Distributed Public Key Schemes Secure against Continual Leakage

摘要

In this work we study distributed public key schemes secure against continual memory leakage. The secret key will be shared among two computing devices communicating over a public channel, and the decryption operation will be computed by a simple 2-party protocol between the devices. Similarly, the secret key shares will be periodically refreshed by a simple 2-party protocol executed in discrete time periods throughout the lifetime of the system. The leakage adversary can choose pairs, one per device, of polynomial time computable length shrinking (or entropy shrinking) functions, and receive the value of the respective function on the internal state of the respective device (namely, on its secret share, internal randomness, and results of intermediate computations). We present distributed public key encryption (DPKE) and distributed identity based encryption (DIBE) schemes that are secure against continual memory leakage, under the Bilinear Decisional Diffie-Hellman and 2-linear assumptions. Our schemes have the following properties: 1. Our DPKE and DIBE schemes tolerate leakage at all times, including during refresh. During refresh the tolerated leakage is a (1/2-ο(1),1) -fraction of the secret memory of P_1, P_2 respectively; and at all other times (post key generation) the tolerated leakage is a ((1-ο(1)),1) -fraction of the secret, memory of P_1, P_2 respectively. 2. Our DIBE scheme tolerates leakage from both the master secret key and the identity based secret keys. 3. Our DPKE scheme is CCA2-secure against continual memory leakage. 4. Our DPKE scheme also implies a secure storage system on leaky devices, where a value s can be secretely stored on devices that continually leak information about their internal state to an external attacker. The devices go through a periodic refresh protocol. These properties improve on bounds and properties of known constructions designed to be secure against continual memory leakage in the single processor model.