Fully Secure ID-Based Signature Scheme with Continuous Leakage Resilience
The side channel attacks will lead to the destruction of the security of the traditional cryptographic scheme. Leakage-resilient identity-based signature has attracted great attention. Based on the dual system encryption technology, we construct an identity-based signature scheme that can resist continuous private key leakage. In the standard model, the security of the scheme is proved. The key points of our leakage-resilient signature scheme are as follows: (1) The private key can be extended according to the security requirements. In other words, when the leakage is serious, we can select a bigger value n, where n is a parameter related to the leakage rate. (2) An elaborate key update algorithm makes the scheme resist continuous leakage attacks. Furthermore, the updated private key has the same distribution as the previous private key. (3) The proposed scheme is fully secure in the standard model rather than in the random oracle model or in the general group model. In order to achieve this goal, we use dual system encryption technology. Thus, the security of the constructed scheme does not depend on the number of queries of the attacker.
In recent years, cryptography researchers have found that some side-channel attacks [1–7] can leak the secret information of the cryptosystem to attackers. In side-channel attacks, the attacker can obtain secret information by observing the energy consumption and timing of the cryptosystem.
The traditional provably secure cryptographic system is based on the black-box model, which does not consider secret information leakage. In the case of side-channel attacks, the security of traditional cryptographic schemes is destroyed. Therefore, it is an urgent problem to design leakage-resilient (LR) cryptographic schemes. In recent years, some scholars have been engaged in this field. The research of leakage-resilient cryptography has become a hot topic in cryptography.
1.1. Related Work
The research results of leakage-resilient cryptography mainly focus on public key cryptosystem, which can be divided into the following models.
1.1.1. Only Computation Leaks Information
The model is given by . In this model, the complexity of the leakage function is unlimited and the total leakage is unlimited, but the leakage is only allowed to occur in the active part of the memory required by the current calculation. In particular, the attacker can choose a polynomial time function with bounded output to apply to the currently active state. In each round of calculation, the storage parts that are not accessed do not leak information, and only the storage parts that participate in the calculation have information leakage. A secure stream cipher scheme is proposed in . They resist the information leakage about the internal state during the computation of each output block. In each step, the amount of leakage depends on the strength of the underlying pseudorandom generator. Pietrzak  relaxes the requirement of the pseudorandom function generator and only needs a weak pseudorandom function that can output pseudorandom value on random inputs. Based on the weak pseudorandom function, Pietrzak constructs a stream cipher that is simpler than .
1.1.2. Bounded Leakage Model
In the cold-boot attacks, leakage does occur not only in the calculation process. In order to obtain security against cold-boot attacks, a bounded leakage model is proposed in . In this model, the attacker can freely choose a valid computable function and get the output of the function. The basic requirement is that the output of the function does not disclose the entire key. In a word, in this model, any adversary can obtain information that is shorter than the key length. Under some trapdoor one-way function, Akavia et al.  give a secure leakage-resilient identity-based scheme and a public key encryption scheme. The two schemes do not increase the size of the secret key and do not introduce any complication of the natural encryption and decryption routines. In , a leakage-resilient public key encryption scheme (PKE) is obtained through a hash proof system (HPS). They give a generic construction of a public key encryption scheme that can resist key leakage from any hash proof system. The resulting scheme is as efficient as the underlying hash proof system and additional computational assumptions are not needed in their construction. After that, [13–16] give LR encryption schemes by HPS with some characteristics. Chen et al.  generalize HPS to include the characteristics of anonymity (anonymous HPS), and then use anonymous HPS to construct a leakage-resilient public key encryption scheme (LR-PKE). The concept of weak HPS is defined in , which shows that LR weak pseudorandom function, LR message authentication code and LR symmetric encryption scheme can be obtained if a one-way function exists. In , a lattice-based LR-PKE is proposed by using an updatable hash proof system. The work  gives an efficient public key cryptosystem with leakage-resilience, where plaintext length is independent of key leakage parameters. In another public key cryptosystem, Yu et al.  first proposed a certificate-based encryption scheme with leakage-resilience. In , the leakage of almost the entire encapsulated symmetric key can be tolerated.
