Towards Post-Quantum Key-Updatable Public-Key Encryption via Supersingular Isogenies

Abstract

We present the first post-quantum secure Key-Updatable Public-Key Encryption (UPKE) construction. UPKE has been proposed as a mechanism to improve the forward-secrecy and post-compromise security of secure messaging protocols, but the hardness of all existing constructions rely on discrete logarithm assumptions. We focus our assessment on isogeny-based cryptosystems due to their suitability for performing a potentially unbounded number of update operations, a practical requirement for secure messaging where user conversations can occur over months, if not years.

We begin by formalizing two UPKE variants in the literature as Symmetric and Asymmetric UPKE, which differ in how encryption and decryption keys are updated. We argue that Asymmetric UPKE constructions in the literature cannot be straightforwardly instantiated using SIDH nor CSIDH. We then describe a SIDH construction that partially achieves the required security notions for Symmetric UPKE, but due to existing mathematical limitations, cannot provide fine-grained forward secrecy. Finally, we present a CSIDH Symmetric UPKE construction that requires a parameter set in which the class group structure is fully known. We discuss open problems which are applicable to any cryptosystem with similar requirements for continuous operations over the secret domain.

A Proof of CSIDH-Based UPKE

In Sect. 6, we present a CSIDH-based UPKE construction. We present the proof of its IND-CPA-U security here.

Proof

As we are showing a reduction to a plain IND-CPA game, we will start by being given a public key \(pk^*\). To begin, select a uniformly random index \(i \overset{\$}{\leftarrow }\{0, \dots , q_{gen} \}\). The idea of the proof is to set the public key after the ith \(\mathsf {FreshUpdate}\) query to be \(pk^*\), and hope that the adversary requests the IND-CPA-U challenge to be issued on a public key that occurs before the next \(\mathsf {FreshUpdate}\). If we are correct, then the adversary’s ability to distinguish which message was encrypted under \(pk^*\) (or a related key) will allow us to win the IND-CPA game.

At the start of the game, if \(i = 0\) then we set \(pk_0 \rightarrow pk^*\). Otherwise, we sample a new uniform \(pk_0\) from \( KeyGen \). From here we proceed as normal. If the adversary makes a corruption query, then we provide them with the corresponding private key. When a \(\mathsf {GiveUpdate}(\mu )\) query is made, we update the secret and public key and make note of the \(\mu \) value.

When the ith query to \(\mathsf {FreshUpdate}\) is made, we set the resulting public key to \(pk^*\). We carry on, and when the next \(\mathsf {FreshUpdate}\) query is made we sample a fresh public key from \( KeyGen \). If the adversary ever makes a \(\mathsf {Corrupt}\) query on any of the keys between these \(\mathsf {FreshUpdate}\) queries, then we abort. We will consider the probability of having to abort occurring momentarily.

Eventually, the adversary requests the IND-CPA-U challenge on a public key with index j. We hope that this index means a key that falls between the ith \(\mathsf {FreshUpdate}\) and the \(i+1\)th call to \(\mathsf {FreshUpdate}\). When this happens, the adversary submits \(m_0, m_1\) as part of the challenge.

We then forward \(m_0, m_1\) to receive back an encryption of \(m_b\), consisting of \(C = g \star E _0\) for a random g, as well as \( DEM \!. Encrypt (K,m_b)\). Let \(\mu _1, \mu _2, ..., \mu _k\) be k queries to \(\mathsf {GiveUpdate}\) after the ith \(\mathsf {FreshUpdate}\) query. We provide the adversary with \((- \mu _1 -\mu _2 - \dots - \mu _k ) \star C\) and \( DEM \!. Encrypt (K,m_b)\).

Note that \(K = KDF( g \star pk^*) = KDF((- \mu _1 - \dots - \mu _k) \star g \star (\mu _1 + \dots + \mu _k) \star pk^*)\), which means that the message is encrypted under the correct key. So, when the adversary submits a guess for b, we can guess the same value, and if the adversary is correct, so are we.

When we set the public key to \(pk^*\) after the ith call to \(\mathsf {FreshUpdate}\), the adversary cannot notice that we have not genuinely updated the public key, unless they issue a \(\mathsf {Corrupt}\) query. If such a \(\mathsf {Corrupt}\) query is issued, we must abort. However, note that if our guess is correct, and the IND-CPA query is requested in this segment of public keys, then no \(\mathsf {Corrupt}\) query will be issued, or else the adversary’s advantage is 0.

Because updates are sampled uniformly over \(\mathbb {Z}_p\), the resulting public key is uniformly random over the public key space (this follows from the fact that the group action is regular). So after a \(\mathsf {FreshUpdate}\) has occurred, the adversary has no information on the distribution of the secret key, and we can thus replace the public key with the challenge public key \(pk^*\). The adversary has no advantage in distinguishing that we have done this. As a result, we have a \(1/(1 + q_{gen})\) chance of correctly guessing where the challenge will be requested. If we are correct, the adversary does not change their behavior at all, as they have no advantage in distinguishing that we are not managing the game honestly. This means the chance that we abort is exactly \(q_{gen} / (1 + q_{gen})\).

Our advantage in winning the IND-CPA game is thus the adversary’s advantage in winning the IND-CPA-U game times the probability we do not abort, which is \(\epsilon /(1 + q_{gen})\), as desired.

We note that the techniques in this proof can also be applied to the classical construction of Alwen et al. [1]. While they couple together the public key update and encryption functions, the same general strategy can be used to show that the stronger IND-CPA-U notion can be satisfied by their construction.