Hierarchical integrated signature and encryption. (or: key separation vs. key reuse: enjoy the best of both worlds). (English) Zbl 1514.94148
Tibouchi, Mehdi (ed.) et al., Advances in cryptology – ASIACRYPT 2021. 27th international conference on the theory and application of cryptology and information security, Singapore, December 6–10, 2021. Proceedings. Part II. Cham: Springer. Lect. Notes Comput. Sci. 13091, 514-543 (2021).
Summary: In this work, we introduce the notion of hierarchical integrated signature and encryption (HISE), wherein a single public key is used for both signature and encryption, and one can derive a secret key used only for decryption from the signing key, which enables secure delegation of decryption capability. HISE enjoys the benefit of key reuse, and admits individual key escrow. We present two generic constructions of HISE. One is from (constrained) identity-based encryption. The other is from uniform one-way function, public-key encryption, and general-purpose public-coin zero-knowledge proof of knowledge. To further attain global key escrow, we take a little detour to revisit global escrow PKE, an object both of independent interest and with many applications. We formalize the syntax and security model of global escrow PKE, and provide two generic constructions. The first embodies a generic approach to compile any PKE into one with global escrow property. The second establishes a connection between three-party non-interactive key exchange and global escrow PKE. Combining the results developed above, we obtain HISE schemes that support both individual and global key escrow.
We instantiate our generic constructions of (global escrow) HISE and implement all the resulting concrete schemes for 128-bit security. Our schemes have performance that is comparable to the best Cartesian product combined public-key scheme, and exhibit advantages in terms of richer functionality and public key reuse. As a byproduct, we obtain a new global escrow PKE scheme that is \(12\)-\(30 \times\) faster than the best prior work, which might be of independent interest.
For the entire collection see [Zbl 1510.94003].
We instantiate our generic constructions of (global escrow) HISE and implement all the resulting concrete schemes for 128-bit security. Our schemes have performance that is comparable to the best Cartesian product combined public-key scheme, and exhibit advantages in terms of richer functionality and public key reuse. As a byproduct, we obtain a new global escrow PKE scheme that is \(12\)-\(30 \times\) faster than the best prior work, which might be of independent interest.
For the entire collection see [Zbl 1510.94003].
References:
| [1] | Akinyele, J.A., Garman, C., Hohenberger, S.: Automating fast and secure translations from type-i to type-iii pairing schemes. In: ACM CCS 2015, pp. 1370-1381 (2015) |
| [2] | Aranha, D.F., Gouvêa, C.P.L., Markmann, T., Wahby, R.S., Liao, K.: RELIC is an efficient library for cryptography (2013). https://github.com/relic-toolkit/relic |
| [3] | Agrawal, S.; Ganesh, C.; Mohassel, P.; Shacham, H.; Boldyreva, A., Non-interactive zero-knowledge proofs for composite statements, Advances in Cryptology - CRYPTO 2018, 643-673 (2018), Cham: Springer, Cham · Zbl 1457.94088 · doi:10.1007/978-3-319-96878-0_22 |
| [4] | Bünz, B.; Agrawal, S.; Zamani, M.; Boneh, D.; Bonneau, J.; Heninger, N., Zether: towards privacy in a smart contract world, Financial Cryptography and Data Security, 423-443 (2020), Cham: Springer, Cham · Zbl 1459.94101 · doi:10.1007/978-3-030-51280-4_23 |
| [5] | Boneh, D.; Canetti, R.; Halevi, S.; Katz, J., Chosen-ciphertext security from identity-based encryption, SIAM J. Comput., 36, 5, 1301-1328 (2007) · Zbl 1138.94010 · doi:10.1137/S009753970544713X |
| [6] | Boneh, D.; Franklin, MK, Identity-based encryption from the Weil pairing, SIAM J. Comput., 32, 586-615 (2003) · Zbl 1046.94008 · doi:10.1137/S0097539701398521 |
| [7] | Boneh, D.; Lynn, B.; Shacham, H.; Boyd, C., Short signatures from the Weil pairing, Advances in Cryptology—ASIACRYPT 2001, 514-532 (2001), Heidelberg: Springer, Heidelberg · Zbl 1064.94554 · doi:10.1007/3-540-45682-1_30 |
| [8] | Biagioni, S., Masny, D., Venturi, D.: Naor-Yung paradigm with shared randomness and applications. In: SCN 2016, pp. 62-80 (2016) · Zbl 1400.94121 |
| [9] | Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: ACM CCS 2017, pp. 1825-1842 (2017) |
| [10] | Canetti, R.; Halevi, S.; Katz, J.; Biham, E., A forward-secure public-key encryption scheme, Advances in Cryptology—EUROCRYPT 2003, 255-271 (2003), Heidelberg: Springer, Heidelberg · Zbl 1037.68532 · doi:10.1007/3-540-39200-9_16 |
| [11] | Coron, J-S; Joye, M.; Naccache, D.; Paillier, P.; Yung, M., Universal padding schemes for RSA, Advances in Cryptology—CRYPTO 2002, 226-241 (2002), Heidelberg: Springer, Heidelberg · Zbl 1026.94526 · doi:10.1007/3-540-45708-9_15 |
| [12] | Chen, Y., Ma, X., Tang, C., Au, M.H.: PGC: pretty good confidential transaction system with auditability. In: ESORICS 2020, pp. 591-610 (2020) |