1.1.3. Continuous Leakage Model
When some information is leaked each time the private key is used, how the security of the schemes can be achieved? References [18, 19] solve the open problem proposed in , respectively, and propose the continuous leakage model (CLM). The requirement that only computation leaks information is not required for the continuous leakage considered in [18, 19]. In CLM, the key must be updated periodically and the necessary constraint is that the leakage between any two consecutive updates is bounded. In other words, the amount of key leakage in each period is limited, but the amount of key leakage in the whole operation process is infinite. Reference  gives IBE and public key encryption schemes with continual leakage-resilience under the decisional linear assumption or the symmetric external Diffie-Hellman assumption. Their core contribution is to show how to update the key. In , the key point is that the user may use some additional fresh local randomness to periodically refresh the secret key and not to affect the public key. They design a relation which is called continuous leakage-resilient (CLR) one-way relation (OWR). By the CLR-OWR, they propose CLR identification scheme, CLR signature, and CLR authenticated key agreement protocol.
In , they explore the case that the memory of a system is divided into two parts and each of them works independently. The attacker can only get leakage information from one part at one time period. They call their security model as the split-state model. By split-state technology, they construct a dynamic secret sharing scheme against continuous leakage attack. Based on the same split-state technology, the work  shows that discrete log representations can resist continuous leakage attacks.
Dual system encryption  gives a new way to achieve security of IBE and some related encryption schemes. In dual system encryption schemes, there are two kinds of ciphertext and key generation algorithms: normal and semifunctional. The key or ciphertext generated by a normal key generation algorithm or normal ciphertext generation algorithm is called normal key or normal ciphertext. The key or ciphertext generated by a semifunctional key generation algorithm or semifunctional ciphertext generation algorithm is called semifunctional key or semifunctional ciphertext. Normal ciphertext can be decrypted by a normal key or semifunctional key. The semifunctional ciphertext cannot be decrypted by the semifunctional key and can be decrypted by a normal key. Inspired by dual system encryption , several continuous leakage-resilience encryption schemes with advanced features are given in . They propose fully secure IBE, HIBE, and ABE which are resilient to bounded leakage. These schemes can resist the leakage not only from the private key but also from the master key. In , an identity-based broadcast encryption scheme against continuous leakage is proposed. In reference , a hierarchical attribute-based encryption scheme with continuous leakage-resilience is proposed. In , an identity-based secure scheme against continuous leakage is designed in the standard model. Based on the q-ABDHE assumption, they first propose a CLR-IBE scheme with CPA security in the standard model. Based on their basic CLR-IBE scheme, they give a CLR-CCA secure IBE scheme with continuous leakage amplification. Different from the above schemes, Li et al.  extend the length of the key and master key and realize the leakage-resilience by using redundancy. Further, a key-policy attribute-based cryptosystem against continuous auxiliary input leakage is constructed.
1.2. Leakage-Resilient Signature
Signature is an important primitive in cryptography. As an important part of data security, a digital signature is used in data integrity verification, nonrepudiation and other aspects. Digital signature schemes with various characteristics have emerged, such as identity-based signature, proxy resignature, blind signature, designated verifier signature, and so on.
As far as we know, there are few leakage-resilient signature schemes in the literature.
The first secure signature scheme against bounded leakage is given in  in the random oracle model. The relative leakage rate of the scheme is almost 1. Based on general primitives (i.e., one-time signature scheme and noninteractive zero knowledge proof), the work  constructs leakage-resilient signature schemes in the standard model. As time goes by, the private key may leak more and more information. When the leakage of the private key comes to a certain value, the scheme may become insecure. In order to solve this problem, a continuous leakage-resilient signature is proposed in [18, 19].
In [18, 19], the continuous leakage does not need the requirement that only computation leaks information. By the noninteractive zero knowledge proof system (NIZK), the work  gives another example of a continuous leakage-resilient signature. The key update algorithm in  breaks the second preimage resistance of the hash function H. Thus, they must introduce a new notion: (n, k)-independent preimage resistant hash function H, which is stronger than the notion of second preimage resistance.
Galindo and Vivek  and Wu et al.  give CLR signature schemes under the general bilinear group assumption. It is generally considered that the bilinear group model is weaker than the standard model.
Because identity-based signature does not need a digital certificate to verify the correctness of public keys and the authenticity of user identity, it solves the problem of management and distribution of digital certificates in traditional signature. Thus, it is widely used in wireless communication and other fields .
In order to design an identity-based signature scheme against continuous leakage attacks in the standard model, we must consider the following factors. The private key of the scheme must be extensible. The private key can be easily updated. The security proof of the scheme can be obtained in the standard model. Fortunately, we do it.
In this paper, we propose an identity-based signature scheme by using the dual encryption technique. The security of the scheme is proved under the standard model. The scheme can resist continuous key leakage. Referring to the idea of dual system signature , our scheme has the normal key and semifunctional keys. The overall concept of our scheme is shown in Figure 1.
