Don’t Tamper with Dual System Encryption

In related-key attacks (RKA), an attacker modifies a secret key stored in a device by tampering or fault injection and observes the evaluation output of the cryptographic algorithm based on this related key. In this work, we show that the dual system encryption methodology of Waters (Crypto 2009) fits well with RKA security. We apply simple modifications to a regularly-secure identity-based encryption (IBE) scheme (TCC 2010) constructed through dual system to achieve RKA security for rational functions, which is beyond the polynomial barrier of Bellare et al. ’s framework (Asiacrypt 2012). We achieve security by pushing the complexity of RKA directly down to the underlying intractability assumption. We also discuss how to extend it to a hierarchical IBE scheme that remains secure against RKA over identity-based secret keys beyond the master secret, albeit under some structural constraints.