efficient public key cryptosystem resilient to key leakage chosen ciphertext attacks
文献类型:会议论文
作者 | Liu Shengli ; Weng Jian ; Zhao Yunlei |
出版日期 | 2013 |
会议名称 | Cryptographers' Track at the RSA Conference 2013, CT-RSA 2013 |
会议日期 | February 25, 2013 - March 1, 2013 |
会议地点 | San Francisco, CA, United states |
关键词 | Artificial intelligence |
页码 | 84-100 |
中文摘要 | Leakage-resilient public key encryption (PKE) schemes are designed to resist "memory attacks", i.e., the adversary recovers the cryptographic key in the memory adaptively, but subject to constraint that the total amount of leaked information about the key is bounded by some parameter λ. Among all the IND-CCA2 leakage-resilient PKE proposals, the leakage-resilient version of the Cramer-Shoup cryptosystem (CS-PKE), referred to as the KL-CS-PKE scheme proposed by Naor and Segev in Crypto09, is the most practical one. But, the key leakage parameter λ and plaintext length m of KL-CS-PKE are subject to λ + m &le log q - ω(log κ), where κ is security parameter and q is the prime order of the group on which the scheme is based. Such a dependence between λ and m is undesirable. For example, when λ (resp., m) approaches to log q, m (resp., λ) approaches to 0. In this paper, we designed a new variant of CS-PKE that is resilient to key leakage chosen ciphertext attacks. Our proposal is λ &le log q - ω(log κ) leakage-resilient, and the leakage parameter λ is independent of the plaintext space that has the constant size q (exactly the same as that in CS-PKE). The performance of our proposal is almost as efficient as the original CS-PKE. As far as we know, this is the first leakage-resilient CS-type cryptosystem whose plaintext length is independent of the key leakage parameter, and is also the most efficient IND-CCA2 PKE scheme resilient to up to log q - ω(log κ) leakage. © 2013 Springer-Verlag. |
英文摘要 | Leakage-resilient public key encryption (PKE) schemes are designed to resist "memory attacks", i.e., the adversary recovers the cryptographic key in the memory adaptively, but subject to constraint that the total amount of leaked information about the key is bounded by some parameter λ. Among all the IND-CCA2 leakage-resilient PKE proposals, the leakage-resilient version of the Cramer-Shoup cryptosystem (CS-PKE), referred to as the KL-CS-PKE scheme proposed by Naor and Segev in Crypto09, is the most practical one. But, the key leakage parameter λ and plaintext length m of KL-CS-PKE are subject to λ + m &le log q - ω(log κ), where κ is security parameter and q is the prime order of the group on which the scheme is based. Such a dependence between λ and m is undesirable. For example, when λ (resp., m) approaches to log q, m (resp., λ) approaches to 0. In this paper, we designed a new variant of CS-PKE that is resilient to key leakage chosen ciphertext attacks. Our proposal is λ &le log q - ω(log κ) leakage-resilient, and the leakage parameter λ is independent of the plaintext space that has the constant size q (exactly the same as that in CS-PKE). The performance of our proposal is almost as efficient as the original CS-PKE. As far as we know, this is the first leakage-resilient CS-type cryptosystem whose plaintext length is independent of the key leakage parameter, and is also the most efficient IND-CCA2 PKE scheme resilient to up to log q - ω(log κ) leakage. © 2013 Springer-Verlag. |
收录类别 | EI |
会议录 | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
语种 | 英语 |
ISSN号 | 0302-9743 |
ISBN号 | 9783642360947 |
源URL | [http://ir.iscas.ac.cn/handle/311060/15904] |
专题 | 软件研究所_软件所图书馆_会议论文 |
推荐引用方式 GB/T 7714 | Liu Shengli,Weng Jian,Zhao Yunlei. efficient public key cryptosystem resilient to key leakage chosen ciphertext attacks[C]. 见:Cryptographers' Track at the RSA Conference 2013, CT-RSA 2013. San Francisco, CA, United states. February 25, 2013 - March 1, 2013. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。