Forward-secure Public-key Encryption Research Articles

Enabling Encrypted Cloud Emails with Data Encryption using Advanced Encryption Techniques

Abstract: Cloud computing offers a flexible and convenient means of exchanging data, with several advantages for both society and individuals. With the widespread usage of cloud emails and frequent reports of large-scale email leakage occurrences, the security property known as forward secrecy has become desirable and necessary for both users and cloud email service providers to increase the security of cloud email systems. Typical techniques of attaining forward secrecy, such as Diffie-Hellman key exchange and forward-secure public-key encryption, have not been extensively authorized and used because they fail to meet the security and practicality requirements of email systems at the same time. We introduce a new cryptographic primitive called forward-secure puncturable identity-based encryption (fs-PIBE) in this paper to capture forward secrecy of encrypted cloud email systems without sacrificing practicability. It allows an email user to perform fine-grained decryption capacity revocation. In the standard model, we design a framework for encrypted cloud email systems and instantiate it with a concrete fs-PIBE structure that has constant ciphertext size and proved security. We enhance the proposed fs-PIBE scheme to provide end-to-end encryption and outsourced decryption, respectively, to improve the security and efficiency of the presented framework.

PoS Blockchain-Based Forward-Secure Public Key Encryption with Immutable Keys and Post-Compromise Security Guarantees

We present a forward-secure public-key encryption (PKE) scheme without key update, i.e. both public and private keys are immutable. In contrast, prior forward-secure PKE schemes achieve forward security by constantly updating the secret keys. Our scheme is based on witness encryption by Garg et al. (STOC 2013) and a proof-of-stake blockchain with the distinguishable forking property introduced by Goyal et al. (TCC 2017), and ensures a ciphertext cannot be decrypted more than once, thereby rendering a compromised secret key useless with respect to decryption of past ciphertext the legitimate user has already decrypted. In this work, we formalize the notion of blockchain-based forward-secure PKE, show the feasibility of constructing a forward-secure PKE scheme without key update, and discuss interesting properties of our scheme such as post-compromise security.

Forward Secure Public Key Encryption with Keyword Search for Outsourced Cloud Storage

Cloud storage has become a primary industry in remote data management service but also attracts security concerns, where the best available approach for preventing data disclosure is encryption. Among them the public key encryption with keyword search (PKSE) is considered to be a promising technique, since clients can efficiently search over encrypted data files. That is, a client first generates a search token when to query data files, the cloud server uses the search token to proceed the query over encrypted data files. However, a serious attack is raised when PKSE meets cloud. Formally speaking, the cloud server can learn the information of a newly added encrypted data file containing the keyword that previously queried by using the search tokens it has received, and can further discover the privacy information. To address this issue, we propose a forward secure public key searchable encryption scheme, in which a cloud server cannot learn any information about a newly added encrypted data file containing the keyword that previously queried. To better understand the design principle, we introduce a framework for constructing forward secure public key searchable encryption schemes based on attribute-based searchable encryption. Finally, the experiments show our scheme is efficient.

Communication-Efficient and Fine-Grained Forward-Secure Asynchronous Messaging

In recent years, motivated by the revelation of long-term and widespread surveillance of personal communications, extensive efforts have been putting into <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">store-and-forward</i> asynchronous messaging systems (e.g., email and SMS) for providing critical security guarantees. Of particular interest among them is forward security, which makes past messages remain secure in the event that the secret key gets exposed. Traditional forward-secure public key encryption can provide forward security for asynchronous scenarios, but it is not flexible enough for instant messaging systems. This is mainly because that, after updating his/her secret key, the user totally loses the decryption capacity of ciphertexts that have not been received. In this paper, to achieve practical forward-security of asynchronous messaging systems, we investigate the construction of a new primitive named forward-secure puncturable encryption (FSPE) that captures fine-grained forward security. Namely, the user can maintain the decryption capacity of those encrypted messages that have not been received yet. Meanwhile, even if the secret key is disclosed, those received messages can still remain secure. Specifically, we propose a communication-efficient FSPE scheme for achieving fine-grained forward-secure asynchronous messaging. Moreover, to improve the efficiency of asynchronous messaging built upon FSPE, we extend it to support outsourced decryption. We also implement the proposed scheme and evaluate a proof-of-concept of main algorithms, so as to increase confidence on its correctness and practicability.

