Research Article  Open Access
CertificateBased Encryption Resilient to Continual Leakage in the Standard Model
Abstract
The security for many certificatebased encryption schemes was considered under the ideal condition, where the attackers rarely have the secret state for the solutions. However, with a sidechannel attack, attackers can obtain partial secret values of the schemes. In order to make the scheme more practical, the security model for the certificatebased encryption which is resilient to continual leakage is first formalized. The attackers in the security model are permitted to get some secret information continuously through the sidechannel attack. Based on the certificatebased key encapsulation scheme, a novel certificatebased encryption scheme is proposed, which is resilient to the continual leakage. In the standard model, the new scheme we propose is proved to be secure under the decisional truncated qaugmented bilinear Diffie–Hellman exponent hard problem and the decisional 1bilinear Diffie–Hellman inversion hard problem. Additionally, the new scheme can resist the chosenciphertext attack. Moreover, a comparison is performed with other related schemes, where the proposed solution further considers the continual leakageresilient property and exhibits less computation cost.
1. Introduction
The certificatebased cryptography (CBC) is a novel public key cryptosystem (PKC) which is proposed by Gentry [1]. CBC combines the traditional PKC and the identitybased cryptosystem to overcome the key escrow and key distribution issues existing in the identitybased cryptosystem, such that the management complexity of the public key certificate can be reduced for the conventional public key infrastructure. In CBC, a publicprivate key pair will be first generated for every client and applied for a certificate to the trusted certificate authority (CA). Different from the traditional PKC, the CBC provides a hidden certificate mechanism. The certificate of CBC has the function of the traditional public key certificate, and hence it can also be regarded as a part of the secret key for the users [1]. Any user needs to combine his own secret key and certificate to perform decryption or signature operation, and the sender of the message or the signature verifier does not need to pay attention to the certificate status of the communicating party. The implicit certificate mechanism in the CBC eliminates third party inquiries; therefore, CBC offers an efficient method for constructing an efficient and secure public key infrastructure. Due to its good nature, the CBC has been intensively focused on in recent years, and a series of certificatebased encryption (CBE) schemes [2–10] have been proposed. Many certificatebased signature (CBS) proposals [11–14] have also been constructed.
Typically, cryptography is considered to be secure ideally, in which the adversaries do not steal the secret values for the cryptographic system. However, the adversaries are able to access partial secret key by sidechannel attack. Therefore, a number of approaches are proposed to model the leakage for such sidechannel attacks. Micali and Reyzin [15] constructed the “only computation leaks information” model in 2004. Although this model examines a large type of leak attacks, the disadvantage is that it does not consider the case where the information is leaked from the inactive memory parts, e.g., the cold boot attack [16]. To capture more leaks, Halderman et al. [16] proposed a model named “relative leakage.” However, the major disadvantages are obvious; i.e., the secret key does not have sufficient length, and the allowed leakage number is limited. Akavia et al. [17] proposed a “bounded retrieval” model to make the size of the secret key more flexible without increasing the size of the public key and encryption and decryption time. This model is verified to be more powerful than the one with “only computation leaks information.” For the “bounded retrieval” model, the leakage from inactive parts of memory is also taken into account. To further relax the limitations of the secret keyleakage constraint, Dodis et al. [18] and Yang et al. [19] considered the “auxiliary input” model and more kinds of oneway leakage functions. However, the abovementioned three models do not involve continual leakage attacks. The “continual leakage” model [20–22] was designed to examine attacks where bounded information of the secret internal state is available at the attacker when the cryptographic primitive is invoked.