Definition 1. Bilinear map
Let and be multiplicative cyclic groups with prime order . Suppose that is a generator of . is called a bilinear map if it satisfies the following three conditions:(1)Computability: for , can be calculated effectively.(2)Nondegeneracy: , .(3)Bilinearity: for and , .Some notations: the size of the term is denoted by . The symbol is used to denote the product of two vectors. Let denote the component-wise product of two elements. Let denote vectors. Let denote the set of some elements. If , , and , we use to denote and use to denote . For and , .
In , the concept of bilinear groups with composite order is proposed. Suppose is an algorithm that generates bilinear groups with composite order. takes the safety parameter as input to generate a bilinear group , in which and are three different prime numbers. . and are cyclic groups with order . is a bilinear mapping.
In addition, for the security parameter , both and are computable in polynomial time. and , respectively, represents subgroups with order and . represents subgroup with order . If and (), is an identity element in . For , and is a generator of G, can generate , can generate and can generate . We may find such that , , and .
Three assumptions which are given in  will be used in our security proof.
Assumption 1. Given , and where are randomly selected, any probabilistic polynomial time (PPT) adversary can only distinguish from with only negligible advantage.
denotes the advantage that adversary breaks the assumption 1. That is to say,
If is negligible for every PPT adversary, we say that assumption 1 holds.
Assumption 2. Given (), and (), any probabilistic polynomial time adversary can only distinguish from with only negligible advantage.
denotes the advantage that adversary breaks the assumption 2. That is to say,
If is negligible for every PPT adversary, we say that assumption 2 holds.
Assumption 3. Given (), and (), any probabilistic polynomial time adversary can only distinguish from with only negligible advantage.
denotes the advantage that adversary breaks the assumption 3. That is to say,
If is negligible for every PPT adversary, we say that assumption 3 holds.
3. Formal Description of Continuous Leakage-Resilient Identity-Based Signature
On the basis of , the formal description of continuous leakage-resilient identity-based signature scheme (CLR-IBS) is given. Our scheme consists of the following algorithms: Setup: the algorithm is a probabilistic polynomial time algorithm that is run by a private key generator (PKG). It inputs security parameters and outputs public parameters and master key . KeyGen: the algorithm is a probabilistic polynomial time algorithm that is run by a private key generator. The algorithm takes the public parameters and the user’s identity as input and outputs the corresponding private key of the user. KeyUpd: the algorithm takes the public parameters and the private key as input and outputs a new private key . Sign: the algorithm is a probabilistic polynomial time algorithm that is completed by the signer. It inputs the public parameters , the message which is to be signed and the user’s private key . It outputs the signature of the message . Verify: the algorithm is a probabilistic polynomial time algorithm that is completed by the verifier. It takes the public parameters , user’s identity and the signature of the message as input. Then, it judges whether the signature is valid. If the signature is valid, it outputs “accept.” Otherwise, it outputs “reject.” KeyGenSF: this algorithm is a probabilistic polynomial time algorithm that is run by PKG. The algorithm takes the public parameters and the user’s identity as input. It outputs the semifunctional private key .
The algorithm Setup, KeyGen, KeyUpd, and KeyGenSf are generated by PKG, and other algorithms are generated by users. KeyGenSf is only used in security proof.
4. Security Model of CLR-IBS
The security of CLR-IBS is defined by the game . Our scheme is existentially unforgeable under adaptive chosen message attack in the standard model.
In , the challenger holds a list which consists of handle, collection of identity, secret key and leakage amount, where , , , and are the handle’s space, identity’s space, secret key’s space, and the leakage amount’s space. Suppose and .
The game is played by the adversary and the challenger as follows.
The challenger runs Setup to get the public parameters and the master key . It keeps as secret and gives to the adversary. The handle is set to 0. It adds an item in .
The adversary can query the following oracles: : given an identity , the challenger looks up the item with the identity in . If is in , it outputs ⊥. Otherwise, the challenger invokes KeyGen to create the private key and adds the item in . The challenger updates the handle . : the adversary queries the leakage for a private key that has the handle . The adversary selects a function which takes the private key as input and gives the output with constant size. The function is computable in polynomial time. If the challenger finds an item which has the handle in list , the challenger checks if , where is the maximum of leakage for the private key. If it is true, it will give to the adversary and updates the tuple with in the list . Otherwise, the challenger returns ⊥. : the adversary queries the private key for handle . The challenger checks whether the item with handle is in list . If the item is in . The challenger gives the private key to the adversary and puts the identity into . : for handle , the adversary queries the updated private key. The challenger checks whether the item with handle is in list . If the item is in . The challenger runs the algorithm KeyUpd. gives the updated key to the adversary and updates the item with . Otherwise, returns ⊥. : the adversary selects any identity and the message which will be signed and asks the challenger to generate the signature about by the identity .
