Paper 2015/1047

Reconfigurable Cryptography: A flexible approach to long-term security

Julia Hesse, Dennis Hofheinz, and Andy Rupp

Abstract

We put forward the concept of a reconfigurable cryptosystem. Intuitively, a reconfigurable cryptosystem allows to increase the security of the system at runtime, by changing a single central parameter we call common reference string (CRS). In particular, e.g., a cryptanalytic advance does not necessarily entail a full update of a large public-key infrastructure; only the CRS needs to be updated. In this paper we focus on the reconfigurability of encryption and signature schemes, but we believe that this concept and the developed techniques can also be applied to other kind of cryptosystems. Besides a security definition, we offer two reconfigurable encryption schemes, and one reconfigurable signature scheme. Our first reconfigurable encryption scheme uses indistinguishability obfuscation (however only in the CRS) to adaptively derive short-term keys from long-term keys. The security of long-term keys can be based on a one-way function, and the security of both the indistinguishability obfuscation and the actual encryption scheme can be increased on-the-fly, by changing the CRS. We stress that our scheme remains secure even if previous short-term secret keys are leaked. Our second reconfigurable encryption scheme has a similar structure (and similar security properties), but relies on a pairing-friendly group instead of obfuscation. Its security is based on the recently introduced hierarchy of $$-SCasc assumptions. Similar to the $$-Linear assumption, it is known that $$-SCasc implies $$-SCasc, and that this implication is proper in the generic group model. Our system allows to increase $$ on-the-fly, just by changing the CRS. In that sense, security can be increased without changing any long-term keys. We also offer a reconfigurable signature scheme based on the same hierarchy of assumptions.