Research Article | Open Access
Certificate-Based Encryption Resilient to Continual Leakage in the Standard Model
The security for many certificate-based encryption schemes was considered under the ideal condition, where the attackers rarely have the secret state for the solutions. However, with a side-channel attack, attackers can obtain partial secret values of the schemes. In order to make the scheme more practical, the security model for the certificate-based encryption which is resilient to continual leakage is first formalized. The attackers in the security model are permitted to get some secret information continuously through the side-channel attack. Based on the certificate-based key encapsulation scheme, a novel certificate-based encryption scheme is proposed, which is resilient to the continual leakage. In the standard model, the new scheme we propose is proved to be secure under the decisional truncated q-augmented bilinear Diffie–Hellman exponent hard problem and the decisional 1-bilinear Diffie–Hellman inversion hard problem. Additionally, the new scheme can resist the chosen-ciphertext attack. Moreover, a comparison is performed with other related schemes, where the proposed solution further considers the continual leakage-resilient property and exhibits less computation cost.
The certificate-based cryptography (CBC) is a novel public key cryptosystem (PKC) which is proposed by Gentry . CBC combines the traditional PKC and the identity-based cryptosystem to overcome the key escrow and key distribution issues existing in the identity-based cryptosystem, such that the management complexity of the public key certificate can be reduced for the conventional public key infrastructure. In CBC, a public-private key pair will be first generated for every client and applied for a certificate to the trusted certificate authority (CA). Different from the traditional PKC, the CBC provides a hidden certificate mechanism. The certificate of CBC has the function of the traditional public key certificate, and hence it can also be regarded as a part of the secret key for the users . Any user needs to combine his own secret key and certificate to perform decryption or signature operation, and the sender of the message or the signature verifier does not need to pay attention to the certificate status of the communicating party. The implicit certificate mechanism in the CBC eliminates third party inquiries; therefore, CBC offers an efficient method for constructing an efficient and secure public key infrastructure. Due to its good nature, the CBC has been intensively focused on in recent years, and a series of certificate-based encryption (CBE) schemes [2–10] have been proposed. Many certificate-based signature (CBS) proposals [11–14] have also been constructed.
Typically, cryptography is considered to be secure ideally, in which the adversaries do not steal the secret values for the cryptographic system. However, the adversaries are able to access partial secret key by side-channel attack. Therefore, a number of approaches are proposed to model the leakage for such side-channel attacks. Micali and Reyzin  constructed the “only computation leaks information” model in 2004. Although this model examines a large type of leak attacks, the disadvantage is that it does not consider the case where the information is leaked from the inactive memory parts, e.g., the cold boot attack . To capture more leaks, Halderman et al.  proposed a model named “relative leakage.” However, the major disadvantages are obvious; i.e., the secret key does not have sufficient length, and the allowed leakage number is limited. Akavia et al.  proposed a “bounded retrieval” model to make the size of the secret key more flexible without increasing the size of the public key and encryption and decryption time. This model is verified to be more powerful than the one with “only computation leaks information.” For the “bounded retrieval” model, the leakage from inactive parts of memory is also taken into account. To further relax the limitations of the secret key-leakage constraint, Dodis et al.  and Yang et al.  considered the “auxiliary input” model and more kinds of one-way leakage functions. However, the above-mentioned three models do not involve continual leakage attacks. The “continual leakage” model [20–22] was designed to examine attacks where bounded information of the secret internal state is available at the attacker when the cryptographic primitive is invoked.
