Abstract
In this work, we introduce the notion of hierarchical integrated signature and encryption (HISE), wherein a single public key is used for both signature and encryption, and one can derive a secret key used only for decryption from the signing key, which enables secure delegation of decryption capability. HISE enjoys the benefit of key reuse, and admits individual key escrow. We present two generic constructions of HISE. One is from (constrained) identity-based encryption. The other is from uniform one-way function, public-key encryption, and general-purpose public-coin zero-knowledge proof of knowledge. To further attain global key escrow, we take a little detour to revisit global escrow PKE, an object both of independent interest and with many applications. We formalize the syntax and security model of global escrow PKE, and provide two generic constructions. The first embodies a generic approach to compile any PKE into one with global escrow property. The second establishes a connection between three-party non-interactive key exchange and global escrow PKE. Combining the results developed above, we obtain HISE schemes that support both individual and global key escrow.
We instantiate our generic constructions of (global escrow) HISE and implement all the resulting concrete schemes for 128-bit security. Our schemes have performance that is comparable to the best Cartesian product combined public-key scheme, and exhibit advantages in terms of richer functionality and public key reuse. As a byproduct, we obtain a new global escrow PKE scheme that is 12–30\(\times \) faster than the best prior work, which might be of independent interest.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
One may attempt to include the encryption key ek and verification key vk into one certificate in order to keep the certificate cost unchanged. Unfortunately this theoretically possible solution is not standard-compliant. X.509v3 as per RFC 5280 [X50] only allows a single subjectPublicKeyInfo field. If one wants to add more than one public key into this field, new syntax or parsing rule are needed, which would require major changes to implementations and relevant libraries. In contrast, key reuse is readily supported by X.509v3 via the keyUsage field.
- 2.
Certificate costs include but not limit to registration, issuing, storage, transmission, verification, and building/recurring fees.
- 3.
As briefly elaborated before, the advantage of key reuse strategy mostly resides in the fact that one public key is used for both encryption and verification.
- 4.
- 5.
The government of the United Kingdom requires any PGP user to give the police both his private key and his passphrase on demand. Failure to comply is a criminal offense, punishable by a jail term of two years.
- 6.
Our perspective is that a security reduction from Verheul’s scheme to standard hardness problem is unlikely to be forthcoming, since it is difficult to emulate the decryption key for the adversary against the signature component.
- 7.
Recent security evaluations show that the security level of bls12-381 is close to but less than 128-bit. As curves of 128-bit security level are currently the most widely used, BLS12-381 and BN462 are recommended in the memo [SKSW20] in order to have a more efficient and a more prudent option respectively.
- 8.
So far, ss-1536 is the only reported pairing-friendly curve with 128-bit security that supports Weil pairing.
References
Akinyele, J.A., Garman, C., Hohenberger, S.: Automating fast and secure translations from type-i to type-iii pairing schemes. In: ACM CCS 2015, pp. 1370–1381 (2015)
Aranha, D.F., Gouvêa, C.P.L., Markmann, T., Wahby, R.S., Liao, K.: RELIC is an efficient library for cryptography (2013). https://github.com/relic-toolkit/relic
Agrawal, S., Ganesh, C., Mohassel, P.: Non-interactive zero-knowledge proofs for composite statements. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part III. LNCS, vol. 10993, pp. 643–673. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_22
Bünz, B., Agrawal, S., Zamani, M., Boneh, D.: Zether: towards privacy in a smart contract world. In: Bonneau, J., Heninger, N. (eds.) FC 2020. LNCS, vol. 12059, pp. 423–443. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51280-4_23
Boneh, D., Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. SIAM J. Comput. 36(5), 1301–1328 (2007)
Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. SIAM J. Comput. 32, 586–615 (2003)
Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_30
Biagioni, S., Masny, D., Venturi, D.: Naor-Yung paradigm with shared randomness and applications. In: SCN 2016, pp. 62–80 (2016)
Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: ACM CCS 2017, pp. 1825–1842 (2017)
Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_16
Coron, J.-S., Joye, M., Naccache, D., Paillier, P.: Universal padding schemes for RSA. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 226–241. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_15
Chen, Y., Ma, X., Tang, C., Au, M.H.: PGC: pretty good confidential transaction system with auditability. In: ESORICS 2020, pp. 591–610 (2020)
Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Cryptography against continuous memory attacks. In: FOCS 2010, pp. 511–520 (2010)