Enabling (End-to-End) Encrypted Cloud Emails With Practical Forward Secrecy

With the widespread use of cloud emails and frequent reports on large-scale email leakage events, a security property so-called forward secrecy becomes desirable and indispensable for both individuals and cloud email service providers to strengthen the security of cloud email systems. Specifically, forward secrecy can guarantee the confidentiality of those previously encrypted emails even if the user’s secret key gets exposed. However, due to the failure to meet the security and practicality requirements of email systems simultaneously, typical methods of achieving forward secrecy, such as Diffie-Hellman key exchange and forward-secure public-key encryption, have not been widely approved and adopted. In this article, to capture forward secrecy of encrypted cloud email systems without sacrificing the practicability, we introduce a new cryptographic primitive named forward-secure puncturable identity-based encryption (fs-PIBE), which enables an email user to perform fine-grained revocation of decryption capacity. In more detail, the user is allowed to preserve the decryption capacity of unreceived encrypted emails, while abolishing that of those received ones. Thus, it provides more practical forward secrecy than typical manners, in which the decryption capacity of received and unreceived encrypted emails is revoked simultaneously. Based on such a primitive, we build a framework of encrypted cloud email systems, and instantiate it with a concrete fs-PIBE construction that has constant size of ciphertext and provable security in the standard model. Furthermore, to improve the security and efficiency of the presented framework, we extend the proposed fs-PIBE scheme to support end-to-end encryption and outsourced decryption, respectively. In addition, as a proof-of-concept of the proposed fs-PIBE scheme, we implement it and produce various experiments to demonstrate its practicability and correctness.

FS-PEKS: Lattice-based Forward Secure Public-key Encryption with Keyword Search for Cloud-assisted Industrial Internet of Things

Cloud-assisted Industrial Internet of Things (IIoT) relies on cloud computing to provide massive data storage services. To ensure the confidentiality, sensitive industrial data need to be encrypted before being outsourced to cloud storage server. Public-key encryption with keyword search (PEKS) enables users to search target encrypted data by keywords. However, most existing PEKS schemes are based on conventional hardness assumptions, which are vulnerable to adversaries equipped with quantum computers in the near future. Moreover, they suffer from key exposure, and thus the security would be broken once the keys are compromised. In this paper, we propose a forward secure PEKS scheme (FS-PEKS) based on lattice assumptions for cloud-assisted IIoT, which is post-quantum secure. We integrate a lattice-based delegation mechanism into FS-PEKS to achieve forward security, such that the security of the system is still guaranteed even the keys are compromised by the adversaries. We define the first formal security model on forward security of PEKS, and prove the security of FS-PEKS under the model. As the keywords of industrial data are with inherently low entropy, we further extend FS-PEKS to resist insider keyword guessing attacks (IKGA). The comprehensive performance evaluation demonstrates that FS-PEKS is practical for cloud-assisted IIoT.

New forward-secure public-key encryption without random oracles

Forward-secure public-key cryptography is an important technique for protecting private keys. It provides the benefits of frequent updating private keys without changing public keys. The most attractive property of forward security is that even if an attacker obtains the private key for the current time period, she still cannot compromise the private keys for the past time. In this paper, we newly present a forward-secure public-key encryption scheme without random oracles and prove it to be chosen-ciphertext secure in the standard model. In the proposed scheme, the ciphertext size and the decryption time have no correlation with the number of time periods and other performance indices have at most poly logarithmic complexities in terms of the number of time periods. As far as we know, it is the first forward-secure public-key encryption scheme that achieves direct chosen-ciphertext security in the standard model.

A Practical Forward-Secure Public-Key Encryption Scheme

In open network, cryptographic operations are often performed on insecure, unprotected, and easily-stolen devices, therefore the threat of secret key exposure becomes more and more acute. The paradigm of forward security provides a promising approach to deal with the secret key exposure. This new paradigm guarantees that the compromise of current secret keys does not compromise past secret keys and past communications. Therefore, forward-security can minimize the resulting damage caused by the secret key exposure. In this paper, we present a practical forward-secure public-key encryption (FS-PKE) scheme and prove it to be forward-secure against selective-time period and adaptive chosen plaintext attacks in the standard model. The main performance parameters of our proposed scheme are independent on the total number of time periods in the scheme. When compared with the existing FS-PKE scheme, our proposed scheme is much more efficient and practical. We also discuss how our scheme achieves chosen ciphertext security in the standard model and in the random oracle model respectively.