Researchers have been dedicated to finding a provably secure cryptographic solution to deal with the leakage attack problem, with various proposals. In addition, the “continual leakage” model was applied in many encryption schemes, for example, attribute-based encryption (ABE), public key encryption, and identity-based encryption (IBE). A public key encryption approach was made by Agrawal et al. in  aiming to cope with the continual leakage. Yuen et al.  proposed an IBE system with the aim of being resilient to continual auxiliary input leakage. Zhou et al.  constructed an IBE method with tight security which is resilient to the continuous leakage attacks in the standard model. Then, three continuous leakage-resilient IBE methods [26–28] have been put forward. Leakage amplification was proposed in  which constructs continuous leakage-resilient secure IBE scheme, which is considered an arbitrary length of the leakage parameter. The authors in  offered a new updatable identity-based hash proof system which is adopted to construct the continuous leakage-resilience identity-based cryptosystem. Zhou et al.  designed an improved continuous leakage-resilient IBE scheme with arbitrary length of the parameter leakage. Furthermore, Zhou et al.  presented an IBE scheme with leakage-amplified chosen-ciphertext attacks security. Li et al. [30–34] extended IBE to present some attribute-based encryption scheme, which can achieve fine-grained access control in cloud storage and can be applied in social network . However, the above attribute-based encryption schemes did not consider key-leakage problem. In order to solve this problem, Zhang  delivered a concrete construction for resilient-leakage ciphertext-policy attribute-based encryption (CP-ABE) and provided a key update procedure to support continual leakage tolerance. Zhang et al.  proposed a new notion and construction for attribute-based hash proof system (AB-HPS) in the bounded key-leakage model. They also provided the general leakage-resilient attribute-based encryption construction using the AB-HPS as the primitive without indistinguishable obfuscator. Furthermore, Zhang et al.  designed the concrete ABE constructions in the bilinear groups with prime order and the security has been shown in the continual memory leakage model. A key-policy attribute-based encryption was defined and modeled by Li et al. , which is resilient to the problem of continual auxiliary input leakage. The proposed approach is also shown to have high security under the static assumptions. Li et al.  proposed an efficient extended file hierarchy attribute-based encryption scheme, which is very practical and greatly saves storage space and computation cost for those large institutions or companies. Moreover, Li et al.  presented a continuous leakage-resilient hierarchical attribute-based encryption scheme, which is shown to be resilient to the master and secret keys leakage. Zhou and Yang  presented a continual leakage-resilient certificateless public key encryption scheme which not only tolerates continual leakage attacks, but also achieves better performances. Li et al.  provided a continuous leakage-resilient CBE scheme which is proved secure against adaptive chosen-ciphertext attack in the random oracle model. Authenticated key exchange protocol is used to establish a secure communication channel over a public network. However, it has been demonstrated that some standardized AKE protocols suffer from side-channel and key-leakage attacks. In order to defend against these attacks, Chen et al. [44–46] and Yang et al.  presented several leakage-resilient authenticated key exchange protocols.
1.1. Motivations and Contributions
Currently, there are few researches for the certificate-based encryption resilient to continual leakage. Actually, some previous CBE schemes which have been constructed in the ideal setting may be insecure under the continuous leakage attacks. The main reason is that the adversary can recover the complete secret key via continuously accessing the partial information of the secret key. Therefore, it is meaningful for us to construct a CBE scheme to resist the continual leakage attack.
The primary objective of our work is to establish a secure certificate-based encryption scheme which is resilient to continual leakage. Referring to [3–8, 21–25], we design the outline and the security model of CBE resilient to continual leakage. On the basis of the certificate-based key encapsulation method, a CBE scheme is proposed which is shown to be secure in the standard model and can resist the continual leakage attack. The encapsulated symmetric key is randomized using the strong extractor. Furthermore, the encapsulated symmetric key allowing leakage is employed to encrypt the message.
The CBE schemes created in [6, 8] only tolerate the leakage. Further, our CBE scheme added the secret key update algorithm to obtain the continuous leakage-resilience. Our approach can resist a larger leakage by performing the secret key updating algorithm, where the keys are periodically updated and the leakage will not be allowed during updates, but only between the updates. We further consider the leakage limit of the encapsulated symmetric key, and the leakage ratio of our scheme is approximately equal to 1.
We provide a proof to show that our CBE scheme is secure against chosen-ciphertext attack under the hardness of the decisional truncated q-augmented bilinear Diffie–Hellman exponent (q-ABDHE) problem and the decisional 1-bilinear Diffie–Hellman inversion (1-BDHI) problem.
