Chapter

Public Key Cryptography — PKC 2003

Volume 2567 of the series Lecture Notes in Computer Science pp 85-99

Date:

Randomness Re-use in Multi-recipient Encryption Schemeas

  • Mihir BellareAffiliated withDept. of Computer Science & Engineering, University of California at San Diego
  • , Alexandra BoldyrevaAffiliated withDept. of Computer Science & Engineering, University of California at San Diego
  • , Jessica StaddonAffiliated withDept. of Computer Science & Engineering, University of California at San Diego

Abstract

Kurosawa showed how one could design multi-receiver encryption schemes achieving savings in bandwidth and computation relative to the naive methods. We broaden the investigation. We identify new types of attacks possible in multi-recipient settings, which were overlooked by the previously suggested models, and specify an appropriate model to incorporate these types of attacks. We then identify a general paradigm that underlies his schemes and also others, namely the re-use of randomness: ciphertexts sent to different receivers by a single sender are computed using the same underlying coins. In order to avoid case by case analysis of encryption schemes to see whether they permit secure randomness re-use, we provide a condition, or test, that when applied to an encryption scheme shows whether or not the associated randomness re-using version of the scheme is secure. As a consequence, our test shows that randomness re-use is secure in the strong sense for asymmetric encryption schemes such as El Gamal, Cramer-Shoup, DHIES, and Boneh and Franklin's escrow El Gamal.

Keywords

Encryption randomness provable security broadcast encryption