Key-insulated public key cryptosystems

Yevgeniy Dodis, Jonathan Katz, Shouhuai Xu, Moti Yung

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Cryptographic computations (decryption, signature generation, etc.) are often performed on a relatively insecure device (e.g., a mobile device or an Internet-connected host) which cannot be trusted to maintain secrecy of the private key. We propose and investigate the notion of key-insulated security whose goal is to minimize the damage caused by secret-key exposures. In our model, the secret key(s) stored on the insecure device are refreshed at discrete time periods via interaction with a physically-secure – but computationally-limited – device which stores a “master key”. All cryptographic computations are still done on the insecure device, and the public key remains unchanged. In a (t,N)-key-insulated scheme, an adversary who compromises the insecure device and obtains secret keys for up to t periods of his choice is unable to violate the security of the cryptosystem for any of the remaining N−t periods. Furthermore, the scheme remains secure (for all time periods) against an adversary who compromises only the physically-secure device. We focus primarily on key-insulated public-key encryption. We construct a (t,N)-key-insulated encryption scheme based on any (standard) publickey encryption scheme, and give a more efficient construction based on the DDH assumption. The latter construction is then extended to achieve chosen-ciphertext security.

Original languageEnglish (US)
Title of host publicationAdvances in Cryptology - EUROCRYPT 2002 - International Conference on the Theory and Applications of Cryptographic Techniques, 2002, Proceedings
PublisherSpringer Verlag
Pages65-82
Number of pages18
Volume2332
ISBN (Print)9783540435532
StatePublished - 2002
EventInternational Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2002 - Amsterdam, Netherlands
Duration: Apr 28 2002May 2 2002

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2332
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

OtherInternational Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2002
CountryNetherlands
CityAmsterdam
Period4/28/025/2/02

Fingerprint

Public-key Cryptosystem
Cryptography
Mobile devices
Encryption
Internet
Chosen-ciphertext Security
Public Key Encryption
Cryptosystem
Public key
Violate
Mobile Devices
Discrete-time
Signature
Damage
Minimise

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Dodis, Y., Katz, J., Xu, S., & Yung, M. (2002). Key-insulated public key cryptosystems. In Advances in Cryptology - EUROCRYPT 2002 - International Conference on the Theory and Applications of Cryptographic Techniques, 2002, Proceedings (Vol. 2332, pp. 65-82). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2332). Springer Verlag.

Key-insulated public key cryptosystems. / Dodis, Yevgeniy; Katz, Jonathan; Xu, Shouhuai; Yung, Moti.

Advances in Cryptology - EUROCRYPT 2002 - International Conference on the Theory and Applications of Cryptographic Techniques, 2002, Proceedings. Vol. 2332 Springer Verlag, 2002. p. 65-82 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2332).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dodis, Y, Katz, J, Xu, S & Yung, M 2002, Key-insulated public key cryptosystems. in Advances in Cryptology - EUROCRYPT 2002 - International Conference on the Theory and Applications of Cryptographic Techniques, 2002, Proceedings. vol. 2332, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2332, Springer Verlag, pp. 65-82, International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2002, Amsterdam, Netherlands, 4/28/02.
Dodis Y, Katz J, Xu S, Yung M. Key-insulated public key cryptosystems. In Advances in Cryptology - EUROCRYPT 2002 - International Conference on the Theory and Applications of Cryptographic Techniques, 2002, Proceedings. Vol. 2332. Springer Verlag. 2002. p. 65-82. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Dodis, Yevgeniy ; Katz, Jonathan ; Xu, Shouhuai ; Yung, Moti. / Key-insulated public key cryptosystems. Advances in Cryptology - EUROCRYPT 2002 - International Conference on the Theory and Applications of Cryptographic Techniques, 2002, Proceedings. Vol. 2332 Springer Verlag, 2002. pp. 65-82 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{cce30f456959453b88574cbaddd0fea8,
title = "Key-insulated public key cryptosystems",
abstract = "Cryptographic computations (decryption, signature generation, etc.) are often performed on a relatively insecure device (e.g., a mobile device or an Internet-connected host) which cannot be trusted to maintain secrecy of the private key. We propose and investigate the notion of key-insulated security whose goal is to minimize the damage caused by secret-key exposures. In our model, the secret key(s) stored on the insecure device are refreshed at discrete time periods via interaction with a physically-secure – but computationally-limited – device which stores a “master key”. All cryptographic computations are still done on the insecure device, and the public key remains unchanged. In a (t,N)-key-insulated scheme, an adversary who compromises the insecure device and obtains secret keys for up to t periods of his choice is unable to violate the security of the cryptosystem for any of the remaining N−t periods. Furthermore, the scheme remains secure (for all time periods) against an adversary who compromises only the physically-secure device. We focus primarily on key-insulated public-key encryption. We construct a (t,N)-key-insulated encryption scheme based on any (standard) publickey encryption scheme, and give a more efficient construction based on the DDH assumption. The latter construction is then extended to achieve chosen-ciphertext security.",
author = "Yevgeniy Dodis and Jonathan Katz and Shouhuai Xu and Moti Yung",
year = "2002",
language = "English (US)",
isbn = "9783540435532",
volume = "2332",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "65--82",
booktitle = "Advances in Cryptology - EUROCRYPT 2002 - International Conference on the Theory and Applications of Cryptographic Techniques, 2002, Proceedings",

