Novel generic construction of leakage-resilient PKE scheme with CCA security

Abstract

Leakage of private state information (e.g. the secret keys) through various leakage attacks (e.g. side channel attacks, cold-boot attacks, etc) has become a serious threat to the security of computer systems in practice. Nowadays, it has become a common requirement that cryptographic schemes should withstand the leakage attacks. Although some research progresses have been made towards designing leakage-resilient cryptographic schemes, there are still some unsolved issues. For example, the computational costs of the existing generic construction of leakage-resilient public-key encryption (PKE) schemes is generally very high. One of the main reasons is that the underlying building blocks, e.g. non-interactive zero-knowledge argument, one-time lossy filter or one-time signature, are computationally expensive. Moreover, the above constructions of PKE with leakage resilience normally require the upper bound of leakage to be fixed. However, in many real-world applications, this requirement cannot provide sufficient protection against various leakage attacks. In order to mitigate the above problems, this paper presents a generic method of designing leakage amplified PKE schemes with leakage resilience and chosen-ciphertext attacks (CCA) security. Firstly, we define a new cryptography primitive, called identity-based hash proof system with two encapsulated key (T-IB-HPS). Then, two generic constructions of leakage-resilient PKE schemes are proposed using T-IB-HPS and message authentication code (MAC). The CCA security of our proposed constructions can be reduced to the security of the underlying T-IB-HPS and MAC. In the proposed generic method, the leakage parameter has an arbitrary length that can be flexibly adjusted according to the specific leakage requirements. In order to demonstrate the practicability of our generic method, two instantiations of T-IB-HPS are introduced. The first instantiation is proved based on the truncated augmented bilinear Diffie–Hellman exponent assumption, and the second instantiation is proved based on the related security assumptions over the composite order bilinear group.

Appendices

Appendix A. The Proof of Theorem 2

Proof

The correctness, universality and valid/invalid ciphertext indistinguishability of the modified scheme follow those of the original smooth T-IB-HPS.

Let \(f:\{0,1\}^*\rightarrow \{0,1\}^{\lambda }\) be an leakage functions with \(\lambda \) bits output. Also, we define a function \(f'(C^*,k'_1,k'_2)\) which samples the encapsulated key pair \((k'_1,k'_2)\) from the distribution of invalid ciphertext \(C^*\) with the private key \(d_{id}\) by running the decapsulation algorithm \({\mathsf {Decap}}\) and outputs the corresponding leakage \(f(d_{id})\) of private key \(d_{id}\), i.e.,

$$\begin{aligned} f'\left( C^*,k'_1,k'_2\right) =\bigg \{output~~(k'_1,k'_2)\leftarrow {\mathsf {Decap}}(d_{id},C^*)~~\text{ and }~~f(d_{id})\bigg \}. \end{aligned}$$

For any adversary, the viewpoint can be written as \((C^*,f(d_{id}),k_1,k_2)\), where \(C^*={\mathsf {Encap}}^*(id)\), \(k_1={\mathsf {Ext}}_1(k'_1,S_1)\), \(k_2={\mathsf {Ext}}_1(k'_2,S_2)\) and \((k'_1,k'_2)\leftarrow {\mathsf {Decap}}(d_{id},C^*)\).

Then, for \((mpk,msk)\leftarrow {\mathsf {Setup}}(1^\kappa )\) and any fixed identity id, we can obtain

$$\begin{aligned} (C^*,f(d_{id}),k_1,k_2)&\equiv (C^*,f(d_{id}),k_1={\mathsf {Ext}}_1(k'_1,S_1),k_2={\mathsf {Ext}}_1(k'_2,S_2))\nonumber \\&\equiv (C^*,f'(C^*,k'_1,k'_2),k_1={\mathsf {Ext}}_1(k'_1,S_1),k_2={\mathsf {Ext}}_1(k'_2,S_2))\nonumber \\&\approx (C^*,f'(C^*,U_1,U_2),k_1={\mathsf {Ext}}_1(U_1,S_1),k_2={\mathsf {Ext}}_1(U_2,S_2)) \end{aligned}$$

