Key-Versatile Signatures and Applications: RKA, KDM and Joint Enc/Sig

Bellare, Mihir; Meiklejohn, Sarah; Thomson, Susan

doi:10.1007/978-3-642-55220-5_28

Cited by 16 publications

(29 citation statements)

References 71 publications

(138 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, constructing RKA-secure PRFs for linear, affine, or polynomial Φ is notably left open. Concurrently, Bellare et al [9] build RKA-secure signature schemes against related-key deriving functions drawn from such classes of polynomials. Their construction relies on RKA-secure one-way functions which appear to be easier to build under standard assumptions (as opposed to RKA-secure PRFs).…”

Section: Background and Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Improved Constructions of PRFs Secure Against Related-Key Attacks

Lewi

Montgomery

Raghunathan

2014

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Building cryptographic primitives that are secure against related-key attacks (RKAs) is a well-studied problem by practitioners and theoreticians alike. Practical implementations of block ciphers take into account RKA security to mitigate fault injection attacks. The theoretical study of RKA security was initiated by Bellare and Kohno (Eurocrypt '03). In Crypto 2010, Bellare and Cash introduce a framework for building RKA-secure pseudorandom functions (PRFs) and use this framework to construct RKA-secure PRFs based on the decision linear and DDH assumptions.We build RKA-secure PRFs by working with the Bellare-Cash framework and the LWEand DLIN-based PRFs recently constructed by Boneh, Lewi, Montgomery, and Raghunathan (Crypto '13). As a result, we achieve the first PRFs from lattices secure against an (almost) linear class of related-key functions. In addition, we note that our DLIN-based PRF (based on multilinear maps) is the first RKA-secure PRF for affine classes under the DLIN assumption, and the first RKA-secure PRF against a large class of polynomial functions under a natural generalization of the DLIN assumption. Previously, RKA security for higher-level primitives (such as signatures and IBEs) were studied in Bellare, Paterson, and Thomson (Asiacrypt '12) for affine and polynomial classes, but the question of RKA-secure PRFs for such classes remained open.Although our RKA-secure LWE-based PRF only applies to a restricted linear class, we show that by weakening the notion of RKA security, we can handle a significantly larger class of affine functions. Finally, the results of Bellare, Cash, and Miller (Asiacrypt '11) show that all of our RKA-secure PRFs can be used as building blocks for a wide variety of public-key primitives.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

“…In the past few years, there has been much work in constructing RKA-secure primitives [6,7,2,10,34,9]. In addition, RKA security is also of interest to practitioners, particularly in the design of block ciphers [18,22,35].…”

Section: Introductionmentioning

confidence: 99%

Improved Constructions of PRFs Secure Against Related-Key Attacks

Lewi

Montgomery

Raghunathan

2014

Applied Cryptography and Network Security

View full text Add to dashboard Cite

show abstract

“…Related-key security was first studied in the context of symmetric encryption [10,46,33,4,3]. With time a number of cryptographic primitives with security against related-key attacks have emerged, including pseudorandom functions [7,43,5,1], hash functions [34], identity-based encryption [8,12], public-key encryption [8,57,12,45], signatures [8,12,11], and more [15,54,19].…”

Section: Related Workmentioning

confidence: 99%

Efficient Public-Key Cryptography with Bounded Leakage and Tamper Resilience

Faonio

Venturi

2016

Advances in Cryptology – ASIACRYPT 2016

View full text Add to dashboard Cite

We revisit the question of constructing public-key encryption and signature schemes with security in the presence of bounded leakage and tampering memory attacks. For signatures we obtain the first construction in the standard model; for public-key encryption we obtain the first construction free of pairing (avoiding non-interactive zero-knowledge proofs). Our constructions are based on generic building blocks, and, as we show, also admit efficient instantiations under fairly standard number-theoretic assumptions. The model of bounded tamper resistance was recently put forward by Damgård et al. (Asiacrypt 2013) as an attractive path to achieve security against arbitrary memory tampering attacks without making hardware assumptions (such as the existence of a protected self-destruct or key-update mechanism), the only restriction being on the number of allowed tampering attempts (which is a parameter of the scheme). This allows to circumvent known impossibility results for unrestricted tampering (Gennaro et al., TCC 2010), while still being able to capture realistic tampering attacks.

show abstract

“…Related Work. Since the seminal work of Bellare and Kohno (2003), a lot of tampering resilient symmetric and asymmetric cryptographic primitives were proposed (Bellare and Cash 2010;Bellare et al 2011Bellare et al , 2012Bellare et al , 2014Kalai et al 2011;Liu and Lysyanskaya 2012;Wee 2012;Damgård et al 2013Damgård et al , 2015Fujisaki and Xagawa 2016;Faonio and Venturi 2016;Qin et al 2015). Gennaro et al (2004) proved that it is impossible to construct secure cryptographic primitives when the tampering functions are arbitrary and the number of tampering queries is unbounded.…”

Section: Introductionmentioning

confidence: 99%

Predicate encryption against master-key tampering attacks

2019

View full text Add to dashboard Cite

Many real world attacks often target the implementation of a cryptographic scheme, rather than the algorithm itself, and a system designer has to consider new models that can capture these attacks. For example, if the key can be tampered by physical attacks on the device, the security of the scheme becomes totally unclear. In this work, we investigate predicate encryption (PE), a powerful encryption primitive, in the setting of tampering attacks. First, we show that many existing frameworks to construct PE are vulnerable to tampering attacks. Then we present a new security notion to capture such attacks. Finally, we take Attrapadung's framework in Eurocrypt'14 as an example to show how to "compile" these frameworks to tampering resilient ones. Moreover, our method is compatible with the original pair encoding schemes without introducing any redundancy.

show abstract

Key-Versatile Signatures and Applications: RKA, KDM and Joint Enc/Sig

Cited by 16 publications

References 71 publications

Improved Constructions of PRFs Secure Against Related-Key Attacks

Improved Constructions of PRFs Secure Against Related-Key Attacks

Efficient Public-Key Cryptography with Bounded Leakage and Tamper Resilience

Predicate encryption against master-key tampering attacks

Contact Info

Product

Resources

About