TY - GEN
T1 - Distributed public key schemes secure against continual leakage
AU - Akavia, Adi
AU - Goldwasser, Shafi
AU - Hazay, Carmit
PY - 2012
Y1 - 2012
N2 - In this work we study distributed public key schemes secure against continual memory leakage. The secret key will be shared among two computing devices communicating over a public channel, and the decryption operation will be computed by a simple 2-party protocol between the devices. Similarly, the secret key shares will be periodically refreshed by a simple 2-party protocol executed in discrete time periods throughout the lifetime of the system. The leakage adversary can choose pairs, one per device, of polynomial time computable length shrinking (or entropy shrinking) functions, and receive the value of the respective function on the internal state of the respective device (namely, on its secret share, internal randomness, and results of intermediate computations). We present distributed public key encryption (DPKE) and distributed identity based encryption (DIBE) schemes that are secure against continual memory leakage, under the Bilinear Decisional Diffie-Hellman and $2$-linear assumptions. Our schemes have the following properties: 1. Our DPKE and DIBE schemes tolerate leakage at all times, including during refresh. During refresh the tolerated leakage is a (1/2-o (1),1)-fraction of the secret memory of P 1, P 2 respectively; and at all other times (post key generation) the tolerated leakage is a (1-o (1),1)-fraction of the secret memory of P 1, P 2 respectively. Our DIBE scheme tolerates leakage from both the master secret key and the identity based secret keys. Our DPKE scheme is CCA2-secure against continual memory leakage. Our DPKE scheme also implies a secure storage system on leaky devices, where a value s can be secretely stored on devices that continually leak information about their internal state to an external attacker. The devices go through a periodic refresh protocol. These properties improve on bounds and properties of known constructions designed to be secure against continual memory leakage in the single processor model.
AB - In this work we study distributed public key schemes secure against continual memory leakage. The secret key will be shared among two computing devices communicating over a public channel, and the decryption operation will be computed by a simple 2-party protocol between the devices. Similarly, the secret key shares will be periodically refreshed by a simple 2-party protocol executed in discrete time periods throughout the lifetime of the system. The leakage adversary can choose pairs, one per device, of polynomial time computable length shrinking (or entropy shrinking) functions, and receive the value of the respective function on the internal state of the respective device (namely, on its secret share, internal randomness, and results of intermediate computations). We present distributed public key encryption (DPKE) and distributed identity based encryption (DIBE) schemes that are secure against continual memory leakage, under the Bilinear Decisional Diffie-Hellman and $2$-linear assumptions. Our schemes have the following properties: 1. Our DPKE and DIBE schemes tolerate leakage at all times, including during refresh. During refresh the tolerated leakage is a (1/2-o (1),1)-fraction of the secret memory of P 1, P 2 respectively; and at all other times (post key generation) the tolerated leakage is a (1-o (1),1)-fraction of the secret memory of P 1, P 2 respectively. Our DIBE scheme tolerates leakage from both the master secret key and the identity based secret keys. Our DPKE scheme is CCA2-secure against continual memory leakage. Our DPKE scheme also implies a secure storage system on leaky devices, where a value s can be secretely stored on devices that continually leak information about their internal state to an external attacker. The devices go through a periodic refresh protocol. These properties improve on bounds and properties of known constructions designed to be secure against continual memory leakage in the single processor model.
KW - cca2-security
KW - continual leakage
KW - distributed public key encryption
KW - ibe
UR - http://www.scopus.com/inward/record.url?scp=84864982865&partnerID=8YFLogxK
U2 - 10.1145/2332432.2332462
DO - 10.1145/2332432.2332462
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84864982865
SN - 9781450314503
T3 - Proceedings of the Annual ACM Symposium on Principles of Distributed Computing
SP - 155
EP - 164
BT - PODC'12 - Proceedings of the 2012 ACM Symposium on Principles of Distributed Computing
T2 - 2012 ACM Symposium on Principles of Distributed Computing, PODC'12
Y2 - 16 July 2012 through 18 July 2012
ER -