Reconfigurable Cryptography: A Flexible Approach to Long-Term Security
We put forward the concept of a reconfigurable cryptosystem. Intuitively, a reconfigurable cryptosystem allows to increase the security of the system at runtime, by changing a single central parameter we call common reference string (CRS). In particular, e.g., a cryptanalytic advance does not necessarily entail a full update of a large public-key infrastructure; only the CRS needs to be updated. In this paper we focus on the reconfigurability of encryption and signature schemes, but we believe that this concept and the developed techniques can also be applied to other kind of cryptosystems.
Besides a security definition, we offer two reconfigurable encryption schemes, and one reconfigurable signature scheme. Our first reconfigurable encryption scheme uses indistinguishability obfuscation (however only in the CRS) to adaptively derive short-term keys from long-term keys. The security of long-term keys can be based on a one-way function, and the security of both the indistinguishability obfuscation and the actual encryption scheme can be increased on-the-fly, by changing the CRS. We stress that our scheme remains secure even if previous short-term secret keys are leaked.
Our second reconfigurable encryption scheme has a similar structure (and similar security properties), but relies on a pairing-friendly group instead of obfuscation. Its security is based on the recently introduced hierarchy of \(k\)-SCasc assumptions. Similar to the \(k\)-Linear assumption, it is known that \(k\)-SCasc implies \((k+1)\)-SCasc, and that this implication is proper in the generic group model. Our system allows to increase \(k\) on-the-fly, just by changing the CRS. In that sense, security can be increased without changing any long-term keys.
We also offer a reconfigurable signature scheme based on the same hierarchy of assumptions.
KeywordsLong-term security Security definitions Public-key cryptography
- 2.Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of FOCS 1997, pp. 394–403. IEEE Computer Society (1997)Google Scholar
- 8.Brakerski, Z., Kalai, Y.T., Katz, J., Vaikuntanathan, V.: Overcoming the hole in the bucket: public-key cryptography resilient to continual memory leakage. In: Proceedings of FOCS 2010, pp. 501–510. IEEE Computer Society (2010)Google Scholar
- 12.Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: Proceedings of FOCS 2013, pp. 40–49. IEEE Computer Society (2013)Google Scholar
- 13.Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of STOC 2008, pp. 197–206. ACM (2008)Google Scholar
- 18.Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of STOC 2005, pp. 84–93. ACM (2005)Google Scholar
- 19.Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. Cryptology ePrint Archive, Report 2013/454 (2013). http://eprint.iacr.org/2013/454
- 20.Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Proceedings of STOC 2014, pp. 475–484. ACM (2014)Google Scholar
- 22.Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. IACR Cryptology ePrint Archive 2004, 332 (2004). http://eprint.iacr.org/2004/332