{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,18]],"date-time":"2026-01-18T21:44:43Z","timestamp":1768772683004,"version":"3.49.0"},"reference-count":40,"publisher":"Oxford University Press (OUP)","issue":"6","license":[{"start":{"date-parts":[[2021,2,13]],"date-time":"2021-02-13T00:00:00Z","timestamp":1613174400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/journals\/pages\/open_access\/funder_policies\/chorus\/standard_publication_model"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2017YFB0802000"],"award-info":[{"award-number":["2017YFB0802000"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U2001205"],"award-info":[{"award-number":["U2001205"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61772326"],"award-info":[{"award-number":["61772326"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61802241"],"award-info":[{"award-number":["61802241"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61802242"],"award-info":[{"award-number":["61802242"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Cryptography Development Fund","award":["MMJJ20180217"],"award-info":[{"award-number":["MMJJ20180217"]}]},{"name":"Foundation of State Key Laboratory of Information Security","award":["2017-MS-03"],"award-info":[{"award-number":["2017-MS-03"]}]},{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","award":["GK201702004"],"award-info":[{"award-number":["GK201702004"]}],"id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Natural Science Basic Research plan in Shannxi Province of China","award":["2017JM6048"],"award-info":[{"award-number":["2017JM6048"]}]},{"name":"Guangxi Key Laboratory of Trusted Software","award":["KX202002"],"award-info":[{"award-number":["KX202002"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,6,16]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Hedged public-key encryption (HPKE), introduced by Bellare et al. (ASIACRYPT 2009), provides useful security when the per-message randomness fails to be uniform due to faulty implementations or adversarial actions. The HPKE scheme achieves IND-CPA (chosen plaintext attack) security when the randomness they used is of high quality, but, when the randomness is poor quality, rather than breaking completely, it achieves a weaker but a useful notion of security called IND-CDA (chosen distribution attack) as long as the message and randomness together have sufficient min-entropy. However, little research on HPKE in the presence of key leakage was done. In this paper, we study HPKE featuring key leakage-resilience and formulate appropriate security notion for key leakage-resilient HPKE. We work in the continual key leakage model where the secret key is refreshed periodically and an adversary can learn arbitrary but bounded leakage on the secret key between the updates. We present two generic constructions of continual leakage-resilient HPKE in the standard model by using a continual leakage-resilient all-but-one lossy trapdoor function. Finally, we give an instantiation of leakage-resilient HPKE under the linear assumption in bilinear groups.<\/jats:p>","DOI":"10.1093\/comjnl\/bxaa204","type":"journal-article","created":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T20:08:15Z","timestamp":1609531695000},"page":"1574-1585","source":"Crossref","is-referenced-by-count":5,"title":["Continual Leakage-Resilient Hedged Public-Key Encryption"],"prefix":"10.1093","volume":"65","author":[{"given":"Meijuan","family":"Huang","sequence":"first","affiliation":[{"name":"School of Mathematics and Information Sciences , Baoji University of Arts and Sciences, No. 1 Hi-Tech Avenue, Baoji 721013, China"},{"name":"School of Computer Science , Shaanxi Normal University, Yanta Campus: No. 199, South Chang\u2019an, Xi\u2019an 710062, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bo","family":"Yang","sequence":"additional","affiliation":[{"name":"School of Computer Science , Shaanxi Normal University, Yanta Campus: No. 199, South Chang\u2019an, Xi\u2019an 710062, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yanwei","family":"Zhou","sequence":"additional","affiliation":[{"name":"School