A New Variant of the Cramer-Shoup Leakage-Resilient Public Key Encryption
Sujuan Li
School of Computer Science and Technology, NNU
School of Sciences, NJUT
Nanjing, China
Email: lisujuan1978@126.com
Futai Zhang, Yinxia Sun, Limin Shen
School of Computer Science and Technology, NNU
Nanjing, China
Email: zhangfutai@njnu.edu.cn
Abstract—We present a new variant of the Cramer-Shoup
leakage-resilient public key encryption. The proposed scheme is
more computational efficient than the original Cramer-Shoup
leakage-resilient public key encryption scheme. It enjoys a
shorter (public/secret) key length, and a higher relative leakage
ratio. The new scheme is proved semantically secure against
adaptive chosen ciphertext attack in the standard model under
the decisional Diffie-Hellman assumption.
Keywords-CCA2; leakage resilient; DDH; Cramer-Shoup
encryption scheme;
I. INTRODUCTION
Traditional cryptographic schemes assume that the secret
keys are completely hidden from the adversaries. However
several works [1][2] indicate that the conventional attack
model fails to capture some attacks in the real world. Most
of these attacks are classified as key leakage attacks in which
the attackers may obtain some partial information about the
secret states of the cryptosystems. To stand against such
attacks, there has been a surge of interest in creating leakage-
resilient cryptographic schemes[3][4][5][6].
Cramer and Shoup presented the first practical CCA-
secure public key encryption system, based on the decision-
al Diffie-Hellman (DDH) assumption[11][12]. They later
generalized their construction by considering an algebraic
primitive they call universal hash proof system and showed
that this framework yields not only the original DDH-based
Cramer-Shoup scheme but also encryption schemes based
on quadratic residuosity and on Paillier’s assumption[13].
In Crypto’09 M.Naor et al.[4] introduced a generic con-
struction of a public-key encryption scheme that is resilient
to key leakage from the universal hash proof system. Nat-
urally they proved that the variants of the Cramer-Shoup
cryptosystem are CCA1-secure with key-leakage of L/4
bits, and CCA2-secure with key-leakage of L/6 bits from
the practical side where L is the length of the secret key. As
widely known, both the computational cost and public/secret
key length are significant factors that affect applications
of cryptographic algorithms. When key leakage attacks are
taken into consideration, the relative key-leakage ratio is
also an important concern in real applications. Hence, it
is interesting and challenging to produce leakage resilient
cryptographic algorithms which enjoy a low computational
cost, a short key length, as well as a high relative key-leakage
ratio.
Our Contribution. We focus on this issue in this paper.
To reach our goal, we simplify some parameters in the
Cramer-Shoup leakage-resilient public key encryption (CS-
LR-PKE for short)[4] scheme. As a result, we get a public
key encryption scheme which can not only achieve CCA2-
security without random oracles under the hardness of the
decisional Diffie-Hellman problem but also enjoys a lower
computational cost, a shorter (public/secret) key length, and
a higher relative key leakage ratio. Due to the advancement
of fast multi-exponentiation algorithms[8][10], which makes
the cost of computing double exponentiation very close to
that of computing a single exponentiation, we note that the
improvement on the computational speed in our scheme
may not be significant. Nevertheless, our work suggests a
new way to obtain new and efficient public key encryption
schemes from such CS-LR-PKEs. Our method may apply to
some other variants of CS-LR-PKE. We think it is interesting
to show new ways of constructing more efficient variants of
CS-LR-PKE without sacrificing CCA2-security.
Organization. We proceed as follows. Firstly, in Section II
we review some related tools, computational problems and
the security model for leakage-resilient PKE schemes. Then,
in Section III we present the concrete construction of our
modified leakage-resilient PKE scheme with formal security
proofs. To demonstrate performances of our scheme, a com-
parison with the original Cramer-Shoup leakage-resilient
PKE schemes is made in Section IV. Finally, we give a
conclusion in Section V.
II. P
RELIMINARY
In this section we present some basic notions, definitions,
and tools that will be used in our constructions and security
proofs. We formally state the decisional Diffie-Hellman
assumption and present the notion of average-case strong
extractors.
A. Computational Assumptions
Let G be a probabilistic polynomial-time algorithm that
takes as input a security parameter n and outputs a triplet
2012 Fourth International Conference on Intelligent Networking and Collaborative Systems
978-0-7695-4808-1/12 $26.00 © 2012 IEEE
DOI 10.1109/iNCoS.2012.64
342
资源评论
weixin_38623919
- 粉丝: 6
- 资源: 929
最新资源
- 三相逆变器重复控制 在simlink中搭建了逆变器的重复控制模型,滤波器环节采用了陷波器与二阶低通滤波器 逆变器输出电压的THD仅仅只有0.52% 整个仿真全部离散化,采用离散解析器,主电路与控
- 西电2024秋微机原理实验报告和代码
- 关于C语言的员工信息管理系统+源代码
- java通过使用opencv 自动匹配目标
- update-configuration
- WCS后台服务C#源码 OPC连接OPC SERVER
- LSTM 时间序列预测 优化算法 lstm做时间序列预测,数据格式是一维,替数据就可以使用,算法内有注释 Matlab 代码 同时还有SSA-LSTM sma lstm pso lstm 等
- 并网逆变器PQ控制 逆变器采用两电平逆变器,通过功率闭环控制,实现并网单位功率因数,即并网电流与网侧电压同相位 为了得到电网电网相位,采用基于双二阶广义积分器的锁相环,该锁相环可以快速准确无误的得
- 基于大型语言模型的智能体记忆机制综合调研与应用分析
- buck-boost变器的非线性PID控制,主电路也可以成别的电路 在经典PID中引入了两个TD非线性跟踪微分器,构成了非线性PID控制器 当TD的输入为方波时,TD的输出,跟踪方波信号也没有超调
- PWM整流器仿真 在simulink中搭建了PWM整流器,采用电压电流双闭环控制,实现了网侧电压与电流同相位,单位功率因数运行 采用基于双二阶广义积分器的锁相环,锁得电网相位 整个仿真全部离散化
- 遗传算法优化BP预测 GA-BP神经网络 matlab源码
- 基于广义加性预测模型GAM建立多特征输入单个因变量输出的拟合预测模型 程序内注释详细,直接替excel数据就可以使用 程序语言为matlab
- COMSOL光学模型:锥形光纤模式传输,可参数化分析锥区长度和直径、腰区长度等对模式和传输光谱的影响 本模型只是一个参数的例子没有进行参数化扫描
- 1.Matlab实现TPA-LSTM Attention-LSTM多变量回归预测; 2.运行环境为Matlab2020b; 3.Train为训练集数据,Test为测试集数据,TPAMain.m为主程序
- 03 MATLAB Simulimk 低压用户型电能路由器仿真模型(光伏发电+储能+逆变孤网运行) 包含Boost、Buck-boost双向DCDC、单向逆变三大部分 boost电路应用mppt, 采
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
