Advertisement

Hedged Nonce-Based Public-Key Encryption: Adaptive Security Under Randomness Failures

  • Zhengan Huang
  • Junzuo LaiEmail author
  • Wenbin Chen
  • Man Ho Au
  • Zhen Peng
  • Jin LiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10769)

Abstract

Nowadays it is well known that randomness may fail due to bugs or deliberate randomness subversion. As a result, the security of traditional public-key encryption (PKE) cannot be guaranteed any more. Currently there are mainly three approaches dealing with the problem of randomness failures: deterministic PKE, hedged PKE, and nonce-based PKE. However, these three approaches only apply to different application scenarios respectively. Since the situations in practice are dynamic and very complex, it’s almost impossible to predict the situation in which a scheme is deployed, and determine which approach should be used beforehand.

In this paper, we initiate the study of hedged security for nonce-based PKE, which adaptively applies to the situations whenever randomness fails, and achieves the best-possible security. Specifically, we lift the hedged security to the setting of nonce-based PKE, and formalize the notion of chosen-ciphertext security against chosen-distribution attacks (IND-CDA2) for nonce-based PKE. By presenting two counterexamples, we show a separation between our IND-CDA2 security for nonce-based PKE and the original NBP1/NBP2 security defined by Bellare and Tackmann (EUROCRYPT 2016). We show two nonce-based PKE constructions meeting IND-CDA2, NBP1 and NBP2 security simultaneously. The first one is a concrete construction in the random oracle model, and the second one is a generic construction based on a nonce-based PKE scheme and a deterministic PKE scheme.

Keywords

Hedged security Nonce-based public-key encryption Deterministic public-key encryption Randomness failures 

Notes

Acknowledgment

We thank the anonymous reviewers for their helpful comments. The first author was supported by National Natural Science Foundation of China (No. 61702125), and Scientific Research Foundation for Post-doctoral Researchers of Guangzhou (No. gdbsh2016020). The second author was National Natural Science Foundation of China (No. 61572235), Guangdong Natural Science Funds for Distinguished Young Scholar (No. 2015A030306045), and Pearl River S&T Nova Program of Guangzhou. The third author was partly supported by the Program for Innovative Research Team in Education Department of Guangdong Province Under Grant No. 2015KCXTD014. and No. 2016KCXTD017. The sixth author was supported by National Natural Science Foundation of China (No. 61472091), National Natural Science Foundation for Outstanding Youth Foundation (No. 61722203), and the State Key Laboratory of Cryptology, Beijing, China.

Supplementary material

References

  1. 1.
    Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74143-5_30 CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Brakerski, Z., Naor, M., Ristenpart, T., Segev, G., Shacham, H., Yilek, S.: Hedged public-key encryption: how to protect against bad randomness. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 232–249. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-10366-7_14 CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Dowsley, R., Keelveedhi, S.: How secure is deterministic encryption? In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 52–73. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46447-2_3 Google Scholar
  4. 4.
    Bellare, M., Fischlin, M., O’Neill, A., Ristenpart, T.: Deterministic encryption: definitional equivalences and constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 360–378. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_20 CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Hoang, V.T.: Resisting randomness subversion: fast deterministic and hedged public-key encryption in the standard model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 627–656. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46803-6_21 Google Scholar
  6. 6.
    Bellare, M., Hoang, V.T., Keelveedhi, S.: Instantiating random oracles via UCEs. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 398–415. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40084-1_23 CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006).  https://doi.org/10.1007/11761679_25 CrossRefGoogle Scholar
  8. 8.
    Bellare, M., Tackmann, B.: Nonce-based cryptography: retaining security when randomness fails. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 729–757. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49890-3_28 CrossRefGoogle Scholar
  9. 9.
    Boldyreva, A., Fehr, S., O’Neill, A.: On notions of security for deterministic encryption, and efficient constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 335–359. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85174-5_19 CrossRefGoogle Scholar
  10. 10.
    Boldyreva, A., Patton, C., Shrimpton, T.: Hedging public-key encryption in the real world. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 462–494. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63697-9_16 CrossRefGoogle Scholar
  11. 11.
    Brakerski, Z., Segev, G.: Better security for deterministic public-key encryption: the auxiliary-input setting. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 543–560. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_31 CrossRefGoogle Scholar
  12. 12.
    Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: ACM CCS 2015, pp. 668–679. ACM Press (2015)Google Scholar
  13. 13.
    Checkoway, S., Fredrikson, M., Niederhagen, R., Everspaugh, A., Green, M., Lange, T., Ristenpart, T., Bernstein, D.J., Maskiewicz, J., Shacham, H.: On the practical exploitability of dual EC in TLS implementations. In: USENIX Security, vol. 1 (2014)Google Scholar
  14. 14.
    Fuller, B., O’Neill, A., Reyzin, L.: A unified approach to deterministic encryption: new constructions and a connection to computational entropy. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 582–599. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-28914-9_33 CrossRefGoogle Scholar
  15. 15.
    Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your Ps and Qs: detection of widespread weak keys in network devices. In: USENIX Security Symposium, pp. 205–220 (2012)Google Scholar
  16. 16.
    Hoang, V.T., Katz, J., O’Neill, A., Zaheri, M.: Selective-opening security in the presence of randomness failures. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 278–306. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53890-6_10 CrossRefGoogle Scholar
  17. 17.
    Mironov, I., Pandey, O., Reingold, O., Segev, G.: Incremental deterministic public-key encryption. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 628–644. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_37 CrossRefGoogle Scholar
  18. 18.
    Kaliski, B.: Public-Key Cryptography Standards (PKCS) # 1: RSA Cryptography Specifications Version 2.1, RFC 3447 (2003). https://tools.ietf.org/html/rfc3447
  19. 19.
    Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992).  https://doi.org/10.1007/3-540-46766-1_35 Google Scholar
  20. 20.
    Raghunathan, A., Segev, G., Vadhan, S.: Deterministic public-key encryption for adaptively chosen plaintext distributions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 93–110. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_6 CrossRefGoogle Scholar
  21. 21.
    Ristenpart, T., Yilek, S.: When good randomness goes bad: virtual machine reset vulnerabilities and hedging deployed cryptography. In: NDSS (2010)Google Scholar
  22. 22.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Wichs, D.: Barriers in cryptography with weak, correlated and leaky sources. In: Proceedings of the 4th Conference on Innovations in Theoretical Computer Science. ACM (2013)Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.School of Computer ScienceGuangzhou UniversityGuangzhouChina
  2. 2.College of Information Science and TechnologyJinan UniversityGuangzhouChina
  3. 3.State Key Laboratory of CryptologyBeijingChina
  4. 4.Department of ComputingThe Hong Kong Polytechnic UniversityHung HomHong Kong
  5. 5.Westone Cryptologic Research CenterBeijingChina

Personalised recommendations