Compared with the existing CBE schemes, our proposed scheme enhances the continual leakage-resilient property and has a lower communication cost. Therefore, our CBE scheme has obvious advantage. We implement the proposed CBE scheme and the relevant schemes using C++ programming language with the PBC library, and the simulation results show that our scheme has better performance.
1.2. Paper Organization
The required preliminary knowledge is presented in Section 2. In Section 3, we demonstrate the outline and the security model of CBE resilient to continual leakage. In Section 4, a CBE scheme resilient to continual leakage is proposed. Section 5 provides the proof of our CBE scheme. Then, the comparison in terms of the efficiency is shown in Section 6. Finally, we conclude this work in Section 7.
Definition 1. Let and denote multiplicative cyclic groups of the prime order , respectively. A generator of is represented by . A bilinear map e if has the following properties, as(i)Bilinear: for all and (ii)Nondegenerate: (iii)Computable: the map is efficiently computableThe security of our CBE scheme is resilient to continual leakage depending on the following problems.
Definition 2. The decisional truncated q-ABDHE problem is described as follows: given = , where and , output 1 if and 0 otherwise.
The advantage of a probabilistic polynomial time (PPT) adversary A deciding whether is given as = .
It is said that the decisional truncated q-ABDHE problem is hard if is arbitrarily small for all PPT adversaries A.
Definition 3. We define the decisional 1 − BDHI problem as follows: given = , where and , output 1 if and 0 otherwise.
The advantage that A decides whether is given as = .
We say that the decisional 1 − BDHI problem is hard if is ignorable for all PPT adversaries A.
Definition 4. The min-entropy of a random variable (RV) X is .
Definition 5. For RV’s X and Y, the averaged conditional min-entropy is represented by with denoting the expectation of Y.
Lemma 1. If X, Y, and Z are random variables such that Y contains () potential elements, it has that .
Definition 6. The statistical distance between random variables X and Y is given by , with , where F denotes a finite field.
Definition 7. A random function is regarded as an average-case -strong extractor if , , and for all X, Y, we obtain , with two variables and having uniform distributions over respectively, and being negligible.
3. The Outline and Security Model of CBE Resilient to Continual Leakage
3.1. The Outline of CBE Resilient to Continual Leakage
The definition of CBE resilient to continual leakage which is referred in references [3–8] includes a group of algorithms, i.e., Setup, UserKeyGen, CertGen, SymmetricKeyGen, Encrypt, Decrypt, and UpdateSK, which are described as follows: Setup: for a security parameter (), the setup process generates a collection of public parameters params and a corresponding master secret key MSK UserKeyGen: for the input identity ID, a secret key and a public key are produced by the algorithm CertGen: for the inputs params, an identity ID, MSK, and , the algorithm generates a certificate , which is transmitted to the user SymmetricKeyGen: taking params, ID, as its input, the algorithm generates the secret symmetric key K and the intermediate state Encrypt: for the inputs params, ID, , K, , and the message M, the algorithm returns a ciphertext on the message M, where is the encapsulation of K and is the ciphertext of the message M which is encrypted with K Decrypt: for the inputs params,, , and C, the algorithm generates K and returns either M via K or ⊥ if C is an invalid ciphertext UpdateSK: for the inputs and params, the algorithm produces an updated secret key where
3.2. Security Model for CBE Resilient to Continual Leakage
Inspired by the schemes in references [3–8, 21–25], we propose a security model for the CBE which is resilient to the continual leakage. The model is described through Game-1 and Game-2. We evaluate the security based on these two games resilient to continual leakage and the adaptive chosen-ciphertext attacks (IND-RCL-CCA). In Game-1, an adversary which simulates the uncertified client is able to substitute the public key and obtain the secret key of any client, but does not access the MSK. In Game-2, another adversary which plays an honest-but-curious certifier owns the master key. Such adversary is able to obtain the certificate of any client, but cannot substitute the public keys of any user. The challenger interacts with and by the following games.
