http://scholars.ntou.edu.tw/handle/123456789/23100
Title: | Leakage-Resilient Anonymous Multi-Recipient Signcryption Under a Continual Leakage Model | Authors: | Tsai, Tung-Tso Tseng, Yuh-Min Huang, Sen-Shan Xie, Jia-Yi Hung, Ying-Hao |
Keywords: | Anonymity;multi-recipient encryption;signature;side-channel attacks;leakage-resilience | Issue Date: | 1-Jan-2022 | Publisher: | IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC | Journal Volume: | 10 | Start page/Pages: | 104636-104648 | Source: | IEEE ACCESS | Abstract: | A multi-recipient signcryption (MRSC) scheme possesses the functionalities of both multi-recipient public-key encryption and digital signature to ensure both integrity and confidentiality of transmitted messages. Moreover, an anonymous MRSC (AMRSC) scheme retains the functionalities of an MRSC scheme while offering privacy-preserving, namely, a recipient's identity or public key being hidden to other recipients. In the past, numerous MRSC and AMRSC schemes based on various public-key cryptographies (i.e., public key infrastructure (PKI)-based, identity (ID)-based and certificateless (CL)) were proposed. Recently, an attacker can realize side-channel attacks to acquire partial bits of private keys participated in cryptographic computations. However, up to date, no MRSC or AMRSC scheme can resist side-channel attacks so that these schemes might suffer from such attacks and could be broken. To resist such attacks under a continual leakage model, we propose the first PKI-based leakage-resilient AMRSC (PKI-LR-AMRSC) scheme in this paper. In the proposed scheme, an attacker is permitted to continually acquire partial bits of private keys partook in computations of the PKI-LR-AMRSC scheme, and formal security proofs are given to show that the proposed scheme still retains the original security of AMRSC schemes. As compared with the relevant AMRSC schemes, our PKI-LR-AMRSC scheme not only resists side-channel attacks but also reduces the cost of executing the multi-signcryption and unsigncryption algorithms. In particular, the point is that the computational complexities of our scheme respectively require only O(t) and O(1) in executing the Multi-signcryption algorithm and the Unsigncryption algorithm, where t is the number of recipients. |
URI: | http://scholars.ntou.edu.tw/handle/123456789/23100 | ISSN: | 2169-3536 | DOI: | 10.1109/ACCESS.2022.3210265 |
Appears in Collections: | 資訊工程學系 |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.