plaintext, and the other two for proving the well-formedness of the ciphertext. The LR-ardency of QAHPS makes possible the tight LR-CCA security. We give instantiations based on the standard k-Linear (k-LIN) assumptions over asymmetric and symmetric pairing groups, respectively, and obtain fully compact PKE with tight LR-CCA security. The security loss is O(log Q(e)) where Q(e) denotes the number of encryption queries. Specifically, our tightly LR-CCA secure PKE instantiation from SXDH has only 4 group elements in the public key and 7 group elements in the ciphertext, thus is the most efficient one.

Shi-Feng Sun,Dawu Gu,Udaya Parampalli,Yu,Baodong Qin

DOI: https://doi.org/10.1016/j.jcss.2017.03.004

IF: 1.043

2017-01-01

Journal of Computer and System Sciences

Abstract:In this work, we investigate how to protect public key encryption from both key-leakage attacks and tampering attacks. First, we formalize the notions of chosen ciphertext (CCA) security against key-leakage and tampering attacks. To this goal, we then introduce the concept of key-homomorphic hash proof systems and present a generic construction of public key encryption based on this new primitive. Our construction, compared with previous works, realizes leakage-resilience and tampering-resilience simultaneously but completely independently, so it can tolerate a larger amount of bounded-memory leakage and be instantiated with more flexibility. Moreover, it allows for an unbounded number of affine-tampering queries, even after the challenge phase. With slight adaptations, our construction also achieves CCA security against subexponentially hard auxiliary-input leakage attacks and a polynomial of affine-tampering attacks. Thus, to the best of our knowledge, we get the first public key encryption scheme secure against both auxiliary-input leakage attacks and tampering attacks.

Yu Chen,Zongyang Zhang,Dongdai Lin,Zhenfu Cao

DOI: https://doi.org/10.1007/978-3-642-31284-7_10

2012-01-01

Abstract:In this paper, we introduce a general paradigm called identity-based extractable hash proof system (IB-EHPS), which is an extension of extractable hash proof system (EHPS) proposed by Wee (CRYPTO '10). We show how to construct identity-based encryption (IBE) scheme from IB-EHPS in a simple and modular fashion. Our construction provides a generic method of building and interpreting CCA-secure IBE schemes based on computational assumptions. As instantiations, we realize IB-EHPS from the bilinear Diffie-Hellman assumption and the modified bilinear Diffie-Hellman assumption, respectively.

Wenling Liu,Zhen Liu,Khoa Nguyen,Guomin Yang,Yu

DOI: https://doi.org/10.1007/978-3-030-59013-0_18

2020-01-01

Abstract:As a widely used privacy-preserving technique for cryptocurrencies, Stealth Address constitutes a key component of Ring Confidential Transaction (RingCT) protocol and it was adopted by Monero, one of the most popular privacy-centric cryptocurrencies. Recently, Liu et al. [EuroS&P 2019] pointed out a flaw in the current widely used stealth address algorithm that once a derived secret key is compromised, the damage will spread to the corresponding master secret key, and all the derived secret keys thereof. To address this issue, Liu et al. introduced Key-Insulated and Privacy-Preserving Signature Scheme with Publicly Derived Public Key (PDPKS scheme), which captures the functionality, security, and privacy requirements of stealth address in cryptocurrencies. They further proposed a paring-based PDPKS construction and thus provided a provably secure stealth address algorithm. However, while other privacy-preserving cryptographic tools for RingCT, such as ring signature, commitment, and range proof, have successfully found counterparts on lattices, the development of lattice-based stealth address scheme lags behind and hinders the development of quantum-resistant privacy-centric cryptocurrencies following the RingCT approach. In this paper, we propose the first lattice-based PDPKS scheme and prove its security in the random oracle model. The scheme provides (potentially) quantum security not only for the stealth address algorithm but also for the deterministic wallet. Prior to this, the existing deterministic wallet algorithms, which have been widely adopted by most Bitcoin-like cryptocurrencies due to its easy backup/recovery and trustless audits, are not quantum resistant.

Shifeng Sun,Dawu Gu,Man Ho Au,Shuai Han,Yu Yu,Joseph K. Liu

DOI: https://doi.org/10.1007/978-3-030-21568-2_24

2019-01-01

Abstract:We revisit the problem of constructing public key encryption (PKE) secure against both key-leakage and tampering attacks. First, we present an enhanced security against both kinds of attacks, namely strong leakage and tamper-resilient chosen-ciphertext (sLTR-CCA) security, which imposes only minimal restrictions on the adversary's queries and thus captures the capability of the adversary in a more reasonable way. Then, we propose a generic paradigm achieving this security on the basis of a refined hash proof system (HPS) called public-key-malleable HPS. The paradigm can not only tolerate a large amount of bounded key-leakage, but also resist an arbitrary polynomial of restricted tampering attacks, even depending on the challenge phase. Moreover, the paradigm with slight adaptations can also be proven sLTR-CCA secure with respect to subexponentially hard auxiliary-input leakage. In addition, we instantiate our paradigm under certain standard number-theoretic assumptions, and thus, to our best knowledge, obtain the first efficient PKE schemes possessing the strong bounded/auxiliary-input leakage and tamper-resilient chosen-ciphertext security in the standard model.