Researchers have been dedicated to finding a provably secure cryptographic solution to deal with the leakage attack problem, with various proposals. In addition, the “continual leakage” model was applied in many encryption schemes, for example, attributebased encryption (ABE), public key encryption, and identitybased encryption (IBE). A public key encryption approach was made by Agrawal et al. in [23] aiming to cope with the continual leakage. Yuen et al. [24] proposed an IBE system with the aim of being resilient to continual auxiliary input leakage. Zhou et al. [25] constructed an IBE method with tight security which is resilient to the continuous leakage attacks in the standard model. Then, three continuous leakageresilient IBE methods [26–28] have been put forward. Leakage amplification was proposed in [26] which constructs continuous leakageresilient secure IBE scheme, which is considered an arbitrary length of the leakage parameter. The authors in [27] offered a new updatable identitybased hash proof system which is adopted to construct the continuous leakageresilience identitybased cryptosystem. Zhou et al. [28] designed an improved continuous leakageresilient IBE scheme with arbitrary length of the parameter leakage. Furthermore, Zhou et al. [29] presented an IBE scheme with leakageamplified chosenciphertext attacks security. Li et al. [30–34] extended IBE to present some attributebased encryption scheme, which can achieve finegrained access control in cloud storage and can be applied in social network [35]. However, the above attributebased encryption schemes did not consider keyleakage problem. In order to solve this problem, Zhang [36] delivered a concrete construction for resilientleakage ciphertextpolicy attributebased encryption (CPABE) and provided a key update procedure to support continual leakage tolerance. Zhang et al. [37] proposed a new notion and construction for attributebased hash proof system (ABHPS) in the bounded keyleakage model. They also provided the general leakageresilient attributebased encryption construction using the ABHPS as the primitive without indistinguishable obfuscator. Furthermore, Zhang et al. [38] designed the concrete ABE constructions in the bilinear groups with prime order and the security has been shown in the continual memory leakage model. A keypolicy attributebased encryption was defined and modeled by Li et al. [39], which is resilient to the problem of continual auxiliary input leakage. The proposed approach is also shown to have high security under the static assumptions. Li et al. [40] proposed an efficient extended file hierarchy attributebased encryption scheme, which is very practical and greatly saves storage space and computation cost for those large institutions or companies. Moreover, Li et al. [41] presented a continuous leakageresilient hierarchical attributebased encryption scheme, which is shown to be resilient to the master and secret keys leakage. Zhou and Yang [42] presented a continual leakageresilient certificateless public key encryption scheme which not only tolerates continual leakage attacks, but also achieves better performances. Li et al. [43] provided a continuous leakageresilient CBE scheme which is proved secure against adaptive chosenciphertext attack in the random oracle model. Authenticated key exchange protocol is used to establish a secure communication channel over a public network. However, it has been demonstrated that some standardized AKE protocols suffer from sidechannel and keyleakage attacks. In order to defend against these attacks, Chen et al. [44–46] and Yang et al. [47] presented several leakageresilient authenticated key exchange protocols.
1.1. Motivations and Contributions
Currently, there are few researches for the certificatebased encryption resilient to continual leakage. Actually, some previous CBE schemes which have been constructed in the ideal setting may be insecure under the continuous leakage attacks. The main reason is that the adversary can recover the complete secret key via continuously accessing the partial information of the secret key. Therefore, it is meaningful for us to construct a CBE scheme to resist the continual leakage attack.
The primary objective of our work is to establish a secure certificatebased encryption scheme which is resilient to continual leakage. Referring to [3–8, 21–25], we design the outline and the security model of CBE resilient to continual leakage. On the basis of the certificatebased key encapsulation method, a CBE scheme is proposed which is shown to be secure in the standard model and can resist the continual leakage attack. The encapsulated symmetric key is randomized using the strong extractor. Furthermore, the encapsulated symmetric key allowing leakage is employed to encrypt the message.
The CBE schemes created in [6, 8] only tolerate the leakage. Further, our CBE scheme added the secret key update algorithm to obtain the continuous leakageresilience. Our approach can resist a larger leakage by performing the secret key updating algorithm, where the keys are periodically updated and the leakage will not be allowed during updates, but only between the updates. We further consider the leakage limit of the encapsulated symmetric key, and the leakage ratio of our scheme is approximately equal to 1.
We provide a proof to show that our CBE scheme is secure against chosenciphertext attack under the hardness of the decisional truncated qaugmented bilinear Diffie–Hellman exponent (qABDHE) problem and the decisional 1bilinear Diffie–Hellman inversion (1BDHI) problem.
