[PDF] Top 20 Certificate-Based Encryption Resilient to Key Leakage

... public key without knowing the master secret ...dishonest certificate authority (CA) who has the master secret key for generating the certificate but he is not allowed to replace the public ... See full document

... constructs leakage-resilient public-key encryption from any hash-proof system (HPS) ...construct leakage-resilient weak pseudo-random functions and symmetric-key ... See full document

... first leakage-resilient, lattice-based partially blind signature scheme in the ...w.r.t. key/signature sizes and signing ...is based on the computational hardness of worst-case ideal ... See full document

... the key generating center ...shared key A to calculate the partial private key (DA) for the given node ...private key confidentially and authentically to the node ...private key, it ... See full document

... an encryption scheme where all the ciphertexts created by the adversary can be successfully de- crypted (knowing the secret key) while, with the knowledge of a special trapdoor, we can create an unbounded ... See full document

... public-key encryption, introduced by Bellare, Boldyreva, and O’Neill (CRYPTO 2007), is an important technique for searchable encryption; it allows quick, logarithmic-time, search over encrypted data ... See full document

... hypothetical intermediate variables, by splitting the useful information into n shares based on random variable(s). The random variables are generated on-the-fly and discarded afterwards. Each share is processed ... See full document

... its key. Some fragments of a BRM key may be passed, as a part of normal operating procedure, to an honest party that did not possess the key in the first ...folklore, based on Merkle tree ... See full document

... continual leakage (maybe the only one?) that one could dare to implement in an embedded processor, for instance in a ...ElGamal encryption scheme (called BEG-KEM), where the secret key is an element ... See full document

... public key-based key exchange ...secret key of A but does not know her long-term secret key, should not be able to impersonate B, and share a session key with ... See full document

... We observe that in our scheme as well as that of [11, 16] the group size (i.e. q and q) remains constant e even with larger leakage. While in [28] and [25], both of them rely on increasing the group size (i.e., q ... See full document

... time leakage by a KDF during the protocol execution. Based on the relationships result between CPM-R and CPM model, through lemma 1 and corollary 1, proposed CPM-R model is a stronger model compare to ... See full document

... simplify certificate manage- ment while avoiding the key escrow property of identity-based ...public key cer- tificates but CLE does ... See full document

... fully leakage-resilient signature schemes in the standard model, were constructed independently by [11] and ...public-key encryption scheme and an admissible hash function H ...an ... See full document

... against leakage, both in the game-based setting ...verification key vk ) even given black-box access to an oracle returning signatures on arbitrarily chosen messages (computed via the signing ... See full document

... are based on the so-called “related key attacks” [BK03], where the adversary is able to break a scheme S(K ) (where K is the secret key) by having access to a device S(K 0 ) for some K 0 that is ... See full document

... public key settings, several leakage-resilient public key encryption and signature schemes were proposed under the continual leakage model, which are surveyed as ...a ... See full document

... of Leakage Resilient Cryptography with the objective is to deal with any form of side-channel ...of leakage comes from the possibility of an adversary to extract the information about the secret ... See full document

... a certificate-based proxy cryptosystem based on Gentry’s CBE ...scheme based on the CBE scheme in ...of certificate-based signature (CBS) that follows the idea of Gentry’s CBE ... See full document

... At first glance, it seems that a simple solution to this problem is to use a sufficiently complicated hash function to update the key at each step. If we use the random oracle model and assume that the oracle maps ... See full document