Files

Action Filename Description Size Access License Resource Version
Show more files...

Abstract

Time travel has always been a fascinating topic in literature and physics. In cryptography, one may wonder how to keep data confidential for some time. In this dissertation, we will study how to make private information travel to the future. This dissertation consists of three parts: Timed-release encryption, witness encryption and self-encryption. With timed-release encryption, one can send to a counterpart a message which cannot be read before some time has elapsed. One possible solution is to use a third party. At every time period, the third party releases a time bound key, and a ciphertext which is encrypted for a time period requires the time bound key of that time period for decryption. Then, a problem occurs when the counterpart somehow loses the release time of ciphertext. We propose a solution by introducing a master time bound key which can be considered as a valid time bound key of all time periods. We propose a provably secure construction and show the experimental results. In 2018, Liu, Jager, Kakvi and Warinschi introduced a timed-release encryption scheme based on a blockchain with proof-of-work and witness encryption. Current proposals of witness encryption are based on multilinear maps. In this part, we propose a new construction without. We propose the notion of hidden group with hashing and make a witness encryption from it. We show that the construction is secure in a generic model. We propose a concrete construction based on RSA-related problems. Namely, we use an extension of the knowledge-of-exponent assumption and the order problem. We finally estimate the cost of the bitcoin blockchain implementation. Although our estimates are still high (for a release time of one hour / one year, we respectively use ciphertexts of 567 MB / 4.5 TB and a decryption time of 27 min / 5.2 months on a single core), there is room for improvement by a factor 20 000 by adapting the blockchain structure and by adopting a hash function which is better adapted to this type of programming than SHA256. In self-encryption, a device encrypts some piece of information for itself to decrypt in the future. We are interested in security of self-encryption when the state occasionally leaks. Applications where self-encryption operates are cloud storage, when a client encrypts files to be stored, and in 0-RTT session resumptions, when a server encrypts a resumption key to be stored by the client. Previous works focused on forward secrecy and resistance to replay attacks. In our work, we study post-compromise security. Post-compromise security was already solved in ratcheted instant messaging schemes, at the price of having an inflating state size. However, it was not known whether state inflation was necessary. We prove here that this is the case. In our results, we prove that post-compromise security implies a super-linear state size in terms of the number of ciphertexts which can still be decrypted by the state. We apply our result to self-encryption for cloud storage and 0-RTT session resumption, and also to secure messaging. We further show how to construct a secure scheme matching our bound on the state size.

Details

Actions

Preview