Compared with the existing CBE schemes, our proposed scheme enhances the continual leakageresilient property and has a lower communication cost. Therefore, our CBE scheme has obvious advantage. We implement the proposed CBE scheme and the relevant schemes using C++ programming language with the PBC library, and the simulation results show that our scheme has better performance.
1.2. Paper Organization
The required preliminary knowledge is presented in Section 2. In Section 3, we demonstrate the outline and the security model of CBE resilient to continual leakage. In Section 4, a CBE scheme resilient to continual leakage is proposed. Section 5 provides the proof of our CBE scheme. Then, the comparison in terms of the efficiency is shown in Section 6. Finally, we conclude this work in Section 7.
2. Preliminaries
Definition 1. Let and denote multiplicative cyclic groups of the prime order , respectively. A generator of is represented by . A bilinear map e if has the following properties, as(i)Bilinear: for all and (ii)Nondegenerate: (iii)Computable: the map is efficiently computableThe security of our CBE scheme is resilient to continual leakage depending on the following problems.
Definition 2. The decisional truncated qABDHE problem is described as follows: given = , where and , output 1 if and 0 otherwise.
The advantage of a probabilistic polynomial time (PPT) adversary A deciding whether is given as = .
It is said that the decisional truncated qABDHE problem is hard if is arbitrarily small for all PPT adversaries A.
Definition 3. We define the decisional 1 − BDHI problem as follows: given = , where and , output 1 if and 0 otherwise.
The advantage that A decides whether is given as = .
We say that the decisional 1 − BDHI problem is hard if is ignorable for all PPT adversaries A.
Definition 4. The minentropy of a random variable (RV) X is .
Definition 5. For RV’s X and Y, the averaged conditional minentropy is represented by with denoting the expectation of Y.
Lemma 1. If X, Y, and Z are random variables such that Y contains () potential elements, it has that [48].
Definition 6. The statistical distance between random variables X and Y is given by , with , where F denotes a finite field.
Definition 7. A random function is regarded as an averagecase strong extractor if , , and for all X, Y, we obtain , with two variables and having uniform distributions over respectively, and being negligible.
3. The Outline and Security Model of CBE Resilient to Continual Leakage
3.1. The Outline of CBE Resilient to Continual Leakage
The definition of CBE resilient to continual leakage which is referred in references [3–8] includes a group of algorithms, i.e., Setup, UserKeyGen, CertGen, SymmetricKeyGen, Encrypt, Decrypt, and UpdateSK, which are described as follows: Setup: for a security parameter (), the setup process generates a collection of public parameters params and a corresponding master secret key MSK UserKeyGen: for the input identity ID, a secret key and a public key are produced by the algorithm CertGen: for the inputs params, an identity ID, MSK, and , the algorithm generates a certificate , which is transmitted to the user SymmetricKeyGen: taking params, ID, as its input, the algorithm generates the secret symmetric key K and the intermediate state Encrypt: for the inputs params, ID, , K, , and the message M, the algorithm returns a ciphertext on the message M, where is the encapsulation of K and is the ciphertext of the message M which is encrypted with K Decrypt: for the inputs params,, , and C, the algorithm generates K and returns either M via K or ⊥ if C is an invalid ciphertext UpdateSK: for the inputs and params, the algorithm produces an updated secret key where
3.2. Security Model for CBE Resilient to Continual Leakage
Inspired by the schemes in references [3–8, 21–25], we propose a security model for the CBE which is resilient to the continual leakage. The model is described through Game1 and Game2. We evaluate the security based on these two games resilient to continual leakage and the adaptive chosenciphertext attacks (INDRCLCCA). In Game1, an adversary which simulates the uncertified client is able to substitute the public key and obtain the secret key of any client, but does not access the MSK. In Game2, another adversary which plays an honestbutcurious certifier owns the master key. Such adversary is able to obtain the certificate of any client, but cannot substitute the public keys of any user. The challenger interacts with and by the following games.