3.2.1. IND-RCL-CCA Game-1
Setup: the challenger performs the Setup algorithm, keeps the master secret key MSK, and returns params to Phase 1: creates the queries adaptively as follows: Public key queries: holds a list to record both the secret and public keys, where , denotes that has not been substituted, and denotes that has been replaced. is initially empty. generates the query for , and seeks from . If exists, returns . Otherwise, UserKeyGen will be used to produce , is inserted into and is returned. For simplicity, for any , it is stipulated that must first make the public key query before making any other queries as follows. Public key replacing queries: produces the replace query for . looks for from the list . If it is not found, will insert into . Otherwise, updates the item to . Secret key queries: inputs ; checks from . If , returns to . Otherwise outputs ⊥ to . Certificate queries: makes the certificate query of ID and gets from , and then runs algorithm CertGen and outputs to . Leakage queries: generates a list in which the form of the item is , where and K is utilized for encrypting the message as the symmetric key. is initially empty. finds in the list . If the item does not exist, will add into . If is found or after this step, will check the condition , where . If not, returns ⊥. Otherwise, selects a leakage function , sets for , and outputs to . Decryption queries: For queries on and the ciphertext C, obtains from ; if , has to provide the corresponding secret key; otherwise, gets from . makes the certificate queries to get and applies Decrypt algorithm to obtain the symmetric key K and uses K to decrypt C. The challenger returns either M or ⊥ to . Challenge: gives two messages , of equal length and a target identity to with the following restriction: is prohibited from issuing the certificate query for and does not replace the public key of . executes the SymmetricKeyGen algorithm to get a symmetric key and randomly chooses . chooses and uniformly at random, runs the Encrypt algorithm to encrypt for , and yields the encapsulation of and the challenge ciphertext to , where . Phase 2: continually makes the queries similar to Phase 1 with the following constraints: is prohibited from making the certificate queries for , as well as the decryption queries on . Guess: returns a bit . We say that wins the game if .
The advantage of winning the IND-RCL-CCA Game-1 is described as .
3.2.2. IND-RCL-CCA Game-2
Setup: the challenger performs the Setup algorithm and returns the master secret key MSK and params to . Phase 1: adaptively inquires for the following queries. Public key queries: holds a list to record the secret keys and the public keys. is empty in the initial step of the game. For the queries about , finds a tuple from . If it exists, returns to . Otherwise, uses UserKeyGen to produce and , inserts into , and returns to . For simplicity, for any , it is stipulated that must first make the public key query before making any other queries as follows. Secret key queries: For a secret key query under , seeks from the list and returns to . Leakage queries: generates a list in which the form of the item is , where and K represents the symmetric key which is adopted to encrypt the message. is initially empty. finds from the list . If the item does not exist, inserts an item into the list . Following this step or if the item exists, decides whether where . If not, returns ⊥. Otherwise, selects a leakage function , sets for , and outputs to . Decryption queries: for queries on and ciphertext C, obtains from . conducts the CertGen algorithm to obtain , then performs Decrypt algorithm to obtain the symmetric key K, and adopts K to decrypt C. The challenger returns either M or ⊥ to . Challenge: gives two messages and with an equal length and a target identity to with the following restrictions: is not allowed to issue the secret key query for . runs the SymmetricKeyGen algorithm to get a symmetric key and randomly chooses . randomly selects and from the uniform distribution, runs the Encrypt algorithm to encrypt for , and produces the encapsulation of and the challenge ciphertext to , where . Phase 2: similar to Phase 1, the queries will be continuously made by under the following constraints: is prohibited from making the secret key queries for and the decryption queries on . Guess: returns a bit . We say that wins the game if .
The advantage of winning the IND-RCL-CCA Game-2 is defined to be .
Definition 8. A CBE scheme resilient to continual leakage is regarded to be secure under the adaptive chosen-ciphertext attacks, if no PPT adversary has non-negligible advantage in the IND-RCL-CCA Game-1 and IND-RCL-CCA Game-2.
