leakage resilient chosen ciphertext secure public key
play

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption - PowerPoint PPT Presentation

Sep 21, 2023 •106 likes •580 views

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore, India B. Qin and S. Liu LR-CCA Secure

  1. Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore, India B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF

  2. ������������ Why We Consider Secrets Leak? T HEORY R EAL L IFE � � Ideal setting Physical implementation leaks � information Private internal secret state � e.g.: secret key/ randomness secret state secret state B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  3. ������������ Why We Consider Secrets Leak? T HEORY R EAL L IFE � � Ideal setting Physical implementation leaks electromagnetic � information Private internal secret state radiation � e.g.: secret key/ randomness time secret state secret state Side channel attacks sound B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  4. ������������ Why We Consider Secrets Leak? T HEORY R EAL L IFE � � Ideal setting Physical implementation leaks electromagnetic � information Private internal secret state radiation � e.g.: secret key/ randomness time secret state secret state Side channel attacks sound Only computation leaks information [Micali and Reyzin 04] B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  5. ������������ Bounded Leakage Model � Inspired by “cold-boot” attack/memory attack [Halderman et al.08] � Not only computation leaks information � Model: leakage oracle secret key: SK • • • Leakage rate: B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  6. ������������ Public-Key Encryption Semantic security against key leakage and CCA [NS09] Adversary y Decryption queries Leakage queries B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  7. ������������ Public-Key Encryption Semantic security against key leakage and CCA [NS09] Adversary y Decryption The adversary succeeds if queries b=b’ Advantage: Pr[b=b’]-1/2 Leakage queries B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  8. ������������ Previous Works � High leakage-rate (e.g. 1-o(1), using NIZK) but � either no efficient instantiations [NS09] or � over a pairing-friendly group (efficient, but the ciphertext size is a little bit large) [Dodis et al.10, Galindo et al.12] B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  9. ������������ Previous Works � High leakage-rate (e.g. 1-o(1), using NIZK) but � either no efficient instantiations [NS09] or � over a pairing-friendly group (efficient, but the ciphertext size is a little bit large) [Dodis et al.10, Galindo et al.12] � Low leakage rate (e.g. 1/4-o(1)), but � very practical construction via hash proof system [NS09,Li et al.12, Liu et al.13] � has short ciphertext size (for reasonable leakage rate) � Instantiations under DDH, DCR etc. (without pairing) B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  10. ������������ Question From [Dodis et al. Asiacrypt 2010] …, it seems that the hash proof system approach to building CCA encryption is inherently limited to leakage-rates below 1/2: this is because the secret-key consists of two components (one for verifying that the ciphertext is well-formed and one for decrypting it) and the proofs break down if either of the components is individually leaked in its entirety. However, no HPS-based PKEs are known achieving leakage- rate 1/2-o(1), especially under DDH or DCR assumptions. Question: can we find a new way to construct LR-CCA secure PKEs which are as practical as HPS with reasonable high leakage-rates, like 1/2-o(1)? B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  11. ������������ Hash Proof System[CS02] � Family of projective hash functions � Subset membership problem: (valid/invalid) B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  12. ������������ Hash Proof System[CS02] � Family of projective hash functions � Subset membership problem: (valid/invalid) SK space PK space B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  13. ������������ Hash Proof System[CS02] � Family of projective hash functions � Subset membership problem: (valid/invalid) SK space Public evaluation Private evaluation PK space B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  14. ������������ Hash Proof System[CS02] � Family of projective hash functions � Subset membership problem: (valid/invalid) SK space High entropy Public evaluation Private evaluation •universal/universal 2 •smooth PK space B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  15. ������������ HPS-based Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  16. ������������ HPS-based Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  17. ������������ HPS-based Approach (language) additional input Prove Mask message •Leakage amount is at most: •In fact smaller than B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  18. ������������ HPS-based Approach (language) additional input Leakage-rate: Prove Mask message •Leakage amount is at most: •In fact smaller than B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  19. ������������ HPS-based Approach (language) additional input Leakage-rate: Best result: 1/4 –o(1) under DDH assumption Prove Mask message •Leakage amount is at most: •In fact smaller than B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  20. ������������ Our Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  21. ������������ Our Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  22. ������������ Our Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  23. ������������ Our Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  24. ������������ Our Approach (language) additional input Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  25. ������������ Our Approach (language) additional input Leakage-rate: Our result: 1/2 –o(1) under DDH /DCR Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  26. ������������ Our Approach (language) additional input Leakage-rate: One-Time Lossy Filter Our result: 1/2 –o(1) under DDH /DCR Prove Mask message B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  27. ������������ ������������ B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

  28. ������������ ������������ B. Qin and S. Liu B. Qin and S. Liu LR-CCA Secure PKE from HPS and OT-LF LR-CCA Secure PKE from HPS and OT-LF

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy Duong Hieu Phan David Pointcheval ENS France CNRS-ENS France Asiacrypt '03 Taipei - Taiwan December 1 st 2003 Summary Summary Asymmetric

235 views • 21 slides
Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks joint work with Pierre-Alain

Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks joint work with Pierre-Alain

Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks joint work with Pierre-Alain Fouque Asiacrypt 01 Gold Coast - Australia December 2001 David Pointcheval Dpartement dInformatique ENS - CNRS David.Pointcheval@ens.fr

436 views • 9 slides
LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov Gordon, Feng-Hao Lui, Adam, ONeill, and Hong-Sheng Zhou O UTLINE OF T ALK Leakage Models for PKE Bounded, Continual, and Continual w/ Leakage on

1.05k views • 102 slides
Leakage Stefan Dziembowski Tomasz Kazana Daniel Wichs Main contribution We propose a secure

Leakage Stefan Dziembowski Tomasz Kazana Daniel Wichs Main contribution We propose a secure

Key-Evolution Schemes Resilient to Space Bounded Leakage Stefan Dziembowski Tomasz Kazana Daniel Wichs Main contribution We propose a secure scheme for deterministic key-evolution Properties: leakage-resilient in the random oracle

668 views • 27 slides
Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy

Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy

Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model Jol Alwen, Yevgeniy Dodis, Daniel Wichs New York University Speaker: Daniel Wichs CRYPTO 09 Goal of Leakage-Resilient Crypto Model of Leakage Resilience

303 views • 29 slides
Chosen-Ciphertext Security from Subset Sum PKC 2016, 07.03.2016 Sebastian Faust 1 Daniel Masny 1

Chosen-Ciphertext Security from Subset Sum PKC 2016, 07.03.2016 Sebastian Faust 1 Daniel Masny 1

Chosen-Ciphertext Security from Subset Sum PKC 2016, 07.03.2016 Sebastian Faust 1 Daniel Masny 1 Daniele Venturi 2 1 Ruhr Universitt Bochum 2 Sapienza University of Rome 1 Outline 1 Our Contribution 2 Subset Sum 3 CCA secure PKE 4 Tag-Based

965 views • 80 slides
Implementation and Evaluation of a Leakage-Resilient ElGamal KEM David Galindo 1 , 2 , Johann

Implementation and Evaluation of a Leakage-Resilient ElGamal KEM David Galindo 1 , 2 , Johann

Implementation and Evaluation of a Leakage-Resilient ElGamal KEM David Galindo 1 , 2 , Johann Groschdl 3 , Zhe Liu 3 , Praveen K. Vadnala 3 , Srinivas Vivek 3 1 CNRS/Loria, France 2 SCYTL Secure Electronic Voting, Spain 3 University of

712 views • 33 slides
Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of

Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of

Public-Key Cryptosystems Resilient to Key Leakage Moni Naor Gil Segev Weizmann Institute of Science Israel Foundations of Cryptography Rigorous analysis of the security of cryptographic schemes Adversarial model Notion of security

428 views • 20 slides
Leakage-Resilient Zero Knowledge Sanjam Garg Abhishek Jain Amit Sahai Leakage-Resilient

Leakage-Resilient Zero Knowledge Sanjam Garg Abhishek Jain Amit Sahai Leakage-Resilient

Leakage-Resilient Zero Knowledge Sanjam Garg Abhishek Jain Amit Sahai Leakage-Resilient Cryptography Traditional Cryptography: adv has only black-box access to a cryptosystem I O LR-Cryptography: open the black-box more

279 views • 25 slides
Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein

Implementing Practical leakage-resilient symmetric cryptography Daniel J. Bernstein University of Illinois at Chicago, Technische Universiteit Eindhoven CHES 2012 paper Practical leakage-resilient symmetric cryptography (Faust,

669 views • 30 slides
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar Pandey Indian Statistical Institute Kolkata January 14, 2012 Sumit Kumar Pandey Relaxing IND-CCA: Indistinguishability Against Chosen Outline 1

624 views • 37 slides
Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key

Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key

Adaptive partitioning Dennis Hofheinz (KIT, Karlsruhe) Public-Key Encryption Public-Key Encryption Accepted security notion: chosen-ciphertext security (IND-CCA) Public-Key Encryption Accepted security notion: chosen-ciphertext security

1.16k views • 83 slides
Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext Security Jian Weng, Yanjiang

Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext Security Jian Weng, Yanjiang

Introduction Model of C-PRE Our proposed C-PRE Scheme Conclusion Efficient Conditional Proxy Re-Encryption with Chosen-Ciphertext Security Jian Weng, Yanjiang Yang, Qiang Tang, Robert H. Deng, Feng Bao Institute for Infocomm Research (I2R),

1.04k views • 15 slides
LR 2 : LR : Le Leakage-Re Resilient La Layout t Ra Randomization fo for Mo Mobile

LR 2 : LR : Le Leakage-Re Resilient La Layout t Ra Randomization fo for Mo Mobile

LR 2 : LR : Le Leakage-Re Resilient La Layout t Ra Randomization fo for Mo Mobile Devices Kjell Braden , Stephen Crane, Lucas Davi , Michael Franz , Per Larsen , Christopher Liebchen , Ahmad- Reza Sadeghi

578 views • 38 slides
On the power of non-adaptive quantum chosen-ciphertext attacks joint work with Gorjan Alagic

