Public-Key Cryptography with Joint and Related-Key Security

Susan Thomson

Research output: ThesisDoctoral Thesis

163 Downloads (Pure)


The principle of key separation dictates using different keys for different cryptographic operations. We investigate the topic of joint security, where a single keypair is used in multiple primitives in a secure manner. We concentrate mainly on the case of encryption and signature under a shared keypair, giving a generic construction and a more efficient direct construction, both secure in the standard model, and show how these results relate to signcryption.

We then turn our attention to security under related-key attacks (RKA), where an adversary can modify a stored secret key and observe the outputs of the system as it operates under this new key. We provide a framework enabling the construction of RKA-secure identity-based encryption (IBE) schemes, and show how specific instantiations of the framework yield IBE schemes secure against adversaries deriving new keys through affine and polynomial transformations of the master secret key. From this we obtain the first constructions of RKA-secure schemes for a variety of primitives under the same non-linear key transformations.

Since achieving joint or RKA security often depends on the format of the stored keys, we introduce key-versatile signatures, where the public key is an arbitrary one-way function of the secret key, and show how these can be used to obtain further results in joint and RKA security and beyond.
Original languageEnglish
Awarding Institution
  • Royal Holloway, University of London
  • Paterson, Kenneth, Supervisor
Award date1 Aug 2014
Publication statusUnpublished - 2014

Cite this