Paper 2020/736

Forward Security under Leakage Resilience, Revisited

Suvradip Chakraborty, Visa Research (United States)
Harish Karthikeyan, J.P. Morgan AI Research (United States)
Adam O'Neill, University of Massachusetts Amherst
C. Pandu Rangan, Indian Institute of Science Bangalore
Abstract

As both notions employ the same key-evolution paradigm, Bellare \emph{et al.} (CANS 2017) study combining forward security with leakage resilience. The idea is for forward security to serve as a hedge in case at some point the full key gets exposed from the leakage. In particular, Bellare \emph{et al.} combine forward security with \emph{continual} leakage resilience, dubbed FS+CL. Our first result improves on Bellare \emph{et al.}'s FS+CL secure PKE scheme by building one from any continuous leakage-resilient binary-tree encryption (BTE) scheme; in contrast, Bellare \emph{et al.} require extractable witness encryption. Our construction also preserves leakage rate of the underlying BTE scheme and hence, in combination with existing CL-secure BTE, yields the first FS+CL secure encryption scheme with optimal leakage rate from standard assumptions. \ind We next explore combining forward security with other notions of leakage resilience. Indeed, as argued by Dziembowski \emph{et al.} (CRYPTO 2011), it is desirable to have a \emph{deterministic} key-update procedure, which FS+CL does not allow for arguably pathological reasons. To address this, we combine forward security with \emph{entropy-bounded} leakage (FS+EBL). We construct FS+EBL non-interactive key exchange (NIKE) with deterministic key update based on indistinguishability obfuscation ($\iO$), and DDH or LWE. To make the public keys constant size, we rely on the Superfluous Padding Assumption (SuPA) of Brzuska and Mittelbach (ePrint 2015) \emph{without} auxiliary information, making it more plausible. SuPA notwithstanding, the scheme is also the first FS-secure NIKE from $\iO$ rather than multilinear maps. We advocate a future research agenda that uses FS+EBL as a hedge for FS+CL, whereby a scheme achieves the latter if key-update randomness is good and the former if not.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision. CANS 2023
DOI
10.1007/978-981-99-7563-1_1
Keywords
Continual LeakageForward SecurityDeterministic UpdateNon-Interactive Key ExchangePublic Key Encryption
Contact author(s)
suvradip1111 @ gmail com
harish karthikeyan @ jpmchase com
amoneill @ gmail com
prangan55 @ gmail com
History
2024-01-18: last of 5 revisions
2020-06-18: received
See all versions
Short URL
https://ia.cr/2020/736
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/736,
      author = {Suvradip Chakraborty and Harish Karthikeyan and Adam O'Neill and C.  Pandu Rangan},
      title = {Forward Security under Leakage Resilience, Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2020/736},
      year = {2020},
      doi = {10.1007/978-981-99-7563-1_1},
      note = {\url{https://eprint.iacr.org/2020/736}},
      url = {https://eprint.iacr.org/2020/736}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.