Distributed Public Key Schemes Secure against Continual Leakage

Akavia, Adi; Goldwasser, Shafi; Hazay, Carmit

Author(s)

Akavia, Adi; Goldwasser, Shafi; Hazay, Carmit

DownloadAccepted version (348.3Kb)

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

In this work we study distributed public key schemes secure against continual memory leakage. The secret key will be shared among two computing devices communicating over a public channel, and the decryption operation will be computed by a simple 2-party protocol between the devices. Similarly, the secret key shares will be periodically refreshed by a simple 2-party protocol executed in discrete time periods throughout the lifetime of the system. The leakage adversary can choose pairs, one per device, of polynomial time computable length shrinking (or entropy shrinking) functions, and receive the value of the respective function on the internal state of the respective device (namely, on its secret share, internal randomness, and results of intermediate computations). We present distributed public key encryption (DPKE) and distributed identity based encryption (DIBE) schemes that are secure against continual memory leakage, under the Bilinear Decisional Diffie-Hellman and $2$-linear assumptions. Our schemes have the following properties: 1. Our DPKE and DIBE schemes tolerate leakage at all times, including during refresh. During refresh the tolerated leakage is a (1/2-o (1),1)-fraction of the secret memory of P 1, P 2 respectively; and at all other times (post key generation) the tolerated leakage is a (1-o (1),1)-fraction of the secret memory of P 1, P 2 respectively. Our DIBE scheme tolerates leakage from both the master secret key and the identity based secret keys. Our DPKE scheme is CCA2-secure against continual memory leakage. Our DPKE scheme also implies a secure storage system on leaky devices, where a value s can be secretely stored on devices that continually leak information about their internal state to an external attacker. The devices go through a periodic refresh protocol. These properties improve on bounds and properties of known constructions designed to be secure against continual memory leakage in the single processor model. © 2012 ACM.

Date issued

2012

URI

https://hdl.handle.net/1721.1/137546

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory

Publisher

Association for Computing Machinery (ACM)

Citation

Akavia, Adi, Goldwasser, Shafi and Hazay, Carmit. 2012. "Distributed Public Key Schemes Secure against Continual Leakage."

Version: Author's final manuscript

Collections

MIT Open Access Articles