Skip to main content
SpringerLink
Log in

Protecting against key-exposure: strongly key-insulated encryption with optimal threshold

  • Published:
Applicable Algebra in Engineering, Communication and Computing Aims and scope

Abstract

Key-insulated encryption schemes use a combination of key splitting and key evolution to protect against key exposure. Existing schemes, however scale poorly, having cost proportional to the number t of time periods that may be compromised by the adversary, and thus are practical only for small values of t. Yet in practice t might be large.

This paper presents a strongly key-insulated encryption scheme with optimal threshold. In our scheme, t need not be known in advance and can be as large as one less than the total number of periods, yet the cost of the scheme is not impacted. This brings key-insulated encryption closer to practice. Our scheme is based on the Boneh-Franklin identity-based encryption (IBE) scheme [9], and exploits algebraic properties of the latter.

Another contribution of this paper is to show that (not strongly) key-insulated encryption with optimal threshold and allowing random-access key updates (which our scheme and all others known allow) is equivalent to a restricted form of IBE. This means that the connection between key-insulated encryption and IBE is not accidental.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abdalla, M., Reyzin L.: A new forward-secure digital signature scheme. Advances in CryptologyASIACRYPT '00, Lecture Notes in Computer Science Vol. 1976, T. Okamoto ed., Springer-Verlag, 2000

  2. Anderson, R.: Two Remarks on Public-Key Cryptology. Manuscript, 2000, and Invited Lecture at the Fourth Annual Conference on Computer and Communications Security, Zurich, Switzerland, April 1997

  3. Bellare, M., Desai, A., Jokipii, E., Rogaway E.: A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation. Proceedings of the 38 th Symposium on Foundations of Computer Science, IEEE, 1997

  4. Bellare, M., Palacio, A.: Protecting against key exposure: Strongly key-insulated encryption with optimal threshold. Cryptology ePrint Archive: Report 2002/064. http://eprint.iacr.org/2002/064

  5. Bellare, M., Miner, S.: A forward-secure digital signature scheme. Advances in CryptologyCRYPTO '99, Lecture Notes in Computer Science Vol. 1666 , M. Wiener ed., Springer-Verlag, 1999

  6. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings of the 1st Annual Conference on Computer and Communications Security, ACM, 1993

  7. Bleichenbacher, D.: A chosen ciphertext attack against protocols based on the RSA encryption standard PKCS #1. Advances in CryptologyCRYPTO '98, Lecture Notes in Computer Science Vol. 1462 , H. Krawczyk ed., Springer-Verlag, 1998

  8. Boneh, D., Boyen, X.: Secure identity-based encryption without random oracles. Advances in CryptologyCRYPTO '04, Lecture Notes in Computer Science Vol. 3152 , M. Franklin ed., Springer-Verlag, 2004

  9. Boneh, D., Franklin M.: Identity-based encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615, (2003). Preliminary version in Advances in CryptologyCRYPTO '01, Lecture Notes in Computer Science Vol. 2139 , J. Kilian ed., Springer-Verlag, 2001

    Article  MathSciNet  Google Scholar 

  10. Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology revisited. Proceedings of the 30 th Annual Symposium on the Theory of Computing, ACM, 1998

  11. Canetti, R., Goldwasser S.: An efficient threshold public-key cryptosystem secure against adaptive chosen-ciphertext attack. Advances in CryptologyEUROCRYPT '99, Lecture Notes in Computer Science Vol. 1592 , J. Stern ed., Springer-Verlag, 1999

  12. Canetti, R., Halevi, S., Katz, J.: A Forward-Secure Public-Key Encryption Scheme. Advances in CryptologyEUROCRYPT '03, Lecture Notes in Computer ScienceVol. 2656 , E. Biham ed., Springer-Verlag, 2003

  13. CERT Coordination Center: Overview of attack trends. April 8, 2002. http://www.cert.org/

  14. Cocks, C.: An identity based encryption based on quadratic residues. Cryptography and Coding, Lecture Notes in Computer Science Vol. 2260, Springer-Verlag, 2001

  15. Cramer, R., Shoup V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. Advances in CryptologyCRYPTO '98, Lecture Notes in Computer Science Vol. 1462 , H. Krawczyk ed., Springer-Verlag, 1998

  16. Dodis, Y., Franklin, M., Katz, J., Miyaji, A., Yung, M.: Intrusion-Resilient Public-Key Encryption. Topics in CryptologyCT-RSA '03, Lecture Notes in Computer Science Vol. 2612 , M. Joye ed., Springer-Verlag, 2003

  17. Dodis, Y., Katz, J., Xu, S. Yung, M.: Key-Insulated Public Key Cryptosystems. Advances in CryptologyEUROCRYPT '02, Lecture Notes in Computer ScienceVol. 2332 , L.Knudsen ed., Springer-Verlag, 2002