Jiang Zhang,Yu Chen,Zhenfeng Zhang

DOI: https://doi.org/10.1007/s00145-023-09488-w

2023-12-01

Journal of Cryptology

Abstract:Driven by the open problem raised by Hofheinz and Kiltz (J Cryptol 25(3):484–527, 2012), we study the formalization of lattice-based programmable hash function (PHF) and give three types of concrete constructions by using several techniques such as a novel combination of cover-free sets and lattice trapdoors. Under the inhomogeneous small integer solution (ISIS) assumption, we show that any (non-trivial) lattice-based PHF is a collision-resistant hash function, which gives a direct application of this new primitive. We further demonstrate the power of lattice-based PHF by giving generic constructions of signature and identity-based encryption (IBE) in the standard model, which not only provide a way to unify several previous lattice-based schemes using the partitioning proof techniques, but also allow us to obtain new short signature schemes and IBE schemes from (ideal) lattices. Specifically, by instantiating the generic constructions with our Type-II and Type-III PHF constructions, we immediately obtain two short signatures and two IBE schemes with asymptotically much shorter keys. A major downside which inherits from our Type-II and Type-III PHF constructions is that we can only prove the security of the new signatures and IBEs in the bounded security model that the number Q of the adversary's queries is required to be known in advance. Another downside is that the computational time of our new signatures and IBEs is a linear function of Q , which is large for typical parameters. To overcome the above limitations, we also give a refined way of using Type-II and Type-III PHFs to construct lattice-based short signatures with short verification keys in the full security model. In particular, our methods depart from the confined guessing technique of Böhl et al. (Eurocrypt'13) that was used to construct previous standard model short signature schemes with short verification keys by Ducas and Micciancio (Crypto'14) and by Alperin-Sheriff (PKC'15) and allow us to achieve much tighter security from weaker hardness assumptions.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Qiqi Lai,Feng-Hao Liu,Zhedong Wang

DOI: https://doi.org/10.1007/978-3-030-97131-1_8

IF: 1.4

2024-01-01

Designs Codes and Cryptography

Abstract:We derive the first adaptively secure IBE and ABE for t-CNF, and selectively secure ABE for general circuits from lattices, with 1-o(1) leakage rates, in the both relative leakage model and bounded retrieval model (BRM). To achieve this, we first identify a new fine-grained security notion for ABE - partially adaptive/selective security, and instantiate this notion from LWE. Then, by using this notion, we design a new key compressing mechanism for identity-based/attributed-based weak hash proof system (IB/AB-wHPS) for various policy classes, achieving (1) succinct secret keys and (2) adaptive/selective security matching the existing non-leakage resilient lattice-based designs. Using the existing connection between weak hash proof system and leakage resilient encryption, the succinct-key IB/AB-wHPS can yield the desired leakage resilient IBE/ABE schemes with the optimal leakage rates in the relative leakage model. Finally, by further improving the prior analysis of the compatible locally computable extractors, we can achieve the optimal leakage rates in the BRM.

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.1504/ijesdf.2013.054403

2013-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Lattice-based hierarchical identity-based signature HIBS schemes are receiving significant attention due to provable security reductions and potential security for quantum computers. However, most of the existing HIBS schemes based on lattices are less efficient for practical applications. To make lattice-based HIBS schemes become more practical, this paper presents an efficient HIBS scheme from lattices. Both the secret key size and the signature length of our proposal are much shorter than those of other lattice-based HIBS proposals. Our scheme is proven to be strongly unforgeable against adaptive identity attacks in the random oracle model. The security of the construction relies on the standard short integer solution SIS assumption.

Qihong Yu,Jiguo Li,Sai Ji

DOI: https://doi.org/10.1155/2022/8220259

IF: 1.968

2022-01-24

Security and Communication Networks

Abstract:The side channel attacks will lead to the destruction of the security of the traditional cryptographic scheme. Leakage-resilient identity-based signature has attracted great attention. Based on the dual system encryption technology, we construct an identity-based signature scheme that can resist continuous private key leakage. In the standard model, the security of the scheme is proved. The key points of our leakage-resilient signature scheme are as follows: (1) The private key can be extended according to the security requirements. In other words, when the leakage is serious, we can select a bigger value n, where n is a parameter related to the leakage rate. (2) An elaborate key update algorithm makes the scheme resist continuous leakage attacks. Furthermore, the updated private key has the same distribution as the previous private key. (3) The proposed scheme is fully secure in the standard model rather than in the random oracle model or in the general group model. In order to achieve this goal, we use dual system encryption technology. Thus, the security of the constructed scheme does not depend on the number of queries of the attacker.

