Abstract
In recent years, several new notions of security have begun receiving consideration for public-key cryptosystems, beyond the standard of security against adaptive chosen ciphertext attack (CCA2). Among these are security against randomness reset attacks, in which the randomness used in encryption is forcibly set to some previous value, and against constant secret-key leakage attacks, wherein the constant factor of a secret key’s bits is leaked. In terms of formal security definitions, cast as attack games between a challenger and an adversary, a joint combination of these attacks means that the adversary has access to additional encryption queries under a randomness of his own choosing along with secret-key leakage queries. This implies that both the encryption and decryption processes of a cryptosystem are being tampered under this security notion. In this paper, we attempt to address this problem of a joint combination of randomness and secret-key leakage attacks through two cryptosystems that incorporate hash proof system and randomness extractor primitives. The first cryptosystem relies on the random oracle model and is secure against a class of adversaries, called non-reversing adversaries. We remove the random oracle oracle assumption and the non-reversing adversary requirement in our second cryptosystem, which is a standard model that relies on a proposed primitive called LM lossy functions. These functions allow up to M lossy branches in the collection to substantially lose information, allowing the cryptosystem to use this loss of information for several encryption and challenge queries. For each cryptosystem, we present detailed security proofs using the game-hopping procedure. In addition, we present a concrete instantation of LM lossy functions in the end of the paper—which relies on the DDH assumption.
Highlights
Adaptive Chosen ciphertext attack (CCA2) secure cryptosystems
For any non-reversing, equality-respecting, polynomial-time adversary that makes (a) at most Qc challenge queries under multiple randomness indices, (b) at most Qe encryption queries under multiple randomness indices, and (c) at most Qd decryption queries, and following the attack game of Table 1, cryptosystem 1 is secure against (i) adaptive chosen ciphertext attack, (ii) λ bits of secret-key leakage, and (iii) randomness reset attacks
For any equality-respecting, polynomial-time adversary that makes (a) at most Qc challenge queries under multiple randomness indices, (b) at most Qe encryption queries under multiple randomness indices, and (c) at most Qd decryption queries, and following the attack game of Table 1, cryptosystem 2 is secure against (i) adaptive chosen ciphertext attack, (ii) λ bits of secret-key leakage, and (iii) randomness reset attacks
Summary
Adaptive Chosen ciphertext attack (CCA2) secure cryptosystems. Since the invention of the Diffie–Helman key exchange and the RSA primitive, public-key cryptography has become one of the most well-studied areas in cryptography research [1]. In terms of attack games between a challenger and an adversary, this implies that the adversary has access to additional encryption queries and secret-key leakage queries, aside from the usual decryption and challenge queries in a CCA2 attack game To address these challenges, we propose two cryptosystems; the first is a random oracle model, and the second is a standard model that relies on a proposed primitive, called L M lossy functions. This is because, while the random oracle model from [4] is useful for simplifying security proofs, it relies on the strong assumption that some hash functions are truly random, which may not necessarily be true, in practice [2] For this reason, standard models usually follow initial random models, albeit with some added complexity in their schemes. We present security proofs for our proposed cryptosystems using the well-known game-hopping proving scheme, as described in [2,19]
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have