Key Evolution Systems in Untrusted Update Environments

Forward-Secure Signatures (FSS) prevent forgeries for past time periods when an attacker obtains full access to the signer’s storage by evolving the private key in a one-way fashion. To simplify the integration of these primitives into standard security architectures, Boyen et al. [2006] recently introduced the concept of forward-secure signatures with untrusted updates where private keys are additionally protected by a second factor (derived from a password). Key updates can be made on encrypted version of signing keys so that passwords only come into play for signing messages and not at update time (since update is not user-driven). The scheme put forth by Boyen et al. relies on bilinear maps and does not require the random oracle. They also suggest the integration of untrusted updates in the Bellare-Miner forward-secure signature. Their work left open the problem of endowing other existing FSS systems with the same second factor protection, and a natural second question is whether the method can apply to other key-evolving paradigms. This article solves the first problem by showing an efficient generic construction that does not require to set a bound on the number of time periods at key generation. The article then extends the unprotected update model to other key-evolving primitives such as forward-secure public key encryption and key-insulated cryptosystems.

Forward-Secure Certificate-Based Encryption and its Generic Construction

In this paper, we introduce a new asymmetric encryption paradigm called Forward-Secure Certificate-Based Encryption. It preserves the advantages of certificate-based encryption (CBE) such as implicit certificate and no private key escrow. At the same time it also inherits the properties of the forward-secure public key encryption. In a forward-secure CBE scheme, all users’ private keys are updated at regular periods throughout the lifetime of the system; exposure of a user’s private key corresponding to a given time period does not enable an adversary to break the security of the ciphertext sent to this user for any prior time period. We first provide the formal definition for forward-secure CBE and its security model. Then we propose a generic construction of forward-secure CBE and prove it to be secure against chosen plaintext attacks in the standard model. We also describe how this construction can be enhanced to achieve security against adaptive chosen-ciphertext attacks both in the standard model and in the random oracle model. Finally, a concrete forward-secure CBE scheme is constructed.

A Forward-Secure Public-Key Encryption Scheme*

Cryptographic computations are often carried out on insecure devices for which the threat of key exposure represents a serious concern. Forward security allows one to mitigate the damage caused by exposure of secret keys. In a forward-secure scheme, secret keys are updated at regular periods of time; exposure of the secret key corresponding to a given time period does not enable an adversary to break the scheme (in the appropriate sense) for any prior time period.We present the first constructions of (non-interactive) forward-secure public-key encryption schemes. Our main construction achieves security against chosen-plain text attacks in the standard model, and all parameters of the scheme are poly-logarithmic in the total number of time periods. Some variants and extensions of this scheme are also given.We also introduce the notion of binary tree encryption and construct a binary tree encryption scheme in the standard model. Our construction implies the first (hierarchical) identity-based encryption scheme in the standard model. (The notion of security we achieve, however, is slightly weaker than that achieved by some previous constructions in the random oracle model.)

A Forward-Secure Public-Key Encryption Scheme

Cryptographic computations are often carried out on insecure devices for which the threat of key exposure represents a serious concern. Forward security allows one to mitigate the damage caused by exposure of secret keys. In a forward-secure scheme, secret keys are updated at regular periods of time; exposure of the secret key corresponding to a given time period does not enable an adversary to "break" the scheme (in the appropriate sense) for any prior time period. We present the first constructions of (non-interactive) forward-secure public-key encryption schemes. Our main construction achieves security against chosen-plaintext attacks in the standard model, and all parameters of the scheme are poly-logarithmic in the total number of time periods. Some variants and extensions of this scheme are also given. We also introduce the notion of binary tree encryption and construct a binary tree encryption scheme in the standard model. Our construction implies the first hierarchical identity-based encryption scheme in the standard model. (The notion of security we achieve, however, is slightly weaker than that achieved by some previous constructions in the random oracle model.)