| [13] | Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Cryptography against continuous memory attacks. In: FOCS 2010, pp. 511-520 (2010) · Zbl 1290.94064 |
| [14] | Degabriele, JP; Lehmann, A.; Paterson, KG; Smart, NP; Strefler, M.; Dunkelman, O., On the joint security of encryption and signature in EMV, Topics in Cryptology - CT-RSA 2012, 116-135 (2012), Heidelberg: Springer, Heidelberg · Zbl 1292.94053 · doi:10.1007/978-3-642-27954-6_8 |
| [15] | EMV Co: EMV Book 2 - Security and Key Management -Version 4.3 (2011). https://www.emvco.com/wp-content/uploads/2017/05/EMV_v4.3_Book_2_Security_and_Key_Management_20120607061923900.pdf |
| [16] | Fujisaki, E.; Okamoto, T.; Wiener, M., Secure integration of asymmetric and symmetric encryption schemes, Advances in Cryptology—CRYPTO 1999, 537-554 (1999), Heidelberg: Springer, Heidelberg · Zbl 0942.94019 · doi:10.1007/3-540-48405-1_34 |
| [17] | Grassi, L., Khovratovich, D., Rechberger, C., Roy, A., Schofnegger, M.: Poseidon: a new hash function for zero-knowledge proof systems. In: USENIX Security 2021 (2021) |
| [18] | Galbraith, SD; Paterson, KG; Smart, NP, Pairings for cryptographers, Discret. Appl. Math., 156, 16, 3113-3121 (2008) · Zbl 1156.94347 · doi:10.1016/j.dam.2007.12.010 |
| [19] | Haber, S., Pinkas, B.: Securely combining public-key cryptosystems. In: ACM CCS 2001, pp. 215-224 (2001) |
| [20] | Joux, A., A one round protocol for tripartite Diffie-Hellman, J. Cryptol., 17, 4, 263-276 (2004) · Zbl 1070.94007 · doi:10.1007/s00145-004-0312-y |
| [21] | Katz, J., Kolesnikov, V., Wang, X.: Improved non-interactive zero knowledge with applications to post-quantum signatures. In: ACM CCS 2018, pp. 525-537 (2018) |
| [22] | Komano, Y.; Ohta, K.; Boneh, D., Efficient universal padding techniques for multiplicative trapdoor one-way permutation, Advances in Cryptology - CRYPTO 2003, 366-382 (2003), Heidelberg: Springer, Heidelberg · Zbl 1122.94381 · doi:10.1007/978-3-540-45146-4_22 |
| [23] | Kosba, A.E., Papamanthou, C., Shi, E.: xJsnark: a framework for efficient verifiable computation. In: IEEE S&P 2018, pp. 944-961 (2018) |
| [24] | Narula, N., Vasquez, W., Virza, M.: zkledger: privacy-preserving auditing for distributed ledgers. In: USENIX NSDI 2018, pp. 65-80 (2018) |
| [25] | Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: STOC 1990, pp. 427-437 (1990) |
| [26] | PGP. https://www.openpgp.org |
| [27] | Ping identity. http://www.pingidentity.com |
| [28] | Paterson, KG; Schuldt, JCN; Stam, M.; Thomson, S.; Lee, DH; Wang, X., On the joint security of encryption and signature, revisited, Advances in Cryptology - ASIACRYPT 2011, 161-178 (2011), Heidelberg: Springer, Heidelberg · Zbl 1227.94061 · doi:10.1007/978-3-642-25385-0_9 |
| [29] | Paillier, P.; Yung, M.; Song, JS, Self-escrowed public-key infrastructures, Information Security and Cryptology - ICISC 1999, 257-268 (2000), Heidelberg: Springer, Heidelberg · Zbl 1032.94521 · doi:10.1007/10719994_20 |
| [30] | Ross, D.E.: PGP: backdoors and key escrow. https://www.rossde.com/PGP/pgp_backdoor.html |
| [31] | Rubin, K.; Silverberg, A., Compression in finite fields and torus-based cryptography, SIAM J. Comput., 37, 5, 1401-1428 (2008) · Zbl 1211.94036 · doi:10.1137/060676155 |
| [32] | Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: FOCS 1999, pp. 543-553. ACM (1999) |
| [33] | Setty, S.; Micciancio, D.; Ristenpart, T., Spartan: efficient and general-purpose zkSNARKs without trusted setup, Advances in Cryptology - CRYPTO 2020, 704-737 (2020), Cham: Springer, Cham · Zbl 1504.94185 · doi:10.1007/978-3-030-56877-1_25 |
| [34] | Shigeo, M.: A portable and fast pairing-based cryptography library. https://github.com/herumi/mcl |
| [35] | Sakemi, Y., Kobayashi, T., Saito, T., Wahby, R.S.: Pairing-Friendly Curves. Internet-Draft draft-irtf-cfrg-pairing-friendly-curves-09, Internet Engineering Task Force (2020). https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-pairing-friendly-curves-09 |
| [36] | Verheul, ER; Pfitzmann, B., Evidence that XTR is more secure than supersingular elliptic curve cryptosystems, Advances in Cryptology—EUROCRYPT 2001, 195-210 (2001), Heidelberg: Springer, Heidelberg · Zbl 0981.94009 · doi:10.1007/3-540-44987-6_13 |
| [37] | https://www.vox.com/recode/2020/1/24/21079275/slack-private-messages-privacy-law-enforcement-lawsuit |
| [38] | Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. https://tools.ietf.org/html/rfc5280 |
| [39] | Young, A.; Yung, M.; Nyberg, K., Auto-recoverable auto-certifiable cryptosystems, Advances in Cryptology—EUROCRYPT 1998, 17-31 (1998), Heidelberg: Springer, Heidelberg · Zbl 0919.94033 · doi:10.1007/BFb0054114 |
| [40] | Young, A.; Yung, M.; Imai, H.; Zheng, Y., Auto-recoverable cryptosystems with faster initialization and the escrow hierarchy, Public Key Cryptography, 306-314 (1999), Heidelberg: Springer, Heidelberg · Zbl 0929.94008 · doi:10.1007/3-540-49162-7_24 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