3.2.1. INDRCLCCA Game1
Setup: the challenger performs the Setup algorithm, keeps the master secret key MSK, and returns params to Phase 1: creates the queries adaptively as follows: Public key queries: holds a list to record both the secret and public keys, where , denotes that has not been substituted, and denotes that has been replaced. is initially empty. generates the query for , and seeks from . If exists, returns . Otherwise, UserKeyGen will be used to produce , is inserted into and is returned. For simplicity, for any , it is stipulated that must first make the public key query before making any other queries as follows. Public key replacing queries: produces the replace query for . looks for from the list . If it is not found, will insert into . Otherwise, updates the item to . Secret key queries: inputs ; checks from . If , returns to . Otherwise outputs ⊥ to . Certificate queries: makes the certificate query of ID and gets from , and then runs algorithm CertGen and outputs to . Leakage queries: generates a list in which the form of the item is , where and K is utilized for encrypting the message as the symmetric key. is initially empty. finds in the list . If the item does not exist, will add into . If is found or after this step, will check the condition , where . If not, returns ⊥. Otherwise, selects a leakage function , sets for , and outputs to . Decryption queries: For queries on and the ciphertext C, obtains from ; if , has to provide the corresponding secret key; otherwise, gets from . makes the certificate queries to get and applies Decrypt algorithm to obtain the symmetric key K and uses K to decrypt C. The challenger returns either M or ⊥ to . Challenge: gives two messages , of equal length and a target identity to with the following restriction: is prohibited from issuing the certificate query for and does not replace the public key of . executes the SymmetricKeyGen algorithm to get a symmetric key and randomly chooses . chooses and uniformly at random, runs the Encrypt algorithm to encrypt for , and yields the encapsulation of and the challenge ciphertext to , where . Phase 2: continually makes the queries similar to Phase 1 with the following constraints: is prohibited from making the certificate queries for , as well as the decryption queries on . Guess: returns a bit . We say that wins the game if .
The advantage of winning the INDRCLCCA Game1 is described as .
3.2.2. INDRCLCCA Game2
Setup: the challenger performs the Setup algorithm and returns the master secret key MSK and params to . Phase 1: adaptively inquires for the following queries. Public key queries: holds a list to record the secret keys and the public keys. is empty in the initial step of the game. For the queries about , finds a tuple from . If it exists, returns to . Otherwise, uses UserKeyGen to produce and , inserts into , and returns to . For simplicity, for any , it is stipulated that must first make the public key query before making any other queries as follows. Secret key queries: For a secret key query under , seeks from the list and returns to . Leakage queries: generates a list in which the form of the item is , where and K represents the symmetric key which is adopted to encrypt the message. is initially empty. finds from the list . If the item does not exist, inserts an item into the list . Following this step or if the item exists, decides whether where . If not, returns ⊥. Otherwise, selects a leakage function , sets for , and outputs to . Decryption queries: for queries on and ciphertext C, obtains from . conducts the CertGen algorithm to obtain , then performs Decrypt algorithm to obtain the symmetric key K, and adopts K to decrypt C. The challenger returns either M or ⊥ to . Challenge: gives two messages and with an equal length and a target identity to with the following restrictions: is not allowed to issue the secret key query for . runs the SymmetricKeyGen algorithm to get a symmetric key and randomly chooses . randomly selects and from the uniform distribution, runs the Encrypt algorithm to encrypt for , and produces the encapsulation of and the challenge ciphertext to , where . Phase 2: similar to Phase 1, the queries will be continuously made by under the following constraints: is prohibited from making the secret key queries for and the decryption queries on . Guess: returns a bit . We say that wins the game if .
The advantage of winning the INDRCLCCA Game2 is defined to be .
Definition 8. A CBE scheme resilient to continual leakage is regarded to be secure under the adaptive chosenciphertext attacks, if no PPT adversary has nonnegligible advantage in the INDRCLCCA Game1 and INDRCLCCA Game2.
