Leakage of private state information (e.g. the secret keys) through various leakage attacks (e.g. side channel attacks, cold-boot attacks, etc) has become a serious threat to the security of computer systems in practice. Nowadays, it has become a common requirement that cryptographic schemes should withstand the leakage attacks. Although some research progresses have been made towards designing leakage-resilient cryptographic schemes, there are still some unsolved issues. For example, the computational costs of the existing generic construction of leakage-resilient public-key encryption (PKE) schemes is generally very high. One of the main reasons is that the underlying building blocks, e.g. non-interactive zero-knowledge argument, one-time lossy filter or one-time signature, are computationally expensive. Moreover, the above constructions of PKE with leakage resilience normally require the upper bound of leakage to be fixed. However, in many real-world applications, this requirement cannot provide sufficient protection against various leakage attacks. In order to mitigate the above problems, this paper presents a generic method of designing leakage amplified PKE schemes with leakage resilience and chosen-ciphertext attacks (CCA) security. Firstly, we define a new cryptography primitive, called identity-based hash proof system with two encapsulated key (T-IB-HPS). Then, two generic constructions of leakage-resilient PKE schemes are proposed using T-IB-HPS and message authentication code (MAC). The CCA security of our proposed constructions can be reduced to the security of the underlying T-IB-HPS and MAC. In the proposed generic method, the leakage parameter has an arbitrary length that can be flexibly adjusted according to the specific leakage requirements. In order to demonstrate the practicability of our generic method, two instantiations of T-IB-HPS are introduced. The first instantiation is proved based on the truncated augmented bilinear Diffie–Hellman exponent assumption, and the second instantiation is proved based on the related security assumptions over the composite order bilinear group.

在实践中，通过各种泄漏攻击（例如，边信道攻击，冷启动攻击等）导致的私有状态信息（例如，秘密密钥）的泄漏已经严重威胁了计算机系统的安全。如今，密码方案必须能够抵御泄漏攻击已成为一种普遍的要求。尽管在设计防泄漏弹性加密方案方面已经取得了一些研究进展，但是仍然存在一些未解决的问题。例如，现有的防泄漏的公共密钥加密（PKE）方案的通用构造的计算成本通常很高。主要原因之一是底层的构建块，例如非交互式零知识参数，一次性有损过滤器或一次性签名，在计算上是昂贵的。而且，具有泄漏弹性的PKE的上述构造通常需要固定泄漏的上限。但是，在许多实际应用中，此要求不能为各种泄漏攻击提供足够的保护。为了缓解上述问题，本文提出了一种设计具有泄漏弹性和选择密文攻击（CCA）安全性的泄漏放大PKE方案的通用方法。首先，我们定义了一种新的密码学原语，称为带有两个封装密钥（T-IB-HPS）的基于身份的哈希证明系统。然后，使用T-IB-HPS和消息认证码（MAC）提出了两种防漏PKE方案的通用构造。我们提议的结构的CCA安全性可以降低到基础T-IB-HPS和MAC的安全性。在建议的通用方法中，泄漏参数具有任意长度，可以根据具体泄漏要求灵活调整。为了证明我们通用方法的实用性，我们介绍了T-IB-HPS的两个实例。基于截断的增广双线性Diffie-Hellman指数假设证明了第一个实例，基于复合阶双线性组的相关安全假设证明了第二个实例。