of Computer Science , Shaanxi Normal University, Yanta Campus: No. 199, South Chang\u2019an, Xi\u2019an 710062, China"},{"name":"Guangxi Key Laboratory of Trusted Software , Guilin University of Electronic and Technology, 1 Jinji Rd, Qixing District Guilin, 541004, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xuewei","family":"Hu","sequence":"additional","affiliation":[{"name":"School of Computer Science , Shaanxi Normal University, Yanta Campus: No. 199, South Chang\u2019an, Xi\u2019an 710062, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2021,2,13]]},"reference":[{"key":"2022061614515047300_ref1","volume-title":"Debian OpenSSL predictable PRNG bruteforce SSH exploit","author":"Mueller","year":"2008"},{"key":"2022061614515047300_ref2","first-page":"129","article-title":"Randomly failed! the state of randomness in current java implentmentations","volume-title":"Proceedings of CT-RSA 2013","author":"Michaelis","year":"2013"},{"key":"2022061614515047300_ref3","first-page":"647","article-title":"Security analysis of pseudo-random number generaters with input: \/dev\/random is not robust","volume-title":"Proceedings of the 20th ACM Conference on Computer and Communications Security","author":"Dodis","year":"2013"},{"key":"2022061614515047300_ref4","first-page":"468","article-title":"A Systematic Analysis of the Juniper Dual EC Incident","volume-title":"ACM SIGSAC Conference on Computer and Communications Security","author":"Maskiewicz","year":"2016"},{"key":"2022061614515047300_ref5","first-page":"232","article-title":"Hedged public-key encryption: how to protect against bad randomness","volume-title":"Proceedings of ASIACRYPT","author":"Bellare","year":"2009"},{"key":"2022061614515047300_ref6","doi-asserted-by":"crossref","first-page":"627","DOI":"10.1007\/978-3-662-46803-6_21","article-title":"Resisting Randomness Subversion: Fast Deterministic and Hedged Public-Key Encryption in the Standard Model","volume-title":"Advances in Cryptology-EUROCRYPT 2015","author":"Bellare","year":"2015"},{"key":"2022061614515047300_ref7","doi-asserted-by":"crossref","first-page":"462","DOI":"10.1007\/978-3-319-63697-9_16","article-title":"Hedging Public-Key Encryption in the Real World","volume-title":"Advances in Cryptology-CRYPTO 2017","author":"Boldyreva","year":"2017"},{"key":"2022061614515047300_ref8","doi-asserted-by":"crossref","first-page":"535","DOI":"10.1007\/978-3-540-74143-5_30","article-title":"Deterministic and efficiently searchable encryption","volume-title":"Advances in Cryptology-CRYPTO 2007","author":"Bellare","year":"2007"},{"key":"2022061614515047300_ref9","doi-asserted-by":"crossref","first-page":"360","DOI":"10.1007\/978-3-540-85174-5_20","article-title":"Deterministic encryption: definitional equivalences and constructions without random oracles","volume-title":"Advances in Cryptology-CRYPTO 2008","author":"Bellare","year":"2008"},{"key":"2022061614515047300_ref10","doi-asserted-by":"crossref","first-page":"335","DOI":"10.1007\/978-3-540-85174-5_19","article-title":"On notions of security for deterministic encryption, and efficient constructions without random oracles","volume-title":"Advances in Cryptology-CRYPTO 2008","author":"Boldyreva","year":"2008"},{"key":"2022061614515047300_ref11","doi-asserted-by":"crossref","first-page":"1012","DOI":"10.1007\/s00145-018-9287-y","article-title":"Deterministic public-key encryption for adaptively chosen plaintext distributions","volume":"31","author":"Raghunathan","year":"2018","journal-title":"J Cryptol"},{"issue":"3","key":"2022061614515047300_ref12","first-page":"245","article-title":"CCA-secure deterministic identity-based encryption","volume":"25","author":"Huang","year":"2019","journal-title":"J. Univ. Comput. Sci."