computer science, information systems,telecommunications

Zesheng Lin,Hongbo Li,Xinjian Chen,Meiyan Xiao,Qiong Huang

DOI: https://doi.org/10.1109/tifs.2024.3459646

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:To reduce data storage costs, more individuals are using cloud servers for reliable, scalable, cost-effective, and globally accessible solutions. However, storing data in plaintext on cloud servers can lead to data leakage risks. Moreover, the advancement of quantum computing poses a threat to traditional encryption algorithms. To counter quantum computing attacks and enable searches over encrypted keywords, lattice-based searchable encryption with conjunctive keyword search has been implemented. Nonetheless, existing schemes expose keyword fields and leaks additional information. To mitigate this, we propose a privacy-preserving method based on lattice hardness assumptions. It enables testing the existence of an encrypted keyword in a set of encrypted keywords without requiring the keyword fields. Additionally, we propose two improved methods: one for inclusion-based searches between two keyword sets, and another for range-based keyword searches. These form the basis for three lattice-based identity-based searchable encryption schemes that support disjunctive, conjunctive, and range keyword searches, respectively. The storage overhead of ciphertexts and trapdoors is unaffected by the number of keywords, making our scheme suitable for multi-keyword search scenarios. Our formal security analysis uses the learning with errors (LWE) assumption and our theoretical analysis and experimental simulations show comparable efficiency and low storage overhead.

Vipin Singh Sehrawat,Yvo Desmedt

DOI: https://doi.org/10.1007/978-3-030-31578-8_1

2020-08-21

Abstract:We define a pseudorandom function (PRF) $F: \mathcal{K} \times \mathcal{X} \rightarrow \mathcal{Y}$ to be bi-homomorphic when it is fully Key homomorphic and partially Input Homomorphic (KIH), i.e., given $F(k_1, x_1)$ and $F(k_2, x_2)$, there is an efficient algorithm to compute $F(k_1 \oplus k_2, x_1 \ominus x_2)$, where $\oplus$ and $\ominus$ are (binary) group operations. The homomorphism on the input is restricted to a fixed subset of the input bits, i.e., $\ominus$ operates on some pre-decided $m$-out-of-$n$ bits, where $|x_1| = |x_2| = n$, and the remaining $n-m$ bits are identical in both inputs. In addition, the output length, $\ell$, of the operator $\ominus$ is not fixed and is defined as $n \leq \ell \leq 2n$, hence leading to Homomorphically induced Variable input Length (HVL) as $n \leq |x_1 \ominus x_2| \leq 2n$. We present a learning with errors (LWE) based construction for a HVL-KIH-PRF family. Our construction is inspired by the key homomorphic PRF construction due to Banerjee and Peikert (Crypto 2014). An updatable encryption scheme allows rotations of the encryption key, i.e., moving existing ciphertexts from old to new key. These updates are carried out via \emph{update tokens}, which can be used by an untrusted party since the update procedure does not involve decryption of the ciphertext. We use our novel PRF family to construct an updatable encryption scheme, named QPC-UE-UU, which is quantum-safe, post-compromise secure and supports unidirectional ciphertext updates, i.e., the update tokens can be used to perform ciphertext updates but they cannot be used to undo already completed updates. Our PRF family also leads to the first left/right key homomorphic constrained-PRF family with HVL.

Cryptography and Security

Xiujie Zhang,Chunxiang Xu,Wanpeng Li

DOI: https://doi.org/10.12733/jcis6075

2013-01-01

Journal of Computational Information Systems

Abstract:In this paper, we construct a new Leakage-Resilient Predicate Encryption (LR-PE) scheme, which is a generalization of Leakage-Resilient Identity-Based Encryption (LR-IBE). In the selectively secure sense, by applying the randomness extractor to predicate encryption scheme, the proposed LR-PE scheme is proven to be leakage resilience and attribute-hiding under two static assumptions. Our security proof holds in the standard model. Furthermore, we show our scheme tolerating the leakage rate up to at most 1/12. © 2013 by Binary Information Press.

Huafei Zhu,Lixin Ran,Yumin Wang

IF: 1.019

1999-01-01

Chinese Journal of Electronics

Abstract:Cryptographic hash functions are very important for cryptographic protocols such as signature scheme and message authentication. Based on the pioneer work of X. Lai et al., a new framework of hash algorithm is developed in this paper. In our hash scheme, an extra pseudorandom keystream generator is not needed which may be more conveniently for practical use. We have proved that the security of the new hash scheme is equivalent to that of feedback shift registers (FSRs) controlled by 2m - bit security keys.

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.3233/FI-2016-1353

2016-01-01

Fundamenta Informaticae

Abstract:Identity-based signature is an important technique for light-weight authentication. Recently, many efforts have been made to construct identity-based signatures over lattice assumptions since they would remain secure in future quantum age. In this paper we present a new identity-based signature scheme from lattice problems. This scheme is more efficient than other lattice-based identity-based signature schemes in terms of both computation and communication complexities. We prove its security in the random oracle model under short integer solution assumption that is as hard as approximating several worst-case lattice problems. We also extend the scheme to an identity-based message recovery signature scheme that has better performance.