Cryptology ePrint Archive: Report 2014/780

Deterministic Public-Key Encryption under Continual Leakage

Venkata Koppula and Omkant Pandey and Yannis Rouselakis and Brent Waters

Abstract: Deterministic public-key encryption, introduced by Bellare, Boldyreva, and O’Neill (CRYPTO 2007), is an important technique for searchable encryption; it allows quick, logarithmic-time, search over encrypted data items. The technique is most effective in scenarios where frequent search queries are performed over a huge database of unpredictable data items. We initiate the study of deterministic public-key encryption (D-PKE) in the presence of leakage. We formulate appropriate security notions for leakage-resilient D-PKE, and present constructions that achieve them in the standard model. We work in the continual leakage model, where the secret-key is updated at regular intervals and an attacker can learn arbitrary but bounded leakage on the secret key during each time interval. We, however, do not consider leakage during the updates. Our main construction is based on the (standard) linear assumption in bilinear groups, tolerat- ing up to 0.5 - o(1) fraction of arbitrary leakage. The leakage rate can be improved to 1 - o(1) by relying on the SXDH assumption. At a technical level, we propose and construct a “continual leakage resilient” version of the all-but-one lossy trapdoor functions, introduced by Peikert and Waters (STOC 2008). Our formulation and construction of leakage-resilient lossy-TDFs is of independent general interest for leakage-resilient cryptography.

Category / Keywords: public-key cryptography / Deterministic Encryption, Continual Leakage, Searchable Encryption, Lossy Trapdoor Functions, All-But-One Functions

Date: received 2 Oct 2014, last revised 16 Aug 2015

Contact author: kvenkata at cs utexas edu

Available format(s): PDF | BibTeX Citation

Note: Revised proof of theorem 8 to refer to crooked version of generalized LHL, and included details of all hybrids.

Version: 20150816:231720 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]