Cryptographic Reverse Firewalls for Identity-Based Encryption

  • Yuyang Zhou
  • Yuanfeng Guan
  • Zhiwei Zhang
  • Fagen LiEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1105)


The Snowden revelations show that powerful attackers can compromise user’s machines to steal users’ private information. At the same time, many of the encryption schemes that are proven to be secure in Random Oracle Model (ROM) may present undetectable vulnerabilities when implemented, and these vulnerabilities may reveal a users’ secrets, e.g., the machine hides some backdoors without the user’s awareness, and an attacker can steal the user’s private information through these backdoors. Recently, Mironov and Stephens-Davidowitz proposed cryptographic reverse firewall (CRF) to solve this problem. However, there is no CRF for identity-based encryption (IBE) has been proposed. In this paper, we propose two CRF protocols for IBE. One is a one-round encryption protocol with CRF used on the receiver, and the other is a two-round encryption protocol with CRFs deployed on both sender and receiver. We prove that these two protocols can resist the exfiltration of secret information and one is only secure against a chosen plaintext attack (CPA), the other is semantically secure against an adaptive chosen ciphertext attack (IND-ID-CCA). Moreover, we use JPBC to implement our protocols. The experimental results indicate that our protocols have some advantages in communication cost. Under certain computation cost conditions, our protocols are efficient and practical.


Identity-based encryption Cryptographic reverse firewalls Exfiltration resistance 



This work is supported by the National Natural Science Foundation of China (grant no. 61872058 ).


  1. 1.
    Fang, X., Misra, S., Xue, G., Yang, D.: Smart grid-the new and improved power grid: a survey. IEEE Commun. Surv. Tutorials 14(4), 944–980 (2011)CrossRefGoogle Scholar
  2. 2.
    Perlroth, N., Larson, J., Shane, S.: N.S.A. Able to Foil Basic Safeguards of Privacy on Web. The New York Times, New York (2013)Google Scholar
  3. 3.
    Greenwald, G.: No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. Metropolitan Books, New York (2014)Google Scholar
  4. 4.
    Vulnerability summary for CVE-2014-1260(‘Heartbleed’), April 2014.
  5. 5.
    Vulnerability summary for CVE-2014-1266 (‘goto fail’), February 2014.
  6. 6.
    Vulnerability summary for CVE-2014-6271(‘Shellshock’), September 2014.
  7. 7.
    Tang, D.Q.: Cliptography: post-snowden cryptography. In: Proceedings of the ACM SIGSAC Conference on Computer & Communications Security 2017, pp. 2615–2616. ACM, Dallas, TX, USA (2017)Google Scholar
  8. 8.
    Mironov, I., Stephens-Davidowitz, N.: Cryptographic reverse firewalls. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 657–686. Springer, Heidelberg (2015). Scholar
  9. 9.
    Young, A., Yung, M.: The dark side of “Black-Box” cryptography or: should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996). Scholar
  10. 10.
    Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998). Scholar
  11. 11.
    Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001). Scholar
  12. 12.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Boyen, X., Waters, B.: Anonymous hierarchical identity-based encryption (Without Random Oracles). In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 290–307. Springer, Heidelberg (2006). Scholar
  14. 14.
    Hess, F.: Efficient identity based signature schemes based on pairings. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 310–324. Springer, Heidelberg (2003). CrossRefGoogle Scholar
  15. 15.
    Choon, J.C., Hee Cheon, J.: An identity-based signature from gap diffie-hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2003). Scholar
  16. 16.
    Shamir, A.: Indentity-based crytosystems and signature schemes. LNCS 21(2), 47–53 (1984)Google Scholar
  17. 17.
    Dodis, Y., Mironov, I., Stephens-Davidowitz, N.: Message transmission with reverse firewalls—secure communication on corrupted machines. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 341–372. Springer, Heidelberg (2016). Scholar
  18. 18.
    Chen, R., Mu, Y., Yang, G., Susilo, W., Guo, F., Zhang, M.: Cryptographic reverse firewall via malleable smooth projective hash functions. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 844–876. Springer, Heidelberg (2016). Scholar
  19. 19.
    Ma, H., Zhang, R., Yang, G., Song, Z., Sun, S., Xiao, Y.: Concessive online/offline attribute based encryption with cryptographic reverse firewalls—secure and efficient fine-grained access control on corrupted machines. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 507–526. Springer, Cham (2018). Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Yuyang Zhou
    • 1
  • Yuanfeng Guan
    • 2
  • Zhiwei Zhang
    • 2
  • Fagen Li
    • 1
    Email author
  1. 1.University of Electronic Science and Technology of ChinaChengduChina
  2. 2.SI-TECH Information Technology Co., LtdBeijingChina

Personalised recommendations