(A.1)

$$\begin{aligned}&\approx (C^*,f'(C^*,U_1,U_2),{\tilde{k}}_1,k_2={\mathsf {Ext}}_1(U_2,S_2))\end{aligned}$$

(A.2)

$$\begin{aligned}&\approx (C^*,f'(C^*,U_1,U_2),{\tilde{k}}_1,{\tilde{k}}_2)\end{aligned}$$

(A.3)

$$\begin{aligned}&\approx (C^*,f'(C^*,k'_1,k'_2),{\tilde{k}}_1,{\tilde{k}}_2)\\&\equiv (C^*,f(d_{id}),{\tilde{k}}_1,{\tilde{k}}_2),\nonumber \end{aligned}$$

(A.4)

where \(d_{id}={\mathsf {KeyGen}}(id,msk)\), \(C^*={\mathsf {Encap}}^*(id)\), \((k'_1,k'_2)={\mathsf {Decp}}(d_{id},C^*)\), \(U_1\leftarrow _R \{0,1\}^{l'_1}\), \(U_2\leftarrow _R \{0,1\}^{l'_2}\), \(k_1\leftarrow _R \{0,1\}^{l_1}\) and \(k_2\leftarrow _R \{0,1\}^{l_2}\). In addition, \(S_1\) and \(S_2\) are the random seeds used in the average-case strong randomness extractor.

Equations (A.1) and (A.4) hold due to the smoothness of the underlying T-IB-HPS, and Eqs. (A.2) and (A.3) follows from the security of the underlying average-case strong randomness extractors \({\mathsf {Ext}}_1\) and \({\mathsf {Ext}}_2\). Therefore, we obtain

$$\begin{aligned} {\mathsf {SD}}\big (\big (C^*,f\big (d_{id}\big ),k_1,k_2\big ),\big (C^*,f\big (d_{id}\big ),{\tilde{k}}_1,{\tilde{k}}_2\big )\big )\le {\mathsf {negl}}(\kappa ). \end{aligned}$$

From the security of the average-case strong randomness extractors \({\mathsf {Ext}}_1\) and \({\mathsf {Ext}}_2\), we have that

$$\begin{aligned} \lambda \le l'_1-l_1-\omega (\log \kappa )~~\text{ and }~~\lambda \le l'_2-l_2-\omega (\log \kappa ). \end{aligned}$$

Hence, for any leakage parameter \(\lambda \le {\mathsf {min}}\big \{l'_1-l_1-\omega (\log \kappa ),l'_2-l_2-\omega (\log \kappa )\big \}\), the above construction is a \(\lambda \)-leakage smooth T-IB-HPS. \(\square \)

Appendix B. The Proof of Theorem 4

Proof

The above theorem will be proved by the following game argument. Let \({\mathcal {N}}_1\) be the event that \({\mathcal {A}}\) submits a decryption query for the ciphertext \(C=(\vec {r},C_1,C_2,Tag)\), where \((\vec {r},C_1,C_2)\ne (\vec {r}^*,C_1^*,C_2^*)\) and \(H(\vec {r},C_1,C_2)\ne H(\vec {r}^*,C_1^*,C_2^*)\). Let \({\mathcal {N}}_2\) be the event that \({\mathcal {A}}\) submits a decryption query for the ciphertext \(C=(\vec {r}^*,C_1^*,C_2^*,Tag')\) after obtaining the challenge ciphertext \(C_v^*=(\vec {r}^*,C_1^*,C_2^*,Tag^*)\), where \(Tag'\) is a valid tag on the message \((\vec {r}^*,C_1^*,C_2^*)\) and \(Tag'\ne Tag^*\).

