Leakage-resilience of stateless/stateful public-key encryption from hash proofs

Abstract

We consider the problem of constructing public-key encryption (PKE) schemes that are resilient to a-posteriori chosen-ciphertext and key-leakage attacks. Recently, Naor and Segev (CTYPTO'09) have proven that the Naor-Yung generic construction of PKE which is secure against chosen-ciphertext attack (CCA2) is also secure against key-leakage attacks. Their construction uses simulation-sound NIZK and leakage-resilient CPA-secure PKE, and the latter is a variant of the Cramer-Shoup cryptosystem. This CCA2-secure scheme is based on the hardness of the DDH problem. In this paper, we apply the generic construction of "Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption" (EUROCRYPT'02) to generalize the above work of Naor-Segev. In comparing to the first construction of Naor-Segev, ours "removes" simulation-sound NIZK which is not efficient component. We also extend it to stateful PKE schemes. Concretely, in the construction of the stateless PKE, we use the combination of any 1-universal hash proof system that satisfies the condition of a key-leakage extractor and any 2-universal hash proof system with some condition on the length of proof. In the case of the stateful PKE, we use the combination of two hash proof systems as in the case of stateless PKE and IND-CCA-secure symmetric encryption. © 2012 Springer-Verlag.