}

TY - GEN

T1 - Key-insulated public key cryptosystems

AU - Dodis, Yevgeniy

AU - Katz, Jonathan

AU - Xu, Shouhuai

AU - Yung, Moti

PY - 2002

Y1 - 2002

N2 - Cryptographic computations (decryption, signature generation, etc.) are often performed on a relatively insecure device (e.g., a mobile device or an Internet-connected host) which cannot be trusted to maintain secrecy of the private key. We propose and investigate the notion of key-insulated security whose goal is to minimize the damage caused by secret-key exposures. In our model, the secret key(s) stored on the insecure device are refreshed at discrete time periods via interaction with a physically-secure – but computationally-limited – device which stores a “master key”. All cryptographic computations are still done on the insecure device, and the public key remains unchanged. In a (t,N)-key-insulated scheme, an adversary who compromises the insecure device and obtains secret keys for up to t periods of his choice is unable to violate the security of the cryptosystem for any of the remaining N−t periods. Furthermore, the scheme remains secure (for all time periods) against an adversary who compromises only the physically-secure device. We focus primarily on key-insulated public-key encryption. We construct a (t,N)-key-insulated encryption scheme based on any (standard) publickey encryption scheme, and give a more efficient construction based on the DDH assumption. The latter construction is then extended to achieve chosen-ciphertext security.

AB - Cryptographic computations (decryption, signature generation, etc.) are often performed on a relatively insecure device (e.g., a mobile device or an Internet-connected host) which cannot be trusted to maintain secrecy of the private key. We propose and investigate the notion of key-insulated security whose goal is to minimize the damage caused by secret-key exposures. In our model, the secret key(s) stored on the insecure device are refreshed at discrete time periods via interaction with a physically-secure – but computationally-limited – device which stores a “master key”. All cryptographic computations are still done on the insecure device, and the public key remains unchanged. In a (t,N)-key-insulated scheme, an adversary who compromises the insecure device and obtains secret keys for up to t periods of his choice is unable to violate the security of the cryptosystem for any of the remaining N−t periods. Furthermore, the scheme remains secure (for all time periods) against an adversary who compromises only the physically-secure device. We focus primarily on key-insulated public-key encryption. We construct a (t,N)-key-insulated encryption scheme based on any (standard) publickey encryption scheme, and give a more efficient construction based on the DDH assumption. The latter construction is then extended to achieve chosen-ciphertext security.

UR - http://www.scopus.com/inward/record.url?scp=84947254092&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84947254092&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9783540435532

VL - 2332

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 65

EP - 82

BT - Advances in Cryptology - EUROCRYPT 2002 - International Conference on the Theory and Applications of Cryptographic Techniques, 2002, Proceedings

PB - Springer Verlag

ER -