\({\mathsf {Game}}_0\): This is the original leakage-resilient CCA security game, in this game, the challenge ciphertext \(C_v^*=(\vec {r}^*,C_1^*,C_2^*,Tag^*)\) is generated by performing the encryption algorithm \({\mathsf {Enc}}\). That is, the following operations are performed by the simulator \({\mathcal {S}}\).

• Choose t random index \(\vec {r}^*=(r_1,\cdots ,r_t)\leftarrow _R [n]^t\).

• For \(i\in \{1,2,\cdots ,t\}\), compute

  $$\begin{aligned} (C_1^i,k_1^i,k_2^i)\leftarrow {\mathsf {Encap}}'({{\mathsf {H}}}(id,r_i)). \end{aligned}$$

• Compute

  $$\begin{aligned} k_1^*=Fun_1(k_1^1,\cdots ,k_1^t)~~\text{ and }~~k_2^*=Fun_2(k_2^1,\cdots ,k_2^t). \end{aligned}$$

• Set \(C_1^*=(C_1^1,\cdots ,C_1^t)\), and compute

  $$\begin{aligned} C_2^*=k_1^* \oplus M_v~~\text{ and }~~Tag^*={\mathsf {Tag}}(k_2^*,H(\vec {r}^*,C_1^*,C_2^*)), \end{aligned}$$

  where \(v\leftarrow _R \{0,1\}\).

Hence, we can obtain

$$\begin{aligned} {\mathsf {Adv}}_{\mathrm {PKE}}^{\mathrm {LR\text{- }CCA}}(\kappa ,\lambda ) =\Big |\Pr [{\mathcal {E}}_0]-\frac{1}{2}\Big |. \end{aligned}$$

\({\mathsf {Game}}_1\): This game is similar to \({\mathsf {Game}}_0\), but a special reject rule is applied in the decryption query. That is, the simulator \({\mathcal {S}}\) will be reject the corresponding decryption query while the even \({\mathcal {N}}_1\) occurs.

The only difference between \({\mathsf {Game}}_1\) and \({\mathsf {Game}}_0\) is the response stage of decryption query when the event \({\mathcal {N}}_1\) occurs. In \({\mathsf {Game}}_1\), the simulator \({\mathcal {S}}\) rejects the corresponding decryption query when the event \({\mathcal {N}}_1\) occurs. However, in \({\mathsf {Game}}_0\), \({\mathcal {S}}\) responds the corresponding decryption query when the event \({\mathcal {N}}_1\) occurs. Thus, if the event \({\mathcal {N}}_1\) does not occur, then \({\mathsf {Game}}_1\) and \({\mathsf {Game}}_0\) are indistinguishable except with negligible advantage. That is, \(\Pr [{\mathcal {E}}_1|\overline{{\mathcal {N}}}_1]=\Pr [{\mathcal {E}}_0|\overline{{\mathcal {N}}}_1]\). Based on difference lemma, we obtain that

$$\begin{aligned} \Big |\Pr [{\mathcal {E}}_1]-\Pr [{\mathcal {E}}_0]\Big |\le \Pr [{\mathcal {N}}_1]. \end{aligned}$$

Since \(H: \{0,1\}^* \rightarrow {\mathcal {M}}\) is a target collision resilient hash function, the probability of event \({\mathcal {N}}_1\) is negligible. Hence, \(\big |\Pr [{\mathcal {E}}_1]-\Pr [{\mathcal {E}}_0]\big |\le {\mathsf {negl}}(\kappa )\).

\({\mathsf {Game}}_2\): This game is similar to \({\mathsf {Game}}_1\), but a special reject rule is applied in the decryption query. That is, the simulator \({\mathcal {S}}\) will be reject the corresponding decryption query while the even \({\mathcal {F}}_2\) occurs.

