Fully Homomorphic Distributed Identity-based Encryption Resilient to Continual Auxiliary Input Leakage Franc ¸ois G´ erard, Veronika Kuchta, Rajeev Anand Sahu, Gaurav Sharma and Olivier Markowitch Universit´ e Libre de Bruxelles, Belgium Keywords: Homomorphic Encryption, Identity-based Encryption, Leakage Resilient Cryptography, LWE. Abstract: History tells us that is not enough to base security solely on the unfeasability of solving the underlying hard problem of a cryptosystem. In the real world, it is not uncommon for an adversary to get access to some key dependent information potentially helping to perform cryptanalysis. Recently a lot of effort has been put into designing cryptosystems such that the impact of leaking key related information is minimized, this area is mostly known as leakage-resilient cryptography. In this work, we show how to construct a distributed fully homomorphic identity-based encryption secure in the continual auxiliary input model. Our construction is based on the fully homomorphic scheme of Gentry, Sahai and Waters and relies merely on the learning with errors assumption, which is conjectured being resistant against quantum attacks. 1 INTRODUCTION AND MOTIVATION Leakage-Resilient Cryptography. Security of tra- ditional public-key cryptographic schemes depends on privacy of secret keys and can be analyzed in an idealized model under the assumption that the secret keys are hidden from adversary. Nevertheless many schemes become insecure during their implementa- tion into real systems. An adversary can often learn auxiliary information on the secret inputs of the al- gorithm (for example if the key is used somewhere else or by studying the physical behavior of the device performing cryptographic operations). Such attacks are known as side-channel attacks. A solution for this problem can be provided by what is called leakage re- silient cryptography which guarantees security even if we assume secret key leakage during implementation procedure (Akavia et al., 2009). An example of strong side-channel attack is the so- called ”cold-boot attack” that was defined recently (Halderman et al., 2009). Due to the fact that ev- ery cryptographic algorithm is made to be eventually used in a real environment, side-channel attacks of- ten lead to loss of secrecy, during the implementation which enables observations like the amount of power consumption or the time required for this implemen- tation. These observations lead to information leak- age about secret-keys without breaking the underlying assumptions of the considered schemes. Those side- channel attacks which include all attacks in which leakage of information is possible when while the scheme performs any computations, are called com- putational side-channel attacks as showed by Micali and Reyzin (Micali and Reyzin, 2004). But not only computation on secrets leak information. Akavia et al. (Akavia et al., 2009) considered another family of side-channel attacks, the so called ”memory attack”, which is a generalization of the already mentioned ”cold-boot attack” introduced by Halderman et al. (Halderman et al., 2009). Akavia et al.’s work defined the family of memory attacks by allowing leakage of a bounded number of bits of the secret, which are com- puted upon applying an arbitrary function with output that is bounded by the size of the secret key. This model is called the bounded leakage model indicat- ing that the overall amount of information the attacker can learn is bounded by a finite natural number. This leads to the main question in leakage-resilient cryp- tography which is exploring the suitable size of the output of the leakage function without compromising the security of cryptosystem. There are new results on public-key encryption to provide security against memory attacks. First one looks for redundant repre- sentation of secret-keys which can enable the battling memory attack. The other approach is just to con- sider the already existing cryptosystems and to check their consistency against memory attacks. Akavia et al. (Akavia et al., 2009) took the second approach, ex- Gérard, F., Kuchta, V., Sahu, R., Sharma, G. and Markowitch, O. Fully Homomorphic Distributed Identity-based Encryption Resilient to Continual Auxiliary Input Leakage. DOI: 10.5220/0006832200410052 In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications (ICETE 2018) - Volume 2: SECRYPT, pages 41-52 ISBN: 978-989-758-319-3 Copyright © 2018 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved 41