On the power of non-adaptive quantum chosen-ciphertext attacks joint work with Gorjan Alagic

On the power of non-adaptive quantum chosen-ciphertext attacks joint work with Gorjan Alagic (UMD, NIST), Stacey Jeffery (QuSoft, CWI), and Maris Ozols (QuSoft, UvA) Alexander Poremba August 29, 2018 Heidelberg University; California Institute

511 views • 24 slides
Leakage Resilient Masking Schemes Sebastian Faust Ruhr University Bochum 1 Modern cryptography

Leakage Resilient Masking Schemes Sebastian Faust Ruhr University Bochum 1 Modern cryptography

Leakage Resilient Masking Schemes Sebastian Faust Ruhr University Bochum 1 Modern cryptography Until 1970s: Design crypto algorithm secure against one attack Find attack C Find attack B Crypto Crypto algorithm A algorithm B secure against

631 views • 51 slides
Reconstruction and identification of hadronic tau at 13 TeV Aniello Spiezia, Taozhe YU CLHCP

Reconstruction and identification of hadronic tau at 13 TeV Aniello Spiezia, Taozhe YU CLHCP

Reconstruction and identification of hadronic tau at 13 TeV Aniello Spiezia, Taozhe YU CLHCP 2018.12.20-22, WuHan Performance of reconstruction and identification of leptons decaying to hadrons and v in pp collisions at s=13

226 views • 10 slides
Sinking Fund Sinking Fund Millage In 2016 Voters Approved 5-Year Sinking Fund Millage of 1.6

Sinking Fund Sinking Fund Millage In 2016 Voters Approved 5-Year Sinking Fund Millage of 1.6

Hopkins Public Schools Sinking Fund Sinking Fund Millage In 2016 Voters Approved 5-Year Sinking Fund Millage of 1.6 Mills This generated about $450,000 per year High School Kiln Room High School Kiln Room Corridor High School

382 views • 22 slides
An Asymmetric Multi-core Architecture for Accelerating Critical Sections M. Aater Suleman

An Asymmetric Multi-core Architecture for Accelerating Critical Sections M. Aater Suleman

An Asymmetric Multi-core Architecture for Accelerating Critical Sections M. Aater Suleman Advisor: Yale Patt HPS Research Group The University of Texas at Austin 1 Acknowledgements Moinuddin Qureshi (IBM Research, HPS) Onur Mutlu (Microsoft

348 views • 18 slides
HPS Can Improve Problem- Solving Ricardo Lopes Coelho Faculdade de Cincias Universidade de

HPS Can Improve Problem- Solving Ricardo Lopes Coelho Faculdade de Cincias Universidade de

HPS Can Improve Problem- Solving Ricardo Lopes Coelho Faculdade de Cincias Universidade de Lisboa & Centro de Histria das Cincias e Tecnologia FFP 14 University of Aix Marseille, July 2014 Plan of the talk 1. On the concept of

709 views • 66 slides
Regular Lossy Functions and Applications in Leakage-Resilient Cryptography CT-RSA 2018 April

Regular Lossy Functions and Applications in Leakage-Resilient Cryptography CT-RSA 2018 April

Regular Lossy Functions and Applications in Leakage-Resilient Cryptography CT-RSA 2018 April 20th, 2018 1 / 41 Yu Chen 1 Baodong Qin 2 Haiyang Xue 1 1 SKLOIS, IIE, Chinese Academy of Sciences 2 Xian University of Posts and Telecommunication

1.92k views • 115 slides
Introd u ction to E x plorator y Data Anal y sis STATISTIC AL TH IN K IN G IN P YTH ON ( PAR T 1

Introd u ction to E x plorator y Data Anal y sis STATISTIC AL TH IN K IN G IN P YTH ON ( PAR T 1

Introd u ction to E x plorator y Data Anal y sis STATISTIC AL TH IN K IN G IN P YTH ON ( PAR T 1 ) J u stin Bois Lect u rer at the California Instit u te of Technolog y E x plorator y data anal y sis The process of organi z ing , plo ing ,

734 views • 45 slides
Uranium Medical Research Center Washington, New York, Toronto, London www.umrc.net The

Uranium Medical Research Center Washington, New York, Toronto, London www.umrc.net The

Uranium Medical Research Center Washington, New York, Toronto, London www.umrc.net The Quantitative Analysis of Uranium Isotopes in the Urine of Civilians after Operation Enduring Freedom in Jalalabad, Afghanistan A. Durakovic, R. Parrish,

427 views • 19 slides
Performance analysis with Periscope M. Gerndt, V. Petkov, Y. Oleynik, S. Benedict Technische

Performance analysis with Periscope M. Gerndt, V. Petkov, Y. Oleynik, S. Benedict Technische

Technische Universitt Mnchen Performance analysis with Periscope M. Gerndt, V. Petkov, Y. Oleynik, S. Benedict Technische Universitt Mnchen September 2010 Technische Universitt Mnchen Outline Motivation Periscope architecture

337 views • 22 slides

More recommend