The only difference between \({\mathsf {Game}}_2\) and \({\mathsf {Game}}_1\) is the response stage of decryption query when the event \({\mathcal {N}}_2\) occurs. In \({\mathsf {Game}}_2\), the simulator \({\mathcal {S}}\) rejects the corresponding decryption query when the event \({\mathcal {N}}_2\) occurs. However, in \({\mathsf {Game}}_1\), \({\mathcal {S}}\) responds the corresponding decryption query when the event \({\mathcal {N}}_2\) occurs. Thus, if the event \({\mathcal {N}}_2\) does not occur, then \({\mathsf {Game}}_2\) and \({\mathsf {Game}}_1\) are indistinguishable except with negligible advantage. That is, \(\Pr [{\mathcal {E}}_2|\overline{{\mathcal {N}}}_2]=\Pr [{\mathcal {E}}_1|\overline{{\mathcal {N}}}_2]\). Based on difference lemma, we obtain that

$$\begin{aligned} \Big |\Pr [{\mathcal {E}}_2]-\Pr [{\mathcal {E}}_1]\Big |\le \Pr [{\mathcal {N}}_2]. \end{aligned}$$

We can obtain that \(\Pr [{\mathcal {N}}_2]\le {\mathsf {negl}}(\kappa )\) from the conclusion of Claim 1. Hence, we will have

$$\begin{aligned} \Big |\Pr [{\mathcal {E}}_2]-\Pr [{\mathcal {E}}_1]\Big |\le {\mathsf {negl}}(\kappa ). \end{aligned}$$

\({\mathsf {Game}}_3\): This game is similar to \({\mathsf {Game}}_2\), however, in this game, the corresponding challenge ciphertext \(C_v^*=(\vec {r}^*,C_1^*,C_2^*,Tag^*)\) is generated by the simulator \({\mathcal {S}}\) with the secret key sk.

• Choose t random index \(\vec {r}^*=(r_1,\cdots ,r_t)\leftarrow _R [n]^t\).

• For \(i\in \{1,2,\ldots ,t\}\), compute

  $$\begin{aligned} \big (C_1^i,k_1^i,k_2^i\big )\leftarrow {\mathsf {Encap}}'({{\mathsf {H}}}(id,r_i)). \end{aligned}$$

• For \(i\in \{1,2,\ldots ,t\}\), compute

  $$\begin{aligned} \big ({\tilde{k}}_1^i,{\tilde{k}}_2^i\big )\leftarrow {\mathsf {Decap}}'(d_{id}^{r_i},C_1^i) \end{aligned}$$

• Compute

  $$\begin{aligned} {\tilde{k}}_1^*=Fun_1\big ({\tilde{k}}_1^1,\ldots ,{\tilde{k}}_1^t\big ) ~~\text{ and }~~{\tilde{k}}_2^*=Fun_2\big ({\tilde{k}}_2^1,\ldots ,{\tilde{k}}_2^t\big ). \end{aligned}$$

• Set \(C_1^*=(C_1^1,\ldots ,C_1^t)\), and compute

  $$\begin{aligned} C_2^*={\tilde{k}}_1^* \oplus M_v~~\text{ and }~~Tag^*={\mathsf {Tag}} \big ({\tilde{k}}_2^*,H\big (\vec {r}^*,C_1^*,C_2^*\big )\big ), \end{aligned}$$

  where \(v\leftarrow _R \{0,1\}\).

The only difference between \({\mathsf {Game}}_3\) and \({\mathsf {Game}}_2\) is the generation stage of challenge ciphertext. In \({\mathsf {Game}}_2\), the challenge ciphertext is generated by the simulator \({\mathcal {S}}\) through calling the encryption algorithm \({\mathsf {Enc}}\) with its public key pk. But in \({\mathsf {Game}}_3\), the challenge ciphertext is generated by the simulator \({\mathcal {S}}\) through itself compute with its secret key sk. Thus, this change is only conceptual. Hence, we can obtain

$$\begin{aligned} \Big |\Pr [{\mathcal {E}}_3]-\Pr [{\mathcal {E}}_2]\Big |\le {\mathsf {negl}}(\kappa ). \end{aligned}$$

\({\mathsf {Game}}_4\): This game is similar to \({\mathsf {Game}}_3\), however, in this game, the corresponding challenge ciphertext \(C_v^*=(\vec {r}^*,C_1^*,C_2^*,Tag^*)\) is generated by the simulator \({\mathcal {S}}\) with the invalid encapsulation algorithm \({\mathsf {Encap}}'^*\) of T-IB-HPS.