4. Our CBE Scheme Resilient to Continual Leakage
Inspired by the schemes in [3–8, 22, 49], a strong extractor technology is proposed in  with a CBE scheme which is resilient to the continual leakage. Seven related algorithms are introduced as follows: Setup: Define two groups and with prime order . A bilinear mapping is given by . Let be a bound of all leakages. In this procedure, an average scenario is selected with -strong extractor where , and two collision resistant hash functions and are chosen. The message space is . The algorithm uses random value , , and computes and , with being a generator of . It outputs the master secret key and a tuple of public parameter . UserKeyGen: given params, the algorithm picks random numbers , and sets the secret key for the user ; then it computes the public key . CertGen: given params, MSK, , and , the CertGen algorithm computes , selects random numbers , computes and , and outputs . SymmetricKeyGen: Given params, ID, , the SymmetricKeyGen algorithm computes , selects random number , and computes and . Then, it outputs the secret symmetric key where and the intermediate state . Encrypt: Given params, ID, , K, , and the message M, the algorithm selects a random value and calculates . It sets and returns the ciphertext . Decrypt: Given params, , , and , the algorithm computes , generates , and returns . UpdateSK: Given , the secret key updating algorithm randomly selects and . It then generates a new secret key . Correctness of our scheme.
We have .
5. Security Analysis
Our CBE approaches resilient to continual leakage are proved to be secure under the standard model as follows.
Theorem 1. If there is a PPT adversary against the CBE scheme resilient to continual leakage with advantage that makes at most qc certificate queries, qd decryption queries in the case of bits entropy leakage for the symmetric key, then there exists a PPT algorithm against the q-ABDHE problem with an advantage , where .
Proof. Given , the algorithm B can be regarded as the challenger of IND-RCL-CCA Game-1 to interact with ; the target of B is to decide whether . Setup: The algorithm B sets and computes ; B randomly chooses two q-degree unary polynomials , and computes and (B can compute based ). Two collision resistant hash functions are chosen by B, i.e., , and an average-case -strong extractor , , and sends to . Phase 1: makes the following queries adaptively: Public key queries: inputs ; B seeks from . If it exists, B returns . Otherwise, B randomly picks , computes , inserts into , and returns . Public key replace queries: makes the query for where . B checks whether . If it is not true, B outputs ⊥, which denotes that this replace query is invalid. Otherwise, B seeks from ; if it is not found, B inserts into ; otherwise, B updates to . Secret key queries: inputs ; B checks from . If , B returns to . Otherwise, B outputs ⊥ to . Certificate queries: inputs ID; B gets from and defines two polynomials and , where . B computes and outputs to (obviously, B can compute based . Due to and , therefore is a valid certificate). Leakage queries: inputs ; B finds from . B adds into if the item does not exist. If it exists, or in the next step, B decides whether , where is the upper bound of the allowed leak. If not, B returns ⊥. Otherwise, B selects a leakage function , sets for , and outputs to . Decryption queries: For queries on and the ciphertext , B obtains from ; if , has to provide the corresponding secret key; otherwise, B gets the secret key from . B makes the certificate queries to gain the certificate ; then he computes the symmetric key where and . Finally, B returns either M or ⊥ to . Challenge: provides B with two identical-length messages and , and a target identity with the following restrictions: is prohibited from issuing certificate queries for and does not replace the public key of . B defines a q + 1-degree polynomial , where is the i-term coefficient of . B computes , , where and . B then computes where . B randomly selects , and , sets , , and produces the challenge ciphertext to . Phase 2: continues making the queries as in Phase 1 with the following restriction: has no permission to issue certificate queries for , as well as the decryption queries on . Guess: returns the guess . If holds, B will output 1, indicating that . Otherwise, B outputs 0, indicating that .
5.1. Probability analysis
If , we set , and we have , . Thus, is a valid ciphertext, outputs correct with the advantage . If is a random value, is not a valid ciphertext; it cannot provide useful information for the guess of . Thus, outputs correct with the advantage .
Thus, breaks the q-ABDHE problem with advantage .