},{"key":"2022061614515047300_ref13","doi-asserted-by":"crossref","first-page":"729","DOI":"10.1007\/978-3-662-49890-3_28","article-title":"Nonce-based cryptography: retaining security when randomness fails","volume-title":"Advances in Cryptology-EUROCRYPT 2016","author":"Bellare","year":"2016"},{"key":"2022061614515047300_ref14","first-page":"253","article-title":"Hedged nonce-based public-key encryption: adaptive security under randomness failures","volume-title":"Proceedings of PKC 2018","author":"Huang","year":"2018"},{"key":"2022061614515047300_ref15","first-page":"104","article-title":"Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems","volume-title":"Advances in Cryptology-CRYPTO 1996","author":"Kocher Paul","year":"1996"},{"key":"2022061614515047300_ref16","first-page":"1","article-title":"Cache attacks and countermeasures: The case of AES","volume-title":"Proceedings of CT-RSA 2006","author":"Osvik","year":"2006"},{"key":"2022061614515047300_ref17","first-page":"200","article-title":"Electromagnetic analysis (ema): Measures and counter-measures for smart cards","volume-title":"Proceedings of E-smart 2001","author":"Quisquater","year":"2001"},{"key":"2022061614515047300_ref18","doi-asserted-by":"crossref","first-page":"595","DOI":"10.1007\/978-3-642-17373-8_34","article-title":"Leakage resilient ElGamal encryption","volume-title":"Advances in Cryptology-ASIACRYPT 2010","author":"Kiltz","year":"2010"},{"key":"2022061614515047300_ref19","doi-asserted-by":"crossref","first-page":"304","DOI":"10.1007\/978-3-319-39555-5_17","article-title":"Deterministic public-key encryption under continual Leakage","volume-title":"14th International Conference on Applied Cryptography and Network Security (ACNS)","author":"Koppula","year":"2016"},{"key":"2022061614515047300_ref20","first-page":"246","article-title":"Dual projective hashing and its applications\u2014lossy trapdoor functions and more","volume-title":"Advances in Cryptology-EUROCRYPT 2012, 31st Annual International Confernence on the Theory and Applications of Cryptographic Techniques","author":"Wee","year":"2012"},{"key":"2022061614515047300_ref21","first-page":"293","article-title":"Leakage-resilient cryptography","volume-title":"Proceedings of FOCS\u201908","author":"Dziembowski","year":"2008"},{"key":"2022061614515047300_ref22","doi-asserted-by":"crossref","first-page":"463","DOI":"10.1007\/978-3-540-45146-4_27","article-title":"Private circuits: securing hardware against probing attacks","volume-title":"Advances in Cryptology-CRYPTO 2003","author":"Ishai","year":"2003"},{"key":"2022061614515047300_ref23","first-page":"501","article-title":"Overcoming the hole in the bucket: public-key cryptography resilient to continual memory leakage","volume-title":"51st Annual IEEE Symposium on Foundations of Computer Science (FOCS)","author":"Brakerski","year":"2010"},{"key":"2022061614515047300_ref24","first-page":"511","article-title":"Cryptography against continuous memory attacks","volume-title":"51st Annual IEEE Symposium on Foundations of Computer Science (FOCS)","author":"Dodis","year":"2010"},{"key":"2022061614515047300_ref25","doi-asserted-by":"crossref","first-page":"908","DOI":"10.1007\/978-3-662-53887-6_33","article-title":"Public-key cryptosystems resilient to continuous tampering and leakage of arbitrary functions","volume-title":"Advances in Cryptology-ASIACRYPT 2016","author":"Fujisaki","year":"2016"},{"key":"2022061614515047300_ref26","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1007\/978-3-642-14623-7_4","article-title":"Securing computation against continuous leakage","volume-title":"Advances in Cryptology-CRYPTO 2010","author":"Goldwasser","year":"2010"},{"issue":"8","key":"2022061614515047300_ref27","first-page":"1161","article-title":"Continuous leakage-resilient public-key encryption scheme with CCA security","volume":"60","author":"Zhou","year":"2017","journal-title":"Comp. J."