Novel Public-Key Encryption with Continuous Leakage Amplification

2020 ◽  
Author(s):  
Zirui Qiao ◽  
Qiliang Yang ◽  
Yanwei Zhou ◽  
Zhe Xia ◽  
Mingwu Zhang
Keyword(s):  
Real World ◽  
Private Information ◽  
Public Key ◽  
Public Key Encryption ◽  
Arbitrary Length ◽  
Computing Systems ◽  
Leakage Resilience ◽  
The Public ◽  
Real World Applications ◽  
Secret Keys

Abstract Leakage of private information, such as the secret keys, has become a threat to the security of computing systems. It has become a common requirement that cryptographic schemes should withstand various leakage attacks, including the continuous leakage attacks. Although some research progresses have been made toward this area, there are still some unsolved issues. In the literature, the public-key encryption (PKE) constructions with (continuous) leakage resilience normally require the upper bound of leakage to be fixed. However, in many real-world applications, this requirement cannot provide sufficient protection against leakage attacks. In order to mitigate these problems, this paper demonstrates how to design a leakage amplified PKE scheme with continuous leakage resilience and chosen-plaintext attacks security. In our proposed PKE scheme, the leakage parameter can have an arbitrary length. Moreover, the length of permitted leakage in our scheme can be flexibly adjusted according to the leakage requirements of application environment. Its security is formally proved under the classic static assumption.

ISEkFT

2019 ◽  
Vol 12 (3) ◽  
pp. 133-153 ◽  
Author(s):  
Mamta ◽  
Brij B. Gupta ◽  
Syed Taqi Ali
Keyword(s):  
Keyword Search ◽  
Public Key ◽  
Public Key Encryption ◽  
The Public ◽  
Fuzzy Search ◽  
Cloud Server ◽  
Fuzzy Keyword Search ◽  
Identity Based ◽  
Guessing Attack ◽  
Overall Reliability

Public-key encryption with keyword search (PEKS) is a well-known technique which allows searching on encrypted data using the public key system. However, this technique suffers from the keyword guessing attack (KGA). To address this problem, a modified version of PEKS called public key encryption with fuzzy keyword search (PEFKS) has been introduced where each keyword is associated with an exact search trapdoor (EST) and a fuzzy search trapdoor (FST) which is provided to the cloud server. PEFKS prevents KGA in such a way that two or maximum three keywords share the same FST. Hence, even if the cloud server knows the FST it cannot link it to the corresponding keyword. But, with a probability of 1/3 the malicious cloud server can still guess the keyword corresponding to FST. Therefore, in this article, the authors present an approach which can improve the security of the PEFKS technique by reducing the probability of guessing the keyword to 1/k where k is the number of keywords that share the same FST, thus enhancing the overall reliability. In addition, the authors have used an identity-based encryption (IBE) as an underlying technique to construct the searchable encryption scheme and proved its security in the standard model.

Certificates and Public Key Infrastructure

2008 ◽  
pp. 217-245
Author(s):  
Manuel Mogollon
Keyword(s):  
Access Control ◽  
Digital Signature ◽  
Public Key Infrastructure ◽  
Public Key ◽  
Comprehensive System ◽  
Public Key Encryption ◽  
Control Data ◽  
The Public ◽  
Digital Certificates ◽  
Public Keys

In public-key encryption, the secrecy of the public key is not required, but the authenticity of the public key is necessary to guarantee its integrity and to avoid spoofing and playback attacks. A user’s public key can be authenticated (signed) by a certificate authority that verifies that a public key belongs to a specific user. In this chapter, digital certificates, which are used to validate public keys, and certificate authorities are discussed. When public-key is used, it is necessary to have a comprehensive system that provides public key encryption and digital signature services to ensure confidentiality, access control, data integrity, authentication, and non-repudiation. That system, public-key infrastructure or PKI, is also discussed in this chapter.

scholarly journals Cardinality Estimators do not Preserve Privacy

2019 ◽  
Vol 2019 (2) ◽  
pp. 26-46 ◽  
Author(s):  
Damien Desfontaines ◽  
Andreas Lochbihler ◽  
David Basin
Keyword(s):  
Prior Knowledge ◽  
Real World ◽  
Private Information ◽  
Differential Privacy ◽  
Risk Mitigation ◽  
Mitigation Strategies ◽  
Raw Data ◽  
Real World Applications ◽  
Risk Mitigation Strategies ◽  
Abstract Notion

Abstract Cardinality estimators like HyperLogLog are sketching algorithms that estimate the number of distinct elements in a large multiset. Their use in privacy-sensitive contexts raises the question of whether they leak private information. In particular, can they provide any privacy guarantees while preserving their strong aggregation properties? We formulate an abstract notion of cardinality estimators, that captures this aggregation requirement: one can merge sketches without losing precision. We propose an attacker model and a corresponding privacy definition, strictly weaker than differential privacy: we assume that the attacker has no prior knowledge of the data. We then show that if a cardinality estimator satisfies this definition, then it cannot have a reasonable level of accuracy. We prove similar results for weaker versions of our definition, a nd a nalyze t he p rivacy o f existing algorithms, showing that their average privacy loss is significant, e ven f or m ultisets w ith l arge cardinalities. We conclude that strong aggregation requirements are incompatible with any reasonable definition o f privacy, and that cardinality estimators should be considered as sensitive as raw data. We also propose risk mitigation strategies for their real-world applications.

Sign in / Sign up

Export Citation Format

Share Document