Intrusion-Resilient Public-Key Encryption

  • Yevgeniy Dodis
  • Matt Franklin
  • Jonathan Katz
  • Atsuko Miyaji
  • Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2612)


Exposure of secret keys seems to be inevitable, and may in practice represent the most likely point of failure in a cryptographic system. Recently, the notion of intrusion-resilience [17] (which extends both the notions of forward security [3], [5] and key insulation [11]) was proposed as a means of mitigating the harmful effects that key exposure can have. In this model, time is divided into distinct periods; the public key remains fixed throughout the lifetime of the protocol but the secret key is periodically updated. Secret information is stored by both a user and a base; the user performs all cryptographic operations during a given time period, while the base helps the user periodically update his key. Intrusion-resilient schemes remain secure in the face of multiple compromises of both the user and the base, as long as they are not both compromised simultaneously. Furthermore, in case the user and base are compromised simultaneously, prior time periods remain secure (as in forward-secure schemes). Intrusion-resilient signature schemes have been previously constructed [17], [15]. Here, we give the first construction of an intrusion-resilient publickey encryption scheme, based on the recently-constructed forwardsecure encryption scheme of [8]. We also consider generic transformations for securing intrusion-resilient encryption schemes against chosenciphertext attacks.


Encryption Scheme Signature Scheme Random Oracle Random Oracle Model Cryptographic Operation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    M. Abdalla, S. Miner, and C. Namprempre. Forward-Secure Threshold Signature Schemes. RSA 2001.Google Scholar
  2. [2]
    M. Abdalla and L. Reyzin. A New Forward-Secure Digital Signature Scheme. Asiacrypt 2000. 21Google Scholar
  3. [3]
    R. Anderson. Two Remarks on Public-Key Cryptology. Invited lecture, CCCS’ 97. Available at 19, 20
  4. [4]
    M. Bellare, A Desai, E. Jokipii, and P. Rogaway. A Concrete Security Treatment of Symmetric Encryption. FOCS’ 97. 24Google Scholar
  5. [5]
    M. Bellare and S. Miner. A Forward-Secure Digital Signature Scheme. Crypto’ 99. 19, 20, 21Google Scholar
  6. [6]
    M. Bellare and A. Palacio. Protecting against Key Exposure: Strongly Key-Insulated Encryption with Optimal Threshold. Available at 21
  7. [7]
    D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. Crypto 2001. Full version to appear in SIAM J. Computing and available at 21, 25
  8. [8]
    R. Canetti, S. Halevi, and J. Katz. A Forward-Secure Public-Key Encryption Scheme. Preliminary version available at 19, 21, 22, 25, 26, 29, 30, 31
  9. [9]
    A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung. How to Share a Function Securely. STOC’ 94. 20Google Scholar
  10. [10]
    Y. Desmedt and Y. Frankel. Threshold Cryptosystems. Crypto’ 89. 20Google Scholar
  11. [11]
    Y. Dodis, J. Katz, S. Xu, and M. Yung. Key-Insulated Public-Key Cryptosystems. Eurocrypt 2002. 19, 20, 21Google Scholar
  12. [12]
    Y. Dodis, J. Katz, S. Xu, and M. Yung. Strong Key-Insulated Signature Schemes. PKC 2003. 20, 21Google Scholar
  13. [13]
    E. Fujisaki and T. Okamoto. Secure Integration of Asymmetric and Symmetric Encryption Schemes. Crypto’ 99. 22, 31Google Scholar
  14. [14]
    C. Gentry and A. Silverberg. Hierarchical ID-Based Cryptography. Asiacrypt 2002. 25, 30, 31Google Scholar
  15. [15]
    G. Itkis. Intrusion-Resilient Signatures: Generic Constructions, or Defeating a Strong Adversary with Minimal Assumptions. SCN 2002. 19, 21Google Scholar
  16. [16]
    G. Itkis and L. Reyzin. Forward-Secure Signatures with Optimal Signing and Verifying. Crypto 2001. 21Google Scholar
  17. [17]
    G. Itkis and L. Reyzin. SiBIR: Signer-Base Intrusion-Resilient Signatures. Crypto 2002. 19, 21, 22Google Scholar
  18. [18]
    A. Joux. The Weil and Tate Pairing as Building Blocks for Public-Key Cryptosystems. ANTS 2002. 25Google Scholar
  19. [19]
    A. Joux and K. Nguyen. Separating Decision Diffie-Hellman from Diffie-Hellman in Cryptographic Groups. Manuscript, Jan. 2001. Available at 25
  20. [20]
    H. Krawczyk. Simple Forward-Secure Signatures From any Signature Scheme. CCCS 2000. 21Google Scholar
  21. [21]
    T. Malkin, D. Micciancio, and S. Miner. Efficient Generic Forward-Secure Signatures with an Unbounded Number of Time Periods. Eurocrypt 2002. 21Google Scholar
  22. [22]
    T. Okamoto and D. Pointcheval. REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform. CT-RSA 2001. 22, 31Google Scholar
  23. [23]
    R. Ostrovsky and M. Yung. How to Withstand Mobile Virus Attacks. PODC’ 91. 21, 22Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Yevgeniy Dodis
    • 1
  • Matt Franklin
    • 2
  • Jonathan Katz
    • 3
  • Atsuko Miyaji
    • 2
    • 4
  • Moti Yung
    • 5
  1. 1.Department of Computer ScienceNew York UniversityUSA
  2. 2.Department of Computer ScienceUniversity of California
  3. 3.Department of Computer ScienceUniversity of MarylandCollege Park
  4. 4.Japan Advanced Institute of Science and TechnologyUSA
  5. 5.Department of Computer ScienceColumbia UniversityUSA

Personalised recommendations