Post-challenge leakage in public-key encryption

When an adversary can measure the physical memory storing the decryption key, decryption functionality often comes in handy. Halevi and Lin (TCC'11) studied after-the-fact (or post-challenge) leakage in public-key encryption (PKE), in which an adversary can make leakage queries from a split state after seeing the challenge ciphertext, but left security against chosen-ciphertext attacks (CCA) as a future work. In this paper, we follow their work and formulate the definition of entropic leakage-resilient CCA-secure PKE, which we show can be realized by the Naor–Yung “double encryption” paradigm (STOC'90). We then leverage it to get a CCA-secure key-encapsulation mechanism in the presence of post-challenge leakage, in the same model of bounded memory leakage from a split state. Finally, we prove that the hybrid encryption framework is still applicable by presenting a construction of CCA-secure PKE in the presence of post-challenge leakage. As additional results, we extend these concepts to the identity-based setting, where many identity-based secret-keys can be leaked after the adversary got the challenge, and give a construction of identity-based encryption in the presence of post-challenge leakage in the split-state model, which can be instantiated by the identity-based hash proof systems of Alwen et al. (Eurocrypt'10) and Chow et al. (CCS'10).