Stateful Public-Key Encryption: A Security Solution for Resource-Constrained Environment

  • Joonsang BaekEmail author
  • Willy Susilo
  • Khaled Salah
  • Jun Su Ha
  • Ernesto Damiani
  • Ilsun You


The stateful public-key encryption scheme proposed by Bellare, Kohno and Shoup in 2006 significantly improves the efficiency of the encryption operation of ElGamal-like public-key encryption schemes. The basic idea of the stateful public-key encryption scheme is to reuse some random parameters in the encryption algorithm by maintaining a state to save the current random variable, which is used to generate the random parameters. This turns out to be highly effective in reducing heavy computations like exponentiation operations in the encryption process. Since its invention, several variants and extensions of the stateful public key encryption scheme have been proposed. This chapter provides an extensive survey of original stateful public-key encryption scheme and their extensions. Also, possible applications of stateful encryption schemes for building up lightweight asymmetric encryption primitives for the Internet of things (IoT) environment are discussed.


  1. 1.
    Abdalla, M., Bellare, M., & Rogaway, P. (2001). The oracle Diffie–Hellman assumptions and an analysis of DHIES. In Proceedings of CT-RSA ’01 (Vol. 2020, pp. 143–158). LNCS. Berlin: Springer.CrossRefGoogle Scholar
  2. 2.
    Abe, M. (2004). Combining encryption and proof of knowledge in the random oracle model. The Computer Journal, 47(1), 58–70.MathSciNetCrossRefGoogle Scholar
  3. 3.
    Akyildiz, I., & Kasimoglu, I. (2004). Wireless sensor and actor networks: Research challenges. Ad Hoc Networks, 2(4), 351–367.CrossRefGoogle Scholar
  4. 4.
    Al Salami, S., Baek, J., Salah, K., & Damiani, E. (2016). Lightweight encryption for smart home. In ARES ’16 (pp. 382–388).Google Scholar
  5. 5.
    Atzori, L., Iera, A., & Morabito, G. (2010). The internet of things: A survey. Computer Networks 2787–2805. Elsevier.Google Scholar
  6. 6.
    Ayuso, J., Marin, L., Jara, A., & Skarmeta, A. (2010). Optimization of public key cryptography (RSA and ECC) for 16-bits devices based on 6LoWPAN. In 1st International Workshop on the Security of the Internet of Things.Google Scholar
  7. 7.
    Baek, J., Tan, H., Zhou, J., & Wong, J. (2008). Realizing stateful public key encryption in wireless sensor network. In Proceedings of the IFIP TC 11 23rd International Information Security Conference (pp. 95–107). Berlin: Springer.Google Scholar
  8. 8.
    Baek, J., Zhou, J., & Bao, F. (2008). Generic constructions of stateful public key encryption and their applications. In Proceedings of ACNS 2008 (Vol. 5037, pp. 75–93). LNCS. Berlin: Springer.Google Scholar
  9. 9.
    Baek, J., Chu, C., & Zhou, J. (2011). On shortening ciphertexts: New constructions for compact public key and stateful encryption schemes. In Proceedings of CT-RSA (Vol. 6558, pp. 302–318). LNCS. Berlin: Springer.CrossRefGoogle Scholar
  10. 10.
    Baek, J., Vu, Q., Shoufan, A., Jones, A., & Wong, D. S. (2013). Stateful public-key encryption schemes forward-secure against state exposure. The Computer Journal, 56(4), 497–507.CrossRefGoogle Scholar
  11. 11.
    Bellare, M., & Rogaway, P. (1993). Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of ACM-CCS ’93 (pp. 62–73). ACM.Google Scholar
  12. 12.
    Bellare, M., & Namprepre, C. (2000). Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In Asiacrypt ’00 (Vol. 1976, pp. 531–545). LNCS. Berlin: Springer.CrossRefGoogle Scholar
