International Workshop on Public Key Cryptography

PKC 2003: Public Key Cryptography — PKC 2003 pp 85-99

Randomness Re-use in Multi-recipient Encryption Schemeas

  • Mihir Bellare
  • Alexandra Boldyreva
  • Jessica Staddon
Conference paper

DOI: 10.1007/3-540-36288-6_7

Volume 2567 of the book series Lecture Notes in Computer Science (LNCS)

Abstract

Kurosawa showed how one could design multi-receiver encryption schemes achieving savings in bandwidth and computation relative to the naive methods. We broaden the investigation. We identify new types of attacks possible in multi-recipient settings, which were overlooked by the previously suggested models, and specify an appropriate model to incorporate these types of attacks. We then identify a general paradigm that underlies his schemes and also others, namely the re-use of randomness: ciphertexts sent to different receivers by a single sender are computed using the same underlying coins. In order to avoid case by case analysis of encryption schemes to see whether they permit secure randomness re-use, we provide a condition, or test, that when applied to an encryption scheme shows whether or not the associated randomness re-using version of the scheme is secure. As a consequence, our test shows that randomness re-use is secure in the strong sense for asymmetric encryption schemes such as El Gamal, Cramer-Shoup, DHIES, and Boneh and Franklin's escrow El Gamal.

Keywords

Encryptionrandomnessprovable securitybroadcast encryption
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Alexandra Boldyreva
    • 1
  • Jessica Staddon
    • 2
  1. 1.Dept. of Computer Science & EngineeringUniversity of California at San DiegoCaliforniaUSA
  2. 2.Dept. of Computer Science & EngineeringUniversity of California at San DiegoCaliforniaUSA