4. Our CBE Scheme Resilient to Continual Leakage
Inspired by the schemes in [3–8, 22, 49], a strong extractor technology is proposed in [48] with a CBE scheme which is resilient to the continual leakage. Seven related algorithms are introduced as follows: Setup: Define two groups and with prime order . A bilinear mapping is given by . Let be a bound of all leakages. In this procedure, an average scenario is selected with strong extractor where , and two collision resistant hash functions and are chosen. The message space is . The algorithm uses random value , , and computes and , with being a generator of . It outputs the master secret key and a tuple of public parameter . UserKeyGen: given params, the algorithm picks random numbers , and sets the secret key for the user ; then it computes the public key . CertGen: given params, MSK, , and , the CertGen algorithm computes , selects random numbers , computes and , and outputs . SymmetricKeyGen: Given params, ID, , the SymmetricKeyGen algorithm computes , selects random number , and computes and . Then, it outputs the secret symmetric key where and the intermediate state . Encrypt: Given params, ID, , K, , and the message M, the algorithm selects a random value and calculates . It sets and returns the ciphertext . Decrypt: Given params, , , and , the algorithm computes , generates , and returns . UpdateSK: Given , the secret key updating algorithm randomly selects and . It then generates a new secret key . Correctness of our scheme.
We have .
5. Security Analysis
Our CBE approaches resilient to continual leakage are proved to be secure under the standard model as follows.
Theorem 1. If there is a PPT adversary against the CBE scheme resilient to continual leakage with advantage that makes at most q_{c} certificate queries, q_{d} decryption queries in the case of bits entropy leakage for the symmetric key, then there exists a PPT algorithm against the qABDHE problem with an advantage , where .
Proof. Given , the algorithm B can be regarded as the challenger of INDRCLCCA Game1 to interact with ; the target of B is to decide whether . Setup: The algorithm B sets and computes ; B randomly chooses two qdegree unary polynomials , and computes and (B can compute based ). Two collision resistant hash functions are chosen by B, i.e., , and an averagecase strong extractor , , and sends to . Phase 1: makes the following queries adaptively: Public key queries: inputs ; B seeks from . If it exists, B returns . Otherwise, B randomly picks , computes , inserts into , and returns . Public key replace queries: makes the query for where . B checks whether . If it is not true, B outputs ⊥, which denotes that this replace query is invalid. Otherwise, B seeks from ; if it is not found, B inserts into ; otherwise, B updates to . Secret key queries: inputs ; B checks from . If , B returns to . Otherwise, B outputs ⊥ to . Certificate queries: inputs ID; B gets from and defines two polynomials and , where . B computes and outputs to (obviously, B can compute based . Due to and , therefore is a valid certificate). Leakage queries: inputs ; B finds from . B adds into if the item does not exist. If it exists, or in the next step, B decides whether , where is the upper bound of the allowed leak. If not, B returns ⊥. Otherwise, B selects a leakage function , sets for , and outputs to . Decryption queries: For queries on and the ciphertext , B obtains from ; if , has to provide the corresponding secret key; otherwise, B gets the secret key from . B makes the certificate queries to gain the certificate ; then he computes the symmetric key where and . Finally, B returns either M or ⊥ to . Challenge: provides B with two identicallength messages and , and a target identity with the following restrictions: is prohibited from issuing certificate queries for and does not replace the public key of . B defines a q + 1degree polynomial , where is the iterm coefficient of . B computes , , where and . B then computes where . B randomly selects , and , sets , , and produces the challenge ciphertext to . Phase 2: continues making the queries as in Phase 1 with the following restriction: has no permission to issue certificate queries for , as well as the decryption queries on . Guess: returns the guess . If holds, B will output 1, indicating that . Otherwise, B outputs 0, indicating that .
5.1. Probability analysis
If , we set , and we have , . Thus, is a valid ciphertext, outputs correct with the advantage . If is a random value, is not a valid ciphertext; it cannot provide useful information for the guess of . Thus, outputs correct with the advantage .
Thus, breaks the qABDHE problem with advantage .
