| 講演名 | 2012-05-18 On the Joint Security of Encryption and Signature, Revisited , |
|---|---|
| PDFダウンロードページ |  PDFダウンロードページへ |
| 抄録(和) | |
| 抄録(英) | The folklore principle of key separation dictates using different keys for different cryptographic operations. While this is well-motivated by real-world, security engineering concerns, there are still situations where it is desirable to use the same key for multiple operations. In the context of public key cryptography, using the same keypair for both encryption and signature primitives can reduce storage requirements (for certificates as well as keys), reduce the cost of key certification and the time taken to verify certificates, and reduce the footprint of cryptographic code. These savings may be critical in embedded systems and low-end smart card applications. As a prime example, the globally-deployed EMV standard for authenticating credit and debit card transactions allows the same keypair to be reused for encryption and signatures for precisely these reasons. However, this approach of reusing keys is not without its problems. For example, there is the issue that encryption and signature keypairs may have different lifetimes, or that the private keys may require different levels of protection. Most importantly of all, there is the question of whether it is secure to use the same keypair in two (or more) different primitives. The formal study of the security of key reuse was initiated by Haber and Pinkas (ACM CCS 2001) with their introduction of combined public key schemes. However, while their approach can be made to work in the random oracle model, it does not naturally extend to the standard model, and there currently exist no fully satisfactory standard model solutions. We revisit the problem of how to construct combined public key schemes which are secure in the standard model. Naturally, for reasons of practical efficiency, we are interested in minimising the size of keys (both public and private), ciphertexts, and signatures in such schemes. Firstly, we then present a construction for a combined public key scheme using an IBE scheme as a component. The trick here is to use the IBE scheme in the Naor transform and the CHK transform simultaneously to create a combined public key scheme that is jointly secure, under rather weak requirements on the starting IBE scheme. This construction extends easily to the (hierarchical) identity-based setting. Secondly, we provide a more efficient direct construction for a combined scheme with joint security. This construction is based on the signature scheme of Boneh and Boyen (EUROCRYPT 2004) and a KEM obtained by applying the techniques by Boyen, Mei and Waters (ACM CCS 2005) to the second IBE scheme of Boneh and Boyen (EUROCRYPT 2004). Lastly, we show how our ideas can be applied to signcryption. Specifically, we show that a combined public key scheme can be used to construct a signcryption scheme that is secure in the strongest security model for signcryption. Instantiating this construction with our concrete combined public key scheme effectively solves a challenge implicitly laid down by Dodis, Freedman, Jarecki and Walfish (ACM CCS 2004) to construct an efficient standard model signcryption scheme in which a single short keypair can securely be used for both sender and receiver functions. |
| キーワード(和) | |
| キーワード(英) | |
| 資料番号 | ISEC2012-8 |
| 発行日 |
| 研究会情報 | |
| 研究会 | ISEC |
|---|---|
| 開催期間 | 2012/5/11(から1日開催) |
| 開催地(和) | |
| 開催地(英) | |
| テーマ(和) | |
| テーマ(英) | |
| 委員長氏名(和) | |
| 委員長氏名(英) | |
| 副委員長氏名(和) | |
| 副委員長氏名(英) | |
| 幹事氏名(和) | |
| 幹事氏名(英) | |
| 幹事補佐氏名(和) | |
| 幹事補佐氏名(英) | |
| 講演論文情報詳細 | |
| 申込み研究会 | Information Security (ISEC) |
|---|---|
| 本文の言語 | ENG |
| タイトル(和) | |
| サブタイトル(和) | |
| タイトル(英) | On the Joint Security of Encryption and Signature, Revisited |
| サブタイトル(和) | |
| キーワード(1)(和/英) | |
| 第 1 著者 氏名(和/英) | / Kenneth G. Paterson |
| 第 1 著者 所属(和/英) | Royal Holloway, University of London |
| 発表年月日 | 2012-05-18 |
| 資料番号 | ISEC2012-8 |
| 巻番号(vol) | vol.112 |
| 号番号(no) | 39 |
| ページ範囲 | pp.- |
| ページ数 | 40 |
| 発行日 | |