The adversary generates a forged signature about a message and the identity . If the following conditions are met, it is said that the adversary wins the game:(1) is a valid signature of a message . That is to say, it can satisfy the signature verification algorithm Verify.(2)The private key about the identity is not asked by the adversary.(3)The adversary does not ask for the signature of the message .
If all PPT adversaries can only obtain negligible advantages in , the CLR-IBS is said to be secure against private key leakage .
5. Construction of CLR-IBS
Based on the composite order group of 3 primes, we propose the CLR-IBS scheme, which consists of six algorithms. Subgroup is used to randomize private keys. Subgroup is only used to generate the semifunctional private key in the proof.
The algorithm randomly selects , , , , , , and , where is an integer. The value of is variable. If is large, the leakage rate is high accordingly. The leakage rate is the ratio of leakage size to the size of a secret key. If is small, the public key is short.
The public parameters are and the master key is .
For the identity . The algorithm randomly selects , , and . It generates the private key
Denote , , and . We get :
The algorithm takes public parameters and the private key as input and outputs a new private key . For the private key , the algorithm selects randomly (), , and . It gets the new private key.
. Because , , and are all random, we know that , , and are random. The private keys and have the same distribution. Thus, the private key is updated.
Denote , , , and . The updated private key is written as , which has the same form as the original private key .
For the message , the user chooses randomly and and signs the message with his private key .
The receiver receives the signature for the message from the user . Then he verifies whether .
If the equation does not hold, then it outputs “reject.” Otherwise, it outputs “accept.”
First, the private key generator calls the normal private key generation algorithm to generate the normal private key . Second, a private key generator randomly selects and to generate the semifunctional private key .
The signatures of a semifunctional private key and normal private key can all pass the verification algorithm. Semifunctional private key is only used for a security proof. In practical application, we will use the normal private key for signature.
Correctness is as follows:
6. Security Proof
If the forgery signature is valid, suppose and . The forgery signature can be divided into two types. Type I: . Type II: or or .
Theorem 1. If Assumptions 1–3 are true, the signature scheme given in this paper is leakage-resilient and secure in the standard model. The amount of private key leakage is , where and is a positive constant integer.
When is large, the tolerable leakage rate is high. When is relatively small, the public parameters is also relatively short. The specific leakage performance analysis is given in Section 8.
In general, we prove the security of the scheme by dual system encryption technology. A series of games are used to complete the proof. Suppose the adversary makes private key extraction queries, signature queries. Let . is the real security game. The other games are modified from the game . The first game is a real security game and the adversary has only a negligible advantage in winning the last one. The adjacent two games are indistinguishable.
These games are defined as follows: :this is a real security game. : it is similar to , but it has some restrictions. When the adversary outputs the forged signature of the message , it needs that and , where is the inquired identity and is used for the signature query. (): in this game, for the previous private key query, the challenger answers with the semifunctional private key (if it is a signature query, the challenger first calculates the corresponding semifunctional private key and then uses the signature algorithm to generate the signature). The rest is the same as .
Proof. Through a series of games and (), we use Lemmas 1–6 to prove the security. First, Lemma 1 is used to obtain the leakage bound. Second, we use Lemmas 2–6 to prove that these games are indistinguishable. Thus, the safety can be proved.
Lemma 1. The amount of private key leakage about our CLR-IBS can reach .
Proof. We use a conclusion in  to prove this lemma.
Conclusion 1 : suppose that is a prime number, () and . Let that be a matrix () and be also a matrix with rank 1 (). is used to represent a value that can be ignored. If is a leakage function where , the statistical distance .
From conclusion 1, we can easily get the following Ratiocination 1.
Ratiocination 1: suppose that is a prime and . Select and , such that and are orthogonal modulo by dot product. Let be a leakage function mapping to (i.e. ). If , the statistical distance is negligible. That is to say, where is negligible.
Proof. By Conclusion 1, we set , so . Thus, matches to and the basis of the orthogonal space of matches to . So, the distribution of is the same as when . That is to say, is a matrix of rows and 1 column with rank 1. Since is chosen randomly, is determined by . Thus, we conclude that .
