Efficient chosen-ciphertext secure public-key encryption scheme with high leakage-resilience

A leakage-resilient public-key encryption (PKE) scheme provides security even if an adversary obtains some information on the secret key. In recent years, much attention has been focused on designing provably secure PKE in the presence of key-leakage and almost all the constructions rely on an important building block namely hash proof system (HPS). However, in the setting of adaptive chosen-ciphertext attacks (CCA2), there are not many HPS-based leakage-resilient PKE schemes available. Moreover, most of them have an unsatisfactory leakage rate. In this study, the authors propose a new method of constructing leakage-resilient CCA2-secure PKE scheme from any tag-based strongly universal₂ HPS. The striking advantage of the authors scheme is the leakage rate, which is the best one among all known HPS-based indistinguishability key leakage CCA2-secure constructions. In particular, they present an instantiation under the n-linear assumption. In the cases of n = 1 (resp. n = 2), they actually obtain a decisional Diffie-Hellman (DDH)-based [resp. decisional linear (DLIN)-based] PKE scheme, where the leakage rate can be made to 1/4 (resp. 1/6). The authors DDH-based scheme achieves the best leakage rate among all known DDH-based (Cramer-Shoup-type) schemes. Their DLIN-based scheme is the first one that can achieve leakage of L/6 bits without pairing, where L is the length of the secret key.