Abstract
The security for many certificate-based encryption schemes was considered under the ideal condition, where the attackers rarely have the secret state for the solutions. However, with a side-channel attack, attackers can obtain partial secret values of the schemes. In order to make the scheme more practical, the security model for the certificate-based encryption which is resilient to continual leakage is first formalized. The attackers in the security model are permitted to get some secret information continuously through the side-channel attack. Based on the certificate-based key encapsulation scheme, a novel certificate-based encryption scheme is proposed, which is resilient to the continual leakage. In the standard model, the new scheme we propose is proved to be secure under the decisional truncated q-augmented bilinear Diffie–Hellman exponent hard problem and the decisional 1-bilinear Diffie–Hellman inversion hard problem. Additionally, the new scheme can resist the chosen-ciphertext attack. Moreover, a comparison is performed with other related schemes, where the proposed solution further considers the continual leakage-resilient property and exhibits less computation cost.
Highlights
En, three continuous leakage-resilient identity-based encryption (IBE) methods [26,27,28] have been put forward
Leakage amplification was proposed in [26] which constructs continuous leakage-resilient secure IBE scheme, which is considered an arbitrary length of the leakage parameter. e authors in [27] offered a new updatable identity-based hash proof system which is adopted to construct the continuous leakage-resilience identity-based cryptosystem
In order to solve this problem, Zhang [36] delivered a concrete construction for resilient-leakage ciphertext-policy attribute-based encryption (CP-ABE) and provided a key update procedure to support continual leakage tolerance
Summary
It is said that the decisional truncated q-ABDHE problem is hard if AdvqA−ABDHE is arbitrarily small for all PPT adversaries A. We define the decisional 1 − BDHI problem as follows: given D (g, gα) ∈ G2, where α ∈ Zp∗ and T ∈ GT, output 1 if T e(g, g)1/α and 0 otherwise. We say that the decisional 1 − BDHI problem is hard if Adv1A−BDHI is ignorable for all PPT adversaries A. E statistical distance between random variables X and Y is given by SD(X, Y) 1/2x|Pr[X x] − Pr[Y x]|, with x ∈ F, where F denotes a finite field. A random function Ext : G × {0, 1}μ ⟶ {0, 1}η is regarded as an average-case (m, ε)-strong extractor if μ, η ∈ N, X ∈ G, m ∈ N and H ∞(X | Y) ≥ m for all X, Y, we obtain SD((Ext(X, Uμ), Uμ, Y), (Uη, Uμ, Y)) ≤ ε, with two variables Uμ and Uη having uniform distributions over {0, 1}μ, {0, 1}η respectively, and ε being negligible
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