Let , and . denotes . The leakage size will be up to = . Therefore, we conclude that the leakage amount is up to .
Lemma 2. In the case of private key leakage , if there is an algorithm (the adversary) such that , we can construct an algorithm (the challenger) to break assumption 2 with a nonnegligible advantage.
Proof. First, given an instance , and (), plays or with . The challenger publishes the system parameters to the adversary, where are randomly selected. For any private key extraction query or signature query of the adversary, the challenger can use the master key to calculate.
Finally, suppose that the adversary generates a forged signature of the user about the message . The adversary hopes that the forged signature can pass the verification. For , and , if and , three cases are considered:(1)(2)(3)If , the first case occurs and . Judge whether . If the equation holds, . Otherwise, .
If , judge whether . If the equation holds, the second case occurs and . Then, judge whether . If the equation holds, . Otherwise, .
If and , the third case occurs and . Judge whether . If the equation holds, . Otherwise, .
Similarly, if for some where , , and , the challenger can still break the assumption 2. The adversary outputs the forged signature of the use about the message , where and .
Probability analysis: if , simulates the game properly. If , simulates the game properly. Thus, .
In the case of private key leakage , if there is an adversary who can distinguish from with an advantage that cannot be ignored, can break Assumption 2 with an advantage that cannot be ignored. This contradicts Assumption 2. Consequently, . Thus, Lemma 2 holds.
Lemma 3. Under Assumption 1 and in the case of private key leakage , the adversary (an algorithm ) can only output the forged signature of type II with negligible advantage in game .
Proof. First, given an instance , and (), plays with . The challenger publishes the system parameters to the adversary, where , and are randomly selected. For any private key extraction query or signature query of the adversary, the challenger can use the master key to calculate.
Finally, suppose that the adversary generates the forged signature of the user about the message .
The adversary hopes that the forged signature can pass the verification.
Furthermore, the challenger checks whether the forged signature satisfies the following equation:Obviously, if , the above equation is always true. If , the equation also holds when the adversary forges the signature of type I with the probability .
If the adversary forges the signature of type II with the probability , the equation holds if and only if . In the whole game, the adversary will not get any information about . So, the probability that the equation holds is negligible.
That is to say, in the case of private key leakage , if there is an adversary who can output the forged signature of type II with an advantage that cannot be ignored, the equation does not hold. We judge that .
Lemma 4. Under Assumption 2 and in the case of private key leakage , if the adversary (an algorithm ) can output the forged signature of type II with negligible advantage in the game , can also output the forged signature of type II with negligible advantage in game .
Proof. First, given an instance , , (), and , plays or with . The challenger publishes the system parameters to the adversary, where , and are randomly selected. For any private key extraction query or signature query of the adversary, the challenger can use the master key to calculate.
For the adversary’s previous private key extraction queries, will generate a semifunctional private key. selects randomly and returns . If it is a signature query, the challenger first calculates the corresponding private key and then uses the private key to calculate the corresponding signature. The following cases will be handled in this way.
For the adversary’s later private key extraction queries, selects randomly and returns . If it is a signature query, the challenger first calculates the corresponding private key and then uses the private key to calculate the corresponding signature.
For the adversary’s private key extraction query, selects , randomly and returns .
If , the private key is normal. simulates the game properly. If , the private key is semifunctional. simulates the game properly.
Finally, suppose that the adversary generates the forged signature of the user about the message . . The adversary hopes that the forged signature can pass the verification.
Furthermore, the challenger checks whether the forged signature satisfies the following equation:Probability analysis: if , simulates the game properly. If the adversary outputs a forged signature of type I with an advantage that can be ignored, the equation also holds. Thus, the adversary outputs the forged signature of type II with an advantage that can also be ignored.
If , simulates the game properly. If the adversary outputs a forged signature of type I with an advantage that can be ignored, the equation also holds.
When the adversary forges the signature of type II with the probability if and only if , the equation also holds. In the whole game, the adversary gets information about only by the query. Because , and , the equation holds with a probability that can also be ignored.
That is to say, in the case of private key leakage , if there is an adversary in the game who can output the forged signature of type II with an advantage that cannot be ignored such that the equation does not hold, we judge that .
Lemma 5. Under Assumption 3 and in the case of private key leakage , the adversary (an algorithm ) can only output the forged signature of type I with negligible advantage in the game .
Proof. First, given the challenger an instance , , and ( or , where ), plays with .
The challenger publishes the system parameters to the adversary, where , and