Abstract
Cryptographic computations (decryption, signature generation, etc.) are often performed on a relatively insecure device (e.g., a mobile device or an Internet-connected host) which cannot be trusted to maintain secrecy of the private key. We propose and investigate the notion of key-insulated security whose goal is to minimize the damage caused by secret-key exposures. In our model, the secret key(s) stored on the insecure device are refreshed at discrete time periods via inter-action with a physically-secure - but computationally-limited - device which stores a “master key”. All cryptographic computations are still done on the insecure device, and the public key remains unchanged. In a (t, N)-key-insulated scheme, an adversary who compromises the insecure device and obtains secret keys for up to t periods of his choice is unable to violate the security of the cryptosystem for any of the remaining N - t periods. Furthermore, the scheme remains secure (for all time periods) against an adversary who compromises only the physically-secure device. We focus primarily on key-insulated public-key encryption. We construct a (t, N)-key-insulated encryption scheme based on any (standard) public-key encryption scheme, and give a more efficient construction based on the DDH assumption. The latter construction is then extended to achieve chosen-ciphertext security.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abdalla and L. Reyzin. A New Forward-Secure Digital Signature Scheme. Asiacrypt’00.
M. Abe and M. Kanda. A Key Escrow Scheme with Time-Limited Monitoring for One-Way Communication. ACISP’ 00.
R. Anderson. Invited lecture. ACM CCCS’ 97.
M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation. FOCS’ 97.
M. Bellare and S.K. Miner. A Forward-Secure Digital Signature Scheme. Crypto’ 99.
G. Blakley and C. Meadows. Security of Ramp Schemes. Crypto’ 84.
D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. Crypto’ 01.
V. Boyko. On the Security Properties of the OAEP as an All-or-Nothing Transform. Crypto’ 99.
R. Canetti, Y. Dodis, S. Halevi, E. Kushilevitz, and A. Sahai. Exposure-Resilient Functions and All-Or-Nothing-Transforms. Eurocrypt’ 00.
B. Chor, A. Fiat, and M. Naor. Tracing Traitors. Crypto’ 94.
R. Cramer and V. Shoup. A Practical Public-Key Cryptosystem Provably Secure against Adaptive Chosen-Ciphertext Attacks. Crypto’ 98.
A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung. How to Share a Function Securely. STOC 94.
Y. Desmedt and Y. Frankel. Threshold cryptosystems. Crypto’89.
W. Diffie, P. van Oorschot and M. Wiener. Authentication and Authenticated Key Exchanges. Designs, Codes and Cryptography, 2:107–125, 1992.
Y. Dodis, J. Katz, S. Xu and M. Yung. Key-Insulated Signature Schemes. Manuscript, 2002.
A. Dyachkov and V. Rykov. A Survey of Superimposed Code Theory. In Problems of Control and Information Theory, vol. 12, no. 4, 1983.
T. El Gamal. A Public-Key Cryptosystem and a Signature Scheme Based on the Discrete Logarithm. IEEE Transactions of Information Theory, 31(4): 469–472, 1985.
P. Erdos, P. Frankl, and Z. Furedi. Families of Finite Sets in which no Set is Covered by the Union of r Others. In Israel J. Math., 51(1–2): 79–89, 1985.
M. Franklin, M. Yung. Communication Complexity of Secure Computation. STOC’ 92.
E. Gafni, J. Staddon, and Y. L. Yin. Efficient Methods for Integrating Traceability and Broadcast Encryption. Crypto’ 99.
M. Girault. Relaxing Tamper-Resistance Requirements for Smart Cards Using (Auto)-Proxy Signatures. CARDIS’ 98.
O. Goldreich, B. Pfitzmann, and R.L. Rivest. Self-Delegation with Controlled Propagation-or-What if You Lose Your Laptop? Crypto’ 98.
S. Goldwasser, S. Micali, and R.L. Rivest. A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM J. Computing 17(2): 281–308 (1988).
P. Indyk. Personal communication.
G. Itkis and L. Reyzin. Forward-Secure Signatures with Optimal Signing and Verifying. Crypto’ 01.
S. Jarecki and A. Lysyanskaya. Concurrent and Erasure-Free Models in Adaptively-Secure Threshold Cryptography. Eurocrypt’ 00.
H. Krawczyk. Secret Sharing Made Short. Crypto’ 93.
H. Krawczyk. Simple Forward-Secure Signatures From any Signature Scheme. ACM CCCS’ 00.
R. Kumar, S. Rajagopalan, and A. Sahai. Coding Constructions for Blacklisting Problems without Computational Assumptions. Crypto’ 99.
C.-F. Lu and S.W. Shieh. Secure Key-Evolving Protocols for Discrete Logarithm Schemes. RSA 2002, to appear.
T. Malkin, D. Micciancio, and S. Miner. Efficient Generic Forward-Secure Signatures With an Unbounded Number of Time Periods. These proceedings.
R. Ostrovsky and M. Yung. How to Withstand Mobile Virus Attacks. PODC’ 91.
T. Pedersen. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. Crypto’ 91.
R. Rivest. All-or-Nothing Encryption and the Package Transform. FSE’ 97.
A. Shamir. How to share a secret. Comm. ACM, 22(11):612–613, 1979.
W.-G. Tzeng and Z.-J. Tzeng. Robust Key-Evolving Public-Key Encryption Schemes. Available at http://eprint.iacr.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dodis, Y., Katz, J., Xu, S., Yung, M. (2002). Key-Insulated Public Key Cryptosystems. In: Knudsen, L.R. (eds) Advances in Cryptology — EUROCRYPT 2002. EUROCRYPT 2002. Lecture Notes in Computer Science, vol 2332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46035-7_5
Download citation
DOI: https://doi.org/10.1007/3-540-46035-7_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43553-2
Online ISBN: 978-3-540-46035-0
eBook Packages: Springer Book Archive