Leakage-resilient certificateless public key encryption

In certificateless public key encryption (CL-PKE), the Private Key Generator (PKG) keeps a master secret key to generate a partial private key corresponding to a user's identity. Together with a secret value generated by the user, a full private key can be constructed for decryption. Traditional security model for CL-PKE assumes that (i) both the master secret key of the PKG and the full private key of the user under attack are in absolute secrecy; and (ii) the attacker can only obtain either the target user's secret value without any partial knowledge of the partial private key or vice versa. However, the advancement of practical side-channel attacks enable attackers to obtain partial information of both keys easily, making the above assumption invalid. In this paper, we give the first leakage-resilient CL-PKE. We consider different leakage conditions for Type I (third party attackers) and Type II (honest-but-curious PKG) attackers, following the classification in traditional CL-PKE. We give a concrete construction in the composite order bilinear group. We prove the security of our scheme in the standard model, overcoming some technical difficulties in the security proofs for both Type I and Type II attackers of CL-PKE.