Theorem 2. If there is a PPT adversary against the CBE scheme resilient to continual leakage with advantage that makes at most qsk secret key queries, qd decryption queries with bits entropy leakage for the symmetric key, then there exists a PPT algorithm against the 1-BDHI problem with advantage .
Proof. Given , the algorithm B performs as the challenger of IND-RCL-CCA Game-2 to interact with ; the target of B is to decide whether . Setup: the algorithm B randomly picks and computes , , and . B chooses two collision resistant hash functions , , and an average-case -strong extractor , , and sends and MSK = x to . Phase 1: asks B for queries adaptively as follows: Public key queries: inputs ; B randomly chooses . B checks the tuple from the . If it exists, B returns to . Otherwise, if , B randomly picks , computes , inserts the tuple into , and returns ; if , B sets , inserts the tuple into , and outputs to . Secret key queries: For a secret key query under , if , B seeks from the list and returns to ; otherwise, B ends the game and outputs a failure information. Leakage queries: inputs ; B finds from . If the item does not exist, B adds into . If the item exists, or in the next step, B decides whether where . If not, B returns ⊥. Otherwise, B sets for and returns to , where is a leakage function and . Decryption queries: For queries on and ciphertext . If , B obtains the secret key and certificate of ; then B obtains the symmetric key K and uses K to decrypt C. Otherwise, B computes the symmetric key where and and computes . B returns either M or ⊥ to . Challenge: provides B with two identical-length messages and and a target identity with the following restriction: is not allowed to issue the secret key queries for . If , B ends the game and outputs failure. Otherwise, B will randomly select and compute , , where and . B randomly selects and and computes where . B randomly chooses , , and , sets , , and outputs the challenge ciphertext to . Phase 2: continues making the queries which is similar to Phase 1 under the following restriction: has no permission to perform secret key queries for , as well as the decryption queries on . Guess: returns the guess . If holds, B outputs 1, indicating that . Otherwise, B outputs 0, which indicates .
5.2. Probability analysis
If , we set , and we have , . . Thus, is a valid ciphertext; outputs correct with the advantage . If is a random value, is an invalid ciphertext; it cannot provide useful information for the guess of . Thus, outputs correct with the advantage .
Thus, breaks the 1-BDHI problem with advantage . Furthermore, the probability that chooses as the target identity is . Therefore breaks the 1-BDHI problem with advantage .
5.3. Leakage Ratio Analysis
We mainly consider the leakage of the symmetric key K. Firstly, a set Z is defined which consists of public parameters, secret keys, and certificates. As an adversary, A acquires at most bits for leakage of the symmetric key K. Based on Lemma 1, we have , where Leak has possible values and is the leakage length. If we pick the average-case -strong extractor where is negligible, we know that , where and have uniform distributions over , respectively. Thus, the ciphertext and the uniform distribution cannot be distinguished. Moreover, can be close to zero, the leakage bound l is roughly equal to , and the leakage ratio of K is .
6. Efficiency Comparison
Three CBE schemes [3, 6, 8] are compared with our proposed approach, to evaluate their security and efficiency. The security properties and leakage ratio comparison for four CBE schemes are shown in Table 1.
Table 1 demonstrates that the schemes in [6, 8] and our CBE scheme are leakage-resilient while the scheme in  is not. The key-leakage ratio of the scheme  is up to 1/3. However, the symmetric key-leakage ratio of scheme  and our scheme is close to 1. In addition, our scheme is resistant to continual leakage. In conclusion, our CBE scheme has obvious advantage.
Let and denote the subgroups of orders and in , respectively, where and are distinct primes. An NIZK proof is represented by in , and n is an integer. We analyze the communication cost for the four schemes as follows.
From Table 2, the difference of communication performance between the scheme in  and our scheme is not obvious. The length of the public/secret key, the certificate, and the ciphertext in the proposed approach is less than that required in . Moreover, the length of the certificate and ciphertext in our proposed approach is also less than that required in . Therefore, our CBE scheme achieves a lower communication cost, compared with the two schemes in [3, 8].