Abstract
Key-dependent message (KDM) security is of great research significance, to better analyse and solve the potential security problems in complex application scenarios. Most of the current KDM security schemes are based on traditional hard mathematical problems, where the public key and ciphertext are not compact enough, and make the ciphertext size grow linearly with the degree of the challenge functions. To solve the above problems and the inefficient ciphertext operation, the authors propose a compact lattice-based cryptosystem with a variant of the RLWE problem, which applies an invertible technique to obtain the RLWE* problem. It remains hard after the modification from the RLWE problem. Compared with the ACPS scheme, our scheme further expands the set of challenge functions based on the affine function of the secret key, and the size of public key and ciphertext is O˜(n), which is independent of the challenge functions. In addition, this scheme enjoys a high level of efficiency, the cost of encryption and decryption is only ploylog(n) bit operations per message symbol, and we also prove that our scheme is KDM-CPA secure under the RLWE* assumption.
Highlights
With the rise of cloud computing and cloud storage technology, some application scenarios need to encrypt the secret key and its related information
In 1984, Goldwasser and Michali [1] first introduced the concept of key-dependent message security, which ensures the security of message f directly calculated from the secret key sk
We apply the invertible technique [18] to obtain the RLWE∗ problem, provide a new version by scaling the noise, and proving that it remains hard after the above modification
Summary
With the rise of cloud computing and cloud storage technology, some application scenarios need to encrypt the secret key and its related information. We can observe three urgent problems in KDM-secure public key encryption schemes: (1) how to securely encrypt the complex functions of the secret key ( itself); (2) how to construct the public-key encryption scheme with compact ciphertexts, and independent of the challenge functions, and (3) The existing compact cryptosystems are all based on lattice problems. We give a useful transformation to obtain the RLWE∗ assumption-Hermite normal form (HNF), namely, the secret chooses form error distribution As it happens, through noise scaling, the secret key just fits into the message space Rt, so our scheme can securely encrypt the linear functions of its secret key. If we do not expand the message space by scaling the noise, it is possible to construct a symmetric-key scheme for KDM security by directly encrypting the secret key to its linear functions.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