Theorem 2. If there is a PPT adversary against the CBE scheme resilient to continual leakage with advantage that makes at most q_{sk} secret key queries, q_{d} decryption queries with bits entropy leakage for the symmetric key, then there exists a PPT algorithm against the 1BDHI problem with advantage .
Proof. Given , the algorithm B performs as the challenger of INDRCLCCA Game2 to interact with ; the target of B is to decide whether . Setup: the algorithm B randomly picks and computes , , and . B chooses two collision resistant hash functions , , and an averagecase strong extractor , , and sends and MSK = x to . Phase 1: asks B for queries adaptively as follows: Public key queries: inputs ; B randomly chooses . B checks the tuple from the . If it exists, B returns to . Otherwise, if , B randomly picks , computes , inserts the tuple into , and returns ; if , B sets , inserts the tuple into , and outputs to . Secret key queries: For a secret key query under , if , B seeks from the list and returns to ; otherwise, B ends the game and outputs a failure information. Leakage queries: inputs ; B finds from . If the item does not exist, B adds into . If the item exists, or in the next step, B decides whether where . If not, B returns ⊥. Otherwise, B sets for and returns to , where is a leakage function and . Decryption queries: For queries on and ciphertext . If , B obtains the secret key and certificate of ; then B obtains the symmetric key K and uses K to decrypt C. Otherwise, B computes the symmetric key where and and computes . B returns either M or ⊥ to . Challenge: provides B with two identicallength messages and and a target identity with the following restriction: is not allowed to issue the secret key queries for . If , B ends the game and outputs failure. Otherwise, B will randomly select and compute , , where and . B randomly selects and and computes where . B randomly chooses , , and , sets , , and outputs the challenge ciphertext to . Phase 2: continues making the queries which is similar to Phase 1 under the following restriction: has no permission to perform secret key queries for , as well as the decryption queries on . Guess: returns the guess . If holds, B outputs 1, indicating that . Otherwise, B outputs 0, which indicates .
5.2. Probability analysis
If , we set , and we have , . . Thus, is a valid ciphertext; outputs correct with the advantage . If is a random value, is an invalid ciphertext; it cannot provide useful information for the guess of . Thus, outputs correct with the advantage .
Thus, breaks the 1BDHI problem with advantage . Furthermore, the probability that chooses as the target identity is . Therefore breaks the 1BDHI problem with advantage .
5.3. Leakage Ratio Analysis
We mainly consider the leakage of the symmetric key K. Firstly, a set Z is defined which consists of public parameters, secret keys, and certificates. As an adversary, A acquires at most bits for leakage of the symmetric key K. Based on Lemma 1, we have , where Leak has possible values and is the leakage length. If we pick the averagecase strong extractor where is negligible, we know that , where and have uniform distributions over , respectively. Thus, the ciphertext and the uniform distribution cannot be distinguished. Moreover, can be close to zero, the leakage bound l is roughly equal to , and the leakage ratio of K is .
6. Efficiency Comparison
Three CBE schemes [3, 6, 8] are compared with our proposed approach, to evaluate their security and efficiency. The security properties and leakage ratio comparison for four CBE schemes are shown in Table 1.

Table 1 demonstrates that the schemes in [6, 8] and our CBE scheme are leakageresilient while the scheme in [3] is not. The keyleakage ratio of the scheme [8] is up to 1/3. However, the symmetric keyleakage ratio of scheme [6] and our scheme is close to 1. In addition, our scheme is resistant to continual leakage. In conclusion, our CBE scheme has obvious advantage.
Let and denote the subgroups of orders and in , respectively, where and are distinct primes. An NIZK proof is represented by in [8], and n is an integer. We analyze the communication cost for the four schemes as follows.
From Table 2, the difference of communication performance between the scheme in [6] and our scheme is not obvious. The length of the public/secret key, the certificate, and the ciphertext in the proposed approach is less than that required in [3]. Moreover, the length of the certificate and ciphertext in our proposed approach is also less than that required in [8]. Therefore, our CBE scheme achieves a lower communication cost, compared with the two schemes in [3, 8].