  18. Dodis, Y., Katz, J., Xu, S., Yung, M.: Strong Key-Insulated Signature Schemes. Public-Key Cryptography '03, Lecture Notes in Computer Science Vol. 2567 , Y. Desmdedt ed., Springer-Verlag, 2003

  19. Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. Advances in CryptologyCRYPTO '99, Lecture Notes in Computer Science Vol. 1666 , M.Wiener ed., Springer-Verlag, 1999

  20. Gennaro, R., Shoup, V.: Securing threshold cryptosystems against chosen-ciphertext attack. Advances in CryptologyEUROCRYPT '98, Lecture Notes in Computer Science Vol. 1403 , K. Nyberg ed., Springer-Verlag, 1998

  21. Goldwasser, S., Micali S.: Probabilistic Encryption. J. Comput. Syst. Sci. 28, 270–299 (1984)

    Article  MATH  MathSciNet  Google Scholar 

  22. Hanaoka, Y., Hanaoka, G., Shikata, J., Imai, H.: Identity-based encryption with non-interactive key update. Cryptology ePrint Archive: Report 2004/338. http://eprint.iacr.org/2004/338

  23. IEEE.: IEEE P1363: Standard Specifications For Public Key Cryptography. http://grouper.ieee.org/groups/1363/P1363/

  24. Itkis, G., Reyzin, L.: Forward-secure signatures with optimal signing and verifying. Advances in CryptologyCRYPTO '01, Lecture Notes in Computer Science Vol. 2139 , J. Kilian ed., Springer-Verlag, 2001

  25. Itkis, G., Reyzin L.: SiBIR: Signer-Base Intrusion-Resilient Signatures. Advances in CryptologyCRYPTO '02, Lecture Notes in Computer Science Vol. 2442 , M. Yung ed., Springer-Verlag, 2002

  26. Kozlov, A., Reyzin, L.: Forward-Secure Signatures with Fast Key Update. In: Cimato, S., Galdi, C., Persiano, G., (eds) Third International Conference on Security in Communication Networks (SCN '02), Lecture Notes in Computer Science Vol. 2576, Springer-Verlag, 2003

  27. Krawczyk, H.: Simple forward-secure signatures from any signature scheme. In: Proceedings of the 7th Annual Conference on Computer and Communications Security, ACM, 2000

  28. Malkin, T., Micciancio, D., Miner, S.: Efficient generic forward-secure signatures with an unbounded number of time periods. Advances in CryptologyEUROCRYPT '02, Lecture Notes in Computer Science Vol. 2332 , L. Knudsen ed., Springer-Verlag, 2002

  29. Miller, V.: Short programs for functions on curves. Unpublished manuscript, 1986

  30. Rackoff, C., Simon, D.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. Advances in CryptologyCRYPTO '91, Lecture Notes in Computer Science Vol. 576 , J. Feigenbaum ed., Springer-Verlag, 1991

  31. RSA Laboratories. PKCS #1 – RSA Cryptography Standard. http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/index.html

  32. Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. Proceedings of the 40 th Symposium on Foundations of Computer Science, IEEE, 1999

  33. Shamir, A.: How to share a secret. Communications of the ACM, 22, 612–613 (1979)

    Article  MATH  MathSciNet  Google Scholar 

  34. Shamir, A.: Identity-based cryptosystems and signature schemes. Advances in CryptologyCRYPTO '84, Lecture Notes in Computer Science Vol. 196, R. Blakely ed., Springer-Verlag, 1984

  35. Shoup, V.: A Proposal for an ISO Standard for Public Key Encryption. Cryptology eprint archive Report 2001/112, Dec 2001. http://eprint.iacr.org/2001/112/

  36. Shoup,V.: Why chosen ciphertext security matters. IBM Research Report RZ 3076, November, 1998. http://www.shoup.net

  37. Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed) Advances in Cryptology – EUROCRYPT '05, Lecture Notes in Computer Science, Springer-Verlag, 2005

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science & Engineering, University of California at San Diego, 9500 Gilman Drive, La Jolla, California, 92093, USA

    Mihir Bellare

  2. Dept. of Computer Science & Engineering, University of California at San Diego, 9500 Gilman Drive, La Jolla, California, 92093, USA

    Adriana Palacio

Authors
  1. Mihir Bellare
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adriana Palacio
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mihir Bellare.

Additional information

Supported in part by NSF grants CCR-0098123, ANR-0129617 and CCR-0208842, and by an IBM Faculty Partnership Development Award.

Supported in part by an NSF graduate fellowship.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bellare, M., Palacio, A. Protecting against key-exposure: strongly key-insulated encryption with optimal threshold. AAECC 16, 379–396 (2006). https://doi.org/10.1007/s00200-005-0183-y

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00200-005-0183-y

Keywords

Search

Navigation