Related Randomness Attacks for Public Key Encryption

Paterson, Kenneth G.; Schuldt, Jacob C. N.; Sibborn, Dale L.

doi:10.1007/978-3-642-54631-0_27

Cited by 16 publications

(8 citation statements)

References 26 publications

(59 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Feltz and Cremers [24] analyzed the authenticated key exchange protocols and showed that bad randomness results in the insecurity of the protocols. Paterson et al [25] introduced a security model for PKE schemes called ''related randomness attacks model'', in which the adversary has the ability to force the usages of related randomness in encryption which are abstracted to the outputs of specified functions applied to some initial randomness. They also proposed many kinds of schemes in this model.…”

Section: A Related Workmentioning

confidence: 99%

“…The related randomness security under Chosen Plaintext/Ciphertext Attack(RRA-CPA/RRA-CCA for short) is two formal security definition introduced by [25] for PKE. Let A = (A 1 , A 2 ) be a PPT adversary of a PKE scheme with a class of of functions, and the advantage of A to break the related randomness security of is defined as follows:…”

Section: Indistinguishability Under Chosen Plaintextmentioning

confidence: 99%

See 1 more Smart Citation

Public-Key Encryption Secure Against Related Randomness Attacks for Improved End-to-End Security of Cloud/Edge Computing

Liu

2020

IEEE Access

View full text Add to dashboard Cite

Public-key encryption is often used to protect data security/privacy and secure communication in scenarios of cloud computing and edge computing. Related randomness attacks model (RRA) for publickey encryption was motivated by randomness failures. This paper proposes some methods of constructing secure public-key encryption scheme against related randomness attacks, i.e. RRA-CPA secure publickey encryption scheme with efficient decryption algorithm and short ciphertexts size obtained from oneway function with weak RKA-security and indistinguishability obfuscation, RRA-CPA secure public-key encryption scheme against arbitrarily function from any publicly deniable encryption and RRA-CCA secure public-key encryption scheme against arbitrarily function from standard IND-CCA public-key encryption scheme with a hardcore function for arbitrarily correlated inputs. INDEX TERMS Arbitrary restricted function, publicly deniable encryption, public-key encryption, related randomness attack.

show abstract

Section: A Related Workmentioning

confidence: 99%

Section: Indistinguishability Under Chosen Plaintextmentioning

confidence: 99%

Public-Key Encryption Secure Against Related Randomness Attacks for Improved End-to-End Security of Cloud/Edge Computing

Liu

2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Although the aforementioned schemes devote to securing the outsourced EMRs, they are unable to deal with the situation of unexpected privacy leakage, let alone to minimize its effect. In a cloud storage system, the leakage threats mainly include secret credential leakage [22,23], encapsulation-related randomness leakage [24,25], internal files, accounts or other records leakage, etc. e target of our paper is to minimize the impact of leakage in the event that these unexpected issues happen.…”

Section: Related Workmentioning

confidence: 99%

Secure Outsourced Medical Data against Unexpected Leakage with Flexible Access Control in a Cloud Storage System

Zhou

Liu

Zhang

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

The application of cloud storage system has been deployed widely in recent years. A lot of electronic medical records (EMRs) are collected and uploaded to the cloud for scalable sharing among the authority users. It is necessary to guarantee the confidentiality of EMRs and the privacy of EMR owners. To achieve this target, we summarize a series of attack behaviors in the cloud storage system and present the security model against many types of unexpected privacy leakage. Privacy of unassailed EMRs is guaranteed in this model, and the influence of privacy leakage is controlled in a certain scope. We also propose a role-based access control scheme to achieve flexible access control on these private EMRs. One can access medical records only if his/her role satisfies the defined access policy, which implies a fine-grained access control. Theoretical and experimental analyses show the efficiency of our scheme in terms of computation and communication.

show abstract

“…Cryptographic primitives are heavy users of randomness, but due to problems including insufficient estimation of system entropy, poor design of algorithms, bugs in software, and virtual machine randomness resetting, random number generators may fail to generate required randomness in practice [1]. This failure of randomness can cause catastrophic results: private signing keys of digital signatures could be exposed [2], low-entropy plaintexts in public-key encryption schemes might be recovered [3], the procedure of key generation would be severely weakened [4,5], ephemeral Diffie-Hellman keys may become predictable, resulting in the exposure of session keys [3], and electronic wallet security might be compromised [3]. Obviously, standard security notions of indistinguishability under chosen plaintext attacks or chosen ciphertext attacks [6] (IND-CPA or IND-CCA security) are not sufficient when these attacks on randomness are possible.…”

Section: Introductionmentioning

confidence: 99%

“…Obviously, standard security notions of indistinguishability under chosen plaintext attacks or chosen ciphertext attacks [6] (IND-CPA or IND-CCA security) are not sufficient when these attacks on randomness are possible. This observation leads the research community to target effort into addressing this problem (e.g., [3,[7][8][9]). However, it is unlikely that the failures of randomness can be completely eliminated [3].…”

Section: Introductionmentioning

confidence: 99%

Authenticated Key Exchange under Bad Randomness, Revisited

Cui,

Mudra

2023

Mathematics

View full text Add to dashboard Cite

A bad randomness may cause catastrophic results in security; thus, it is of importance to make cryptographic systems secure against bad randomness. In this paper, we focus on a practical situation where an adversary is able to force participants in an authenticated key exchange (AKE) system to reuse the random values and the functions of these values, called related randomness attack (RRA). Following the existing randomness resetting security model of AKE and the RRA security model of public-key encryption, we present a model of RRA security for authenticated key exchange, as well as the necessary restrictions on the related randomness functions used to obtain the security definition. Then we show how a related randomness attack adversary breaks the security of some existing AKE protocols, and propose some constructions of RRA-secure authenticated key exchange in the random oracle model and standard model, respectively.

show abstract

Related Randomness Attacks for Public Key Encryption

Cited by 16 publications

References 26 publications

Public-Key Encryption Secure Against Related Randomness Attacks for Improved End-to-End Security of Cloud/Edge Computing

Public-Key Encryption Secure Against Related Randomness Attacks for Improved End-to-End Security of Cloud/Edge Computing

Secure Outsourced Medical Data against Unexpected Leakage with Flexible Access Control in a Cloud Storage System

Authenticated Key Exchange under Bad Randomness, Revisited

Contact Info

Product

Resources

About