  13. 13.
    Bellare, M., Canetti, R., & Krawczyk, H. (1996). Keying hash functions for message authentication. In Crypto ’96 (Vol. 1109, pp. 1–15). LNCS. Berlin: Springer.Google Scholar
  14. 14.
    Bellare, M., Desai, A., Jokipii, E., & Rogaway, P. (1997). A concrete security treatment of symmetric encryption. In Proceedings of FOCS ’97 (pp. 394–403).Google Scholar
  15. 15.
    Bellare, M., Desai, A., Pointcheval, D., & Rogaway, P. (1998). Relations among notions of security for public-key encryption schemes. In Crypto ’98 (Vol. 1462, pp. 26–45). LNCS. Berlin: Springer.CrossRefGoogle Scholar
  16. 16.
    Bellare, M., Kohno, T., & Shoup, V. (2006). Stateful public-key cryptosystems: How to encrypt with one 160-bit exponentiation. In Proceedings of ACM-CCS ’06 (pp. 380–389). ACM Press.Google Scholar
  17. 17.
    Boneh, D., & Franklin, M. (2003). Identity based encryption from the Weil pairing. SIAM Journal of Computing32(3), 586–615. (Extended abstract in Crypto ’01 (Vol. 2139, pp. 213–229). LNCS. Berlin: Springer (2001)).Google Scholar
  18. 18.
    Boneh, D., & Boyen, X. (2004). Efficient selective-ID secure identity-based encryption without random oracles. In Proceedings of Eurocrypt ’04 (Vol. 3027, pp. 223–238). LNCS. Berlin: Springer.CrossRefGoogle Scholar
  19. 19.
    Boneh, D., & Katz, J. (2005). Improved efficiency for CCA-secure cryptosystems built using identity-based encryption. In CT-RSA ’05 (Vol. 3376, pp. 87–103). LNCS. Berlin: Springer.Google Scholar
  20. 20.
    Boyen, X. (2008). A tapestry of identity-based encryption: Practical frameworks compared. International Journal of Applied Cryptography, 3–21. Inderscience.Google Scholar
  21. 21.
    Boyen, X., Mei, Q., & Waters, B. (2005). Direct chosen ciphertext security from identity- based techniques. In ACM-CCS 2005 (pp. 320–329). New York: ACM Press.Google Scholar
  22. 22.
    Cramer, R., & Shoup, V. (2002). Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In Eurocrypt ’02 (Vol. 2332, pp. 45–64). LNCS. Berlin: Springer.CrossRefGoogle Scholar
  23. 23.
    Cramer, R., & Shoup, V. (2003). Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal of Computing, 33, 167–226.MathSciNetCrossRefGoogle Scholar
  24. 24.
    Dankers, J., Garefalakis, T., Schaffelhofer, R., & Wright, T. (2002). Public key infrastructure in mobile systems. Electronics & Communication Engineering Journal, 14(5), 180–190. IEE.CrossRefGoogle Scholar
  25. 25.
    Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.MathSciNetCrossRefGoogle Scholar
  26. 26.
    ElGamal, T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31, 469–472.MathSciNetCrossRefGoogle Scholar
  27. 27.
    Galbraith, S., Paterson, K., & Smart, N. (2008). Pairings for cryptographers. Discrete Applied Mathematics, 156, 3113–3121.MathSciNetCrossRefGoogle Scholar
  28. 28.
    Gaubatz, G., Kaps, J.-P., & Sunar, B. (2004). Public key cryptography in sensor networks revisited. In 1st European Workshop on Security in Ad-Hoc and Sensor Networks (ESAS 04).Google Scholar
  29. 29.
    Granjal, J., Monteiro, E., & Silva, J. S. (2015). Security for the internet of things: A survey of existing protocols and open research issues. IEEE Communication Surveys & Tutorials, 17(3), 1294–1312.CrossRefGoogle Scholar
  30. 30.
    Hashemian, H. M. (2005). Sensor Performance and Reliability. Research Triangle Park, North Carolina: ISA (Instrumentation Systems, and Automation Society).Google Scholar
  31. 31.