Degabriele, J.P., Lehmann, A., Paterson, K.G., Smart, N.P., Strefler, M.: On the joint security of encryption and signature in EMV. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 116–135. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27954-6_8
EMV Co: EMV Book 2 - Security and Key Management -Version 4.3 (2011). https://www.emvco.com/wp-content/uploads/2017/05/EMV_v4.3_Book_2_Security_and_Key_Management_20120607061923900.pdf
Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_34
Grassi, L., Khovratovich, D., Rechberger, C., Roy, A., Schofnegger, M.: Poseidon: a new hash function for zero-knowledge proof systems. In: USENIX Security 2021 (2021)
Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discret. Appl. Math. 156(16), 3113–3121 (2008)
Haber, S., Pinkas, B.: Securely combining public-key cryptosystems. In: ACM CCS 2001, pp. 215–224 (2001)
Joux, A.: A one round protocol for tripartite Diffie-Hellman. J. Cryptol. 17(4), 263–276 (2004)
Katz, J., Kolesnikov, V., Wang, X.: Improved non-interactive zero knowledge with applications to post-quantum signatures. In: ACM CCS 2018, pp. 525–537 (2018)
Komano, Y., Ohta, K.: Efficient universal padding techniques for multiplicative trapdoor one-way permutation. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 366–382. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_22
Kosba, A.E., Papamanthou, C., Shi, E.: xJsnark: a framework for efficient verifiable computation. In: IEEE S&P 2018, pp. 944–961 (2018)
Narula, N., Vasquez, W., Virza, M.: zkledger: privacy-preserving auditing for distributed ledgers. In: USENIX NSDI 2018, pp. 65–80 (2018)
Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: STOC 1990, pp. 427–437 (1990)
Ping identity. http://www.pingidentity.com
Paterson, K.G., Schuldt, J.C.N., Stam, M., Thomson, S.: On the joint security of encryption and signature, revisited. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 161–178. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_9
Paillier, P., Yung, M.: Self-escrowed public-key infrastructures. In: Song, J.S. (ed.) ICISC 1999. LNCS, vol. 1787, pp. 257–268. Springer, Heidelberg (2000). https://doi.org/10.1007/10719994_20
Ross, D.E.: PGP: backdoors and key escrow. https://www.rossde.com/PGP/pgp_backdoor.html
Rubin, K., Silverberg, A.: Compression in finite fields and torus-based cryptography. SIAM J. Comput. 37(5), 1401–1428 (2008)
Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: FOCS 1999, pp. 543–553. ACM (1999)
Setty, S.: Spartan: efficient and general-purpose zkSNARKs without trusted setup. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part III. LNCS, vol. 12172, pp. 704–737. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_25
Shigeo, M.: A portable and fast pairing-based cryptography library. https://github.com/herumi/mcl
Sakemi, Y., Kobayashi, T., Saito, T., Wahby, R.S.: Pairing-Friendly Curves. Internet-Draft draft-irtf-cfrg-pairing-friendly-curves-09, Internet Engineering Task Force (2020). https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-pairing-friendly-curves-09
Verheul, E.R.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 195–210. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_13
https://www.vox.com/recode/2020/1/24/21079275/slack-private-messages-privacy-law-enforcement-lawsuit
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. https://tools.ietf.org/html/rfc5280
Young, A., Yung, M.: Auto-recoverable auto-certifiable cryptosystems. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 17–31. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054114
Young, A., Yung, M.: Auto-recoverable cryptosystems with faster initialization and the escrow hierarchy. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 306–314. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-49162-7_24
Acknowledgments
We would like to thank the anonymous reviewers for their valuable comments on this paper. We thank Ren Zhang and Weiran Liu for helpful discussions. We thank Zhi Hu, Changan Zhao and Shiping Cai for help on implementation of pairing-based cryptography. We thank Xiangling Zhang for help on the test of certificate cost.
Yu Chen is supported by National Natural Science Foundation of China (Grant No. 61772522, No. 61932019), Shandong Provincial Key Research and Development Program (Major Scientific and Technological Innovation Project under Grant No. 2019JZZY010133), and Shandong Key Research and Development Program (Grant No. 2020ZLYS09). Yuyu Wang is supported by the National Natural Science Foundation for Young Scientists of China (Grant No. 62002049) and the Fundamental Research Funds for the Central Universities (Grant No. ZYGX2020J017).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Chen, Y., Tang, Q., Wang, Y. (2021). Hierarchical Integrated Signature and Encryption. In: Tibouchi, M., Wang, H. (eds) Advances in Cryptology – ASIACRYPT 2021. ASIACRYPT 2021. Lecture Notes in Computer Science(), vol 13091. Springer, Cham. https://doi.org/10.1007/978-3-030-92075-3_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-92075-3_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92074-6
Online ISBN: 978-3-030-92075-3
eBook Packages: Computer ScienceComputer Science (R0)