},{"key":"2022061614515047300_ref28","first-page":"117","article-title":"Generic transformation to strongly existentially unforgeable signature schemes with continuous leakage resiliency","volume-title":"Proceedings of ProvSec 2014","author":"Wang","year":"2014"},{"key":"2022061614515047300_ref29","doi-asserted-by":"crossref","first-page":"258","DOI":"10.1007\/978-3-319-08344-5_17","article-title":"Continuous after-the-fact leakage-resilient key exchange","volume-title":"Information Security and Privacy-19th Australasian Conference","author":"Alawatugoda","year":"2014"},{"issue":"8","key":"2022061614515047300_ref30","doi-asserted-by":"crossref","first-page":"1390","DOI":"10.1109\/TPDS.2010.206","article-title":"A generic framework for three-factor authentication: Preserving security and privacy in distributed systems","volume":"22","author":"Huang","year":"2011","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"2022061614515047300_ref31","article-title":"Two birds with one stone: two-factor authentication with security beyond conventional bound","volume-title":"IEEE Trans. Depend. Secure Comput.","author":"Wang","year":"2018"},{"key":"2022061614515047300_ref32","doi-asserted-by":"crossref","DOI":"10.1109\/TDSC.2020.3022797","article-title":"Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices","author":"Qiu","year":"2020","journal-title":"IEEE Trans. Depend. Secure Comput."},{"key":"2022061614515047300_ref33","first-page":"1","article-title":"Leakage resilience from program obfuscation","volume":"2","author":"Dachman-Soled","year":"2018","journal-title":"J. Cryptol."},{"key":"2022061614515047300_ref34","doi-asserted-by":"crossref","first-page":"187","DOI":"10.1145\/1374376.1374406","article-title":"Lossy trapdoor functions and their applications","volume-title":"Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing (STOC) 2008","author":"Peikert","year":"2008"},{"key":"2022061614515047300_ref35","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1145\/2484389.2484393","article-title":"Leakageresilient lossy trapdoor functions and public-key encryption","volume-title":"Proceedings of the First ACM Workshop on Asia Public-key Cryptography (AsiaPKC)","author":"Qin","year":"2013"},{"key":"2022061614515047300_ref36","doi-asserted-by":"crossref","first-page":"38","DOI":"10.3390\/info8020038","article-title":"Continuous leakage resilient lossy trapdoor function","volume":"8","author":"Li","year":"2017","journal-title":"Informations"},{"key":"2022061614515047300_ref37","doi-asserted-by":"crossref","first-page":"43936","DOI":"10.1109\/ACCESS.2018.2864163","article-title":"Consecutive leakage-resilient and updatable lossy functions and application in sensitive big-data environments","volume":"6","author":"Zhang","year":"2018","journal-title":"IEEE Access"},{"issue":"4","key":"2022061614515047300_ref38","doi-asserted-by":"crossref","first-page":"631","DOI":"10.1093\/comjnl\/bxy138","article-title":"Leakage resilient CCA security in stronger model: Branch hidden ABO-LTFs and their applications","author":"Zhao","year":"2019","journal-title":"Comput. J."},{"key":"2022061614515047300_ref39","first-page":"523","article-title":"Fuzzy extractors: how to generate strong keys from biometrics and other noisy data","volume-title":"Advances in Cryptology-EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques","author":"Dodis","year":"2004"},{"key":"2022061614515047300_ref40","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1007\/978-3-642-03356-8_2","article-title":"Public-key cryptosystems resilient to key leakage","volume-title":"Advances in Cryptology-CRYPTO 2009, 29th Annual International Cryptology Conference","author":"Naor","year":"2009"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/65\/6\/1574\/44080871\/bxaa204.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/65\/6\/1574\/44080871\/bxaa204.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,16]],"date-time":"2022-06-16T14:53:26Z","timestamp":1655391206000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/65\/6\/1574\/6134264"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,2,13]]},"references-count":40,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2021,2,13]]},"published-print":{"date-parts":[[2022,6,16]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxaa204","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"value":"0010-4620","type":"print"},{"value":"1460-2067","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2022,6]]},"published":{"date-parts":[[2021,2,13]]}}}