• Choose t random index \(\vec {r}^*=(r_1,\cdots ,r_t)\leftarrow _R [n]^t\).

• For \(i\in \{1,2,\cdots ,t\}\), compute

  $$\begin{aligned} C_1^i \leftarrow {\mathsf {Encap}}'^*({{\mathsf {H}}}(id,r_i)). \end{aligned}$$

• For \(i\in \{1,2,\ldots ,t\}\), compute

  $$\begin{aligned} ({\tilde{k}}_1^i,{\tilde{k}}_2^i)\leftarrow {\mathsf {Decap}}'(d_{id}^{r_i},C_1^i) \end{aligned}$$

• Compute

  $$\begin{aligned} {\tilde{k}}_1^*=Fun_1({\tilde{k}}_1^1,\ldots ,{\tilde{k}}_1^t) ~~\text{ and }~~{\tilde{k}}_2^*=Fun_2({\tilde{k}}_2^1,\ldots ,{\tilde{k}}_2^t). \end{aligned}$$

• Set \(C_1^*=(C_1^1,\ldots ,C_1^t)\), and compute

  $$\begin{aligned} C_2^*={\tilde{k}}_1^* \oplus M_v~~\text{ and }~~Tag^*={\mathsf {Tag}}({\tilde{k}}_2^*,H(\vec {r}^*,C_1^*,C_2^*)), \end{aligned}$$

  where \(v\leftarrow _R \{0,1\}\).

In \({\mathsf {Game}}_3\), the simulator \({\mathcal {S}}\) generates a valid encapsulated ciphertext of T-IB-HPS. However, in \({\mathsf {Game}}_4\), the simulator \({\mathcal {S}}\) generates an invalid encapsulated ciphertext of T-IB-HPS. Thus, any difference between \({\mathsf {Game}}_3\) and \({\mathsf {Game}}_4\) can be used to distinguish a valid encapsulated ciphertext from an invalid encapsulated ciphertext. Hence, based on the valid/invalid ciphertext indistinguishability of T-IB-HPS, we can obtain

$$\begin{aligned} \Big |\Pr [{\mathcal {E}}_4]-\Pr [{\mathcal {E}}_3]\Big |\le {\mathsf {negl}}(\kappa ). \end{aligned}$$

\({\mathsf {Game}}_5\): This game is similar to \({\mathsf {Game}}_4\), however, in this game, the corresponding challenge ciphertext \(C_v^*=(\vec {r}^*,C_1^*,C_2^*,Tag^*)\) is generated by the simulator \({\mathcal {S}}\) with two random encapsulated keys \({\hat{k}}_1^*\) and \({\hat{k}}_2^*\).

• Choose t random index \(\vec {r}^*=(r_1,\ldots ,r_t)\leftarrow _R [n]^t\).

• Choose \({\hat{k}}_1^* \leftarrow _R \{0,1\}^{l_m}\) and \({\hat{k}}_2^* \leftarrow _R \{0,1\}^{l_k}\), and compute

  $$\begin{aligned} C_2^*={\hat{k}}_1^* \oplus M_v~~\text{ and }~~Tag^*={\mathsf {Tag}}({\hat{k}}_2^*,H(\vec {r}^*,C_1^*,C_2^*)), \end{aligned}$$

  where \(C_1^*=(C_1^1,\ldots ,C_1^t)\) and \(v\leftarrow _R \{0,1\}\).