    Katagi, M., & Moriai, S. (2011). Lightweight cryptography for the internet of things. Technical report, Sony Corporation.Google Scholar
  32. 32.
    Kiltz, E. (2007). Chosen-ciphertext secure key-encapsulation based on gap hashed Diffie–Hellman. In PKC ’07 (Vol. 4450, pp. 282–297). LNCS. Berlin: Springer.Google Scholar
  33. 33.
    Kurosawa, K., & Desmedt, Y. (2004). A new paradigm of hybrid encryption scheme. In Crypto ’04 (Vol. 3152, pp. 426–442). LNCS. Berlin: Springer.CrossRefGoogle Scholar
  34. 34.
    Mattern, F., & Floerkemeier, C. (2010). From the internet of computers to the internet of things. From Active Data Management to Event-Based Systems and More (pp. 242–259). Berlin: Springer.Google Scholar
  35. 35.
    Merkle, M. (1978). Secure communications over insecure channels. Communications of the ACM, 21(4), 294–299.CrossRefGoogle Scholar
  36. 36.
    Naor, M., & Yung, M. (1989). Universal one-way hash functions and their cryptographic applications. In STOC ’89 (pp. 33–43). ACM.Google Scholar
  37. 37.
    Naor, M., & Segev, G. (2009). Public-key cryptosystems resilient to key leakage. In Crypto ’09 (Vol. 5677, pp. 18–35). LNCS. Berlin: Springer.CrossRefGoogle Scholar
  38. 38.
    Nguyen, M., Yasunaga, K., & Tanaka, K. (2013). Leakage-resilience of stateless/stateful public-key encryption from hash proofs. IEICE Transactions, 96-A(6), 1100–1111.CrossRefGoogle Scholar
  39. 39.
    Okamoto, T., & Pointcheval, P. (2001). REACT: Rapid enhanced-security asymmetric cryptosystem transform. In Proceedings of CT-RSA ’01 (Vol. 2020, pp. 159–175). LNCS. Berlin: Springer.CrossRefGoogle Scholar
  40. 40.
    Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. In Eurocrypt ’99 (Vol. 1592, pp. 223–238). LNCS. Berlin: Springer.Google Scholar
  41. 41.
    Phong, L., Matsuoka, H., & Ogata, W. (2008). Stateful identity-based encryption scheme: Faster encryption and decryption. In Proceedings of ASIACCS ’08 (pp. 381–388). ACM.Google Scholar
  42. 42.
    Rivest, R., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM, 21(2), 120–126.MathSciNetCrossRefGoogle Scholar
  43. 43.
    Shafagh, H. (2013). Leveraging public-key-based authentication for the internet of things. Master thesis, RWTH Aachen University, Germany.Google Scholar
  44. 44.
    Shoup, V. (2001). A proposal for an ISO standard for public key encryption (version 2.1). In ISO/IEC JTC 1/SC 27.Google Scholar
  45. 45.
    US Nuclear Regulatory Commission. (1998). Advanced instrumentation and maintenance technologies for nuclear power plants. In NUREG/CR-5501, Washington DC.Google Scholar
  46. 46.
    Yan, Z., Zhang, P., & Vasilakos, A. V. (2014). A survey on trust management for internet of things. Journal of Network and Computer Applications, 42, 120–134.CrossRefGoogle Scholar
  47. 47.
    Yang, P., Zhang, R., Matsuura, K., & Imai, H. (2009). Generic construction of stateful identity based encryption. In Proceedings of ISC ’09 (Vol. 5735, pp. 338–346). LNCS. Berlin: Springer.Google Scholar
  48. 48.
    ZigBee Alliance. (2016). MICAz, Wireless measurement system. Retrieved June 2016, from

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Joonsang Baek
    • 1
    Email author
  • Willy Susilo
    • 1
  • Khaled Salah
    • 2
  • Jun Su Ha
    • 2
  • Ernesto Damiani
    • 2
  • Ilsun You
    • 3
  1. 1.Institute of Cybersecurity and CryptologyUniversity of WollongongWollongongAustralia
  2. 2.Khalifa University of Science and TechnologyAbu DhabiUnited Arab Emirates
  3. 3.Soonchunhyang UniversityAsanSouth Korea

Personalised recommendations