Identity-Based Threshold Key-Insulated Encryption without Random Oracles

Long

J. Shanghai Jiaotong Univ. (Sci.)

et al. 2011

To tackle the key-exposure problem in signature settings, this paper introduces a new cryptographic primitive named threshold key-insulated signature (TKIS) and proposes a concrete TKIS scheme For a TKIS system, at least k out of n helpers are needed to update a user's temporary private key. On the one hand, even if up to k−1 helpers are compromised in addition to the exposure of any of temporary private keys, security of the non-exposed periods is still assured. On the other hand, even if all the n helpers are compromised, we can still ensure the security of all periods as long as none of temporary private keys is exposed. Compared with traditional key-insulated signature (KIS) schemes, the proposed TKIS scheme not only greatly enhances the security of the system, but also provides flexibility and efficiency. Key words: threshold key-insulation, signature, random oracle model CLC number: TN 918, TP 301 Document code: A IntroductionWith the growing use of mobile devices allowing remote unprotected access, key exposures appear to be unavoidable. If private keys are exposed, all security guarantees are lost. To tackle the above problem, Dodis et al. [1] introduced a key insulation mechanism, which can protect private keys in public key cryptosystems. In a key-insulated cryptosystem, long-term keys (called helper keys) are kept in a physically-secure but computationally-limited device called helper. On the other hand, users store short-term private keys (called temporary private keys) in a powerful but insecure device where cryptographic computations happen.The key-insulated cryptosystem refreshes the temporary private keys at discrete time periods via interaction between the user and the helper, and the public key remains unchanged throughout the lifetime of the system. However, frequent updating of the temporary private key will also put the helper key in a higher risk

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An efficient threshold key-insulated signature scheme

Long

J. Shanghai Jiaotong Univ. (Sci.)

et al. 2011

Public-Key Cryptography – PKC 2013

“…This strategy is similar to those for cryptosystems against key exposure such as key-insulated PKE [16,6,27] and IBE [22,21,40,41], forward secure encryption [12], and intrusion-resilient PKE [15]. However, these systems require a secure channel between a user and a key issuer or do not support scalability.…”

Section: Introductionmentioning

confidence: 99%

Revocable Identity-Based Encryption Revisited: Security Model and Construction

Seo

Emura

2013

117

In ACM CCS 2008, Boldyreva et al. proposed an elegant way of achieving an Identity-based Encryption (IBE) with efficient revocation, which we call revocable IBE (RIBE). One of the significant benefit of their construction is scalability, where the overhead of the trusted authority is logarithmically increased in the number of users, whereas that in the Boneh-Franklin naive revocation way is linearly increased. All subsequent RIBE schemes follow the Boldyreva et al. security model and syntax. In this paper, we first revisit the Boldyreva et al. security model, and aim at capturing the exact notion for the security of the naive but non-scalable Boneh-Franklin RIBE scheme. To this end, we consider a realistic threat, which we call decryption key exposure. We also show that all prior RIBE constructions except for the Boneh-Franklin one are vulnerable to decryption key exposure. As the second contribution, we revisit approaches to achieve (efficient and adaptively secure) scalable RIBE schemes, and propose a simple RIBE scheme, which is the first scalable RIBE scheme with decryption key exposure resistance, and is more efficient than previous (adaptively secure) scalable RIBE schemes. In particular, our construction has the shortest ciphertext size and the fastest decryption algorithm even compared with all scalable RIBE schemes without decryption key exposure resistance.

“…The two helpers are adopted alternatively to assist with the short-term private key update procedure. In 2008, Weng et al [21] further came up with an identity-based (k, n) threshold KIE scheme in which n helpers are adopted. When a user attempts to update his short-term private key, at least k helpers are sufficient to perform the key-update procedure while less than or equal to k − 1 cannot.…”

Section: Introductionmentioning

confidence: 99%

New Efficient Identity-Based Key-Insulated Multisignature Scheme

Lin¹,

Wu²,

Lee³

et al. 2013

IJMLC

Abstract-We propose a new efficient identity-based key-insulted multisignature scheme for facilitating group-oriented applications and mitigating the impact of key exposure. Integrated with identity-based systems, the proposed scheme adopts explicitly verifiable public keys without additional certificate. Each user can also periodically update his private key while the public one remains unchanged. In the proposed scheme, a valid key-insulted multisignature must be cooperatively generated by all signers. Our scheme has the properties of unbounded time periods and random-access key-updates. We also demonstrate that our scheme has better efficiency as compared with previous works and formally prove its security of unforgeability against existential forgery under adaptive chosen-message attacks (EF-CMA) in the random oracle model. Index Terms-Identity-based, key-insulated, multi-signature, key exposure, bilinear pairing.