In \({\mathsf {Game}}_4\), the simulator \({\mathcal {S}}\) generates a challenge ciphertext with the decapsulated results \(({\tilde{k}}_1,{\tilde{k}}_2)\) of an invalid encapsulated ciphertext. However, in \({\mathsf {Game}}_5\), the simulator \({\mathcal {S}}\) generates a challenge ciphertext with two random encapsulated keys \({\hat{k}}_1\) and \({\hat{k}}_2\) chosen from the key space \({\mathcal {K}}_1\times {\mathcal {K}}_2\). Thus, any difference between \({\mathsf {Game}}_4\) and \({\mathsf {Game}}_5\) can be used to break the smoothness of T-IB-HPS. Hence, we can obtain

$$\begin{aligned} \Big |\Pr [{\mathcal {E}}_5]-\Pr [{\mathcal {E}}_4]\Big |\le {\mathsf {negl}}(\kappa ). \end{aligned}$$

However, in \({\mathsf {Game}}_5\), it is clear that the advantage of event \(\Pr [{\mathcal {E}}_5]\) for any adversary \({\mathcal {A}}\) is exactly 0, because \({\mathsf {Game}}_5\) is independent of the random bit v. That is, \(\Pr [{\mathcal {E}}_5]=\frac{1}{2}\).

To sum up, we have that

$$\begin{aligned} \Big |\Pr [{\mathcal {E}}_0]-\frac{1}{2}\Big | \le {\mathsf {negl}}(\kappa ) \end{aligned}$$

Thus, we will obtain \({\mathsf {Adv}}_{\mathrm {PKE}}^{\mathrm {LR\text{- }CCA}}(\kappa ,\lambda )\le {\mathsf {negl}}(\kappa )\).

Therefore, our new method is a generic construction of leakage-amplified CCA secure PKE scheme with the leakage parameter \(\lambda \le {\mathsf {min}} \big \{t\log q-l_m-\omega (\log \kappa ),t\log q-l_k-\omega (\log \kappa )\big \}\). \(\square \)

Appendix C. Difference lemma

In this section, we will review difference lemma.

Lemma 7

(Difference Lemma) Let \({\mathcal {E}}_1\), \({\mathcal {E}}_2\) and \({\mathcal {F}}\) be events definied in some probability distribution, and suppose that \(\Pr [{\mathcal {E}}_1|\overline{{\mathcal {F}}}]=\Pr [{\mathcal {E}}_2|\overline{{\mathcal {F}}}]\). Then, \(\Big |\Pr [{\mathcal {E}}_1]-\Pr [{\mathcal {E}}_2]\Big |\le \Pr [{\mathcal {F}}]\).

Proof

We have

$$\begin{aligned} \Pr [{\mathcal {E}}_1]-\Pr [{\mathcal {E}}_2]&=\Pr [{\mathcal {E}}_1|{\mathcal {F}}] +\Pr [{\mathcal {E}}_1|\overline{{\mathcal {F}}}]-\Pr [{\mathcal {E}}_2|{\mathcal {F}}] -\Pr [{\mathcal {E}}_2|\overline{{\mathcal {F}}}]\\&=\Pr [{\mathcal {E}}_1|{\mathcal {F}}]-\Pr [{\mathcal {E}}_2|{\mathcal {F}}]\\&\le \Pr [{\mathcal {F}}]. \end{aligned}$$

The second equalily follows from that \(\Pr [{\mathcal {E}}_1|\overline{{\mathcal {F}}}]=\Pr [{\mathcal {E}}_2|\overline{{\mathcal {F}}}]\). The final inequalily from the fact that both \(\Pr [{\mathcal {E}}_1|{\mathcal {F}}]\) and \(\Pr [{\mathcal {E}}_2|{\mathcal {F}}]\) are numbers between 0 and \(\Pr [{\mathcal {F}}]\). \(\square \)