Hedged Public-Key Encryption: How to Protect against Bad Randomness

Authors:
Mihir Bellare;Zvika Brakerski;Moni Naor;Thomas Ristenpart;Gil Segev;Hovav Shacham;Scott Yilek
Affiliations:
Dept. of Computer Science & Engineering, University of California at San Diego, La Jolla, USA 92093;Dept. of Computer Science and Applied Mathematics, Weizmann Institute of Science, Rehovot, Israel 76100;Dept. of Computer Science and Applied Mathematics, Weizmann Institute of Science, Rehovot, Israel 76100;Dept. of Computer Science & Engineering, University of California at San Diego, La Jolla, USA 92093;Dept. of Computer Science and Applied Mathematics, Weizmann Institute of Science, Rehovot, Israel 76100;Dept. of Computer Science & Engineering, University of California at San Diego, La Jolla, USA 92093;Dept. of Computer Science & Engineering, University of California at San Diego, La Jolla, USA 92093
Venue:
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Year:
2009

Citing 26
Cited 22

A public key cryptosystem and a signature scheme based on discrete logarithms

Proceedings of CRYPTO 84 on Advances in cryptology
Pseudo-random generation from one-way functions

STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Extended Notions of Security for Multicast Public Key Cryptosystems

ICALP '00 Proceedings of the 27th International Colloquium on Automata, Languages and Programming
On the Impossibility of Private Key Cryptography with Weakly Random Keys

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Key-Privacy in Public-Key Encryption

ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
How to Enhance the Security of Public-Key Encryption at Minimum Cost

PKC '99 Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography
Simplified OAEP for the RSA and Rabin Functions

CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
On the (Im)possibility of Cryptography with Imperfect Randomness

FOCS '04 Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science
Analysis of the Linux Random Number Generator

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Cryptanalysis of the windows random number generator

Proceedings of the 14th ACM conference on Computer and communications security
Lossy trapdoor functions and their applications

STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
How to generate cryptographically strong sequences of pseudo random bits

SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data

SIAM Journal on Computing
How to Encrypt with a Malicious Random Number Generator

Fast Software Encryption
On Notions of Security for Deterministic Encryption, and Efficient Constructions without Random Oracles

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Smashing SQUASH-0

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
When private keys are public: results from the 2008 Debian OpenSSL vulnerability

Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Public-key encryption in a multi-user setting: security proofs and improvements

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Does privacy require true randomness?

TCC'07 Proceedings of the 4th conference on Theory of cryptography
Deterministic and efficiently searchable encryption

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Hold your sessions: an attack on java session-id generation

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Entropic security and the encryption of high entropy messages

TCC'05 Proceedings of the Second international conference on Theory of Cryptography
A provable-security treatment of the key-wrap problem

EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
The security of triple encryption and a framework for code-based game-playing proofs

EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques

Security audits of multi-tier virtual infrastructures in public infrastructure clouds

Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Chameleon all-but-one TDFs and their application to chosen-ciphertext security

PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Careful with composition: limitations of the indifferentiability framework

EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Better security for deterministic public-key encryption: the auxiliary-input setting

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Authenticated and misuse-resistant encryption of key-dependent data

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Randomness leakage in the KEM/DEM framework

ProvSec'11 Proceedings of the 5th international conference on Provable security
More constructions of lossy and correlation-secure trapdoor functions

PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Resettable public-key encryption: how to encrypt on a virtual machine

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Authenticated key exchange under bad randomness

FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Lossy functions do not amplify well

TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
A unified approach to deterministic encryption: new constructions and a connection to computational entropy

TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
All-But-Many lossy trapdoor functions

EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Identity-Based (lossy) trapdoor functions and applications

EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Dual projective hashing and its applications -- lossy trapdoor functions and more

EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Incremental deterministic public-key encryption

EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Detecting dangerous queries: a new approach for chosen ciphertext security

EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Inner-product lossy trapdoor functions and applications

ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Mining your Ps and Qs: detection of widespread weak keys in network devices

Security'12 Proceedings of the 21st USENIX conference on Security symposium
Public-Key encryption with lazy parties

SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Randomness-Dependent message security

TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Ensuring high-quality randomness in cryptographic key generation

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Cryptophia's short combiner for collision-resistant hash functions

ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Public-key encryption schemes rely for their IND-CPA security on per-message fresh randomness. In practice, randomness may be of poor quality for a variety of reasons, leading to failure of the schemes. Expecting the systems to improve is unrealistic. What we show in this paper is that we can, instead, improve the cryptography to offset the lack of possible randomness. We provide public-key encryption schemes that achieve IND-CPA security when the randomness they use is of high quality, but, when the latter is not the case, rather than breaking completely, they achieve a weaker but still useful notion of security that we call IND-CDA. This hedged public-key encryption provides the best possible security guarantees in the face of bad randomness. We provide simple RO-based ways to make in-practice IND-CPA schemes hedge secure with minimal software changes. We also provide non-RO model schemes relying on lossy trapdoor functions (LTDFs) and techniques from deterministic encryption. They achieve adaptive security by establishing and exploiting the anonymity of LTDFs which we believe is of independent interest.