Circular Chosen-Ciphertext Security with Compact Ciphertexts
- Dennis HofheinzAffiliated withKarlsruhe Institute of Technology
A key-dependent message (KDM) secure encryption scheme is secure even if an adversary obtains encryptions of messages that depend on the secret key. Such key-dependent encryptions naturally occur in scenarios such as harddisk encryption, formal cryptography, or in specific protocols. However, there are not many provably secure constructions of KDM-secure encryption schemes. Moreover, only one construction, due to Camenisch, Chandran, and Shoup (Eurocrypt 2009) is known to be secure against active (i.e., CCA) attacks.
In this work, we construct the first public-key encryption scheme that is KDM-secure against active adversaries and has compact ciphertexts. As usual, we allow only circular key dependencies, meaning that encryptions of arbitrary entire secret keys under arbitrary public keys are considered in a multi-user setting.
Technically, we follow the approach of Boneh, Halevi, Hamburg, and Ostrovsky (Crypto 2008) to KDM security, which however only achieves security against passive adversaries. We explain an inherent problem in adapting their techniques to active security, and resolve this problem using a new technical tool called “lossy algebraic filters” (LAFs). We stress that we significantly deviate from the approach of Camenisch, Chandran, and Shoup to obtain KDM security against active adversaries. This allows us to develop a scheme with compact ciphertexts that consist only of a constant number of group elements.
Keywordskey-dependent messages chosen-ciphertext security public-key encryption
- Circular Chosen-Ciphertext Security with Compact Ciphertexts
- Book Title
- Advances in Cryptology – EUROCRYPT 2013
- Book Subtitle
- 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26-30, 2013. Proceedings
- pp 520-536
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- International Association for Cryptologic Research
- Additional Links
- key-dependent messages
- chosen-ciphertext security
- public-key encryption
- Industry Sectors
- eBook Packages
To view the rest of this content please follow the download PDF link above.