Designs, Codes and Cryptography

, Volume 71, Issue 2, pp 293–313 | Cite as

Lattice-based completely non-malleable public-key encryption in the standard model



An encryption scheme is non-malleable if giving an encryption of a message to an adversary does not increase its chances of producing an encryption of a related message (under a given public key). Fischlin introduced a stronger notion, known as complete non-malleability, which requires attackers to have negligible advantage, even if they are allowed to transform the public key under which the related message is encrypted. Ventre and Visconti later proposed a comparison-based definition of this security notion, which is more in line with the well-studied definitions proposed by Bellare et al. The authors also provide additional feasibility results by proposing two constructions of completely non-malleable schemes, one in the common reference string model using non-interactive zero-knowledge proofs, and another using interactive encryption schemes. Therefore, the only previously known completely non-malleable (and non-interactive) scheme in the standard model, is quite inefficient as it relies on generic NIZK approach. They left the existence of efficient schemes in the common reference string model as an open problem. Recently, two efficient public-key encryption schemes have been proposed by Libert and Yung, and Barbosa and Farshim, both of them are based on pairing identity-based encryption. At ACISP 2011, Sepahi et al. proposed a method to achieve completely non-malleable encryption in the public-key setting using lattices but there is no security proof for the proposed scheme. In this paper we review the mentioned scheme and provide its security proof in the standard model. Our study shows that Sepahi’s scheme will remain secure even for post-quantum world since there are currently no known quantum algorithms for solving lattice problems that perform significantly better than the best known classical (i.e., non-quantum) algorithms.


Public-key encryption Complete non-malleability Lattice Standard model 

Mathematics Subject Classification

94A60 11T71 68P25 


  1. 1.
    Agrawal S., Boneh D., Boyen X.: Efficient lattice (H)IBE in the standard model. In: Proceedings of Eurocrypt’10, vol. 6110 of LNCS, pp. 553–572. Springer, London (2010).Google Scholar
  2. 2.
    Ajtai M.: Generating hard instances of the short basis problem. In: Proceedings of the 26th International Colloquium on Automata, Languages and Programming, ICALP ’99, pp. 1–9. Springer, London (1999).Google Scholar
  3. 3.
    Alwen J., Peikert C.: Generating shorter bases for hard random lattices. In: Susanne A., Jean-Yves M. (eds.) 26th International Symposium on Theoretical Aspects of Computer Science (STACS 2009), vol. 3 of Leibniz International Proceedings in Informatics (LIPIcs), pp. 75–86. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl (2009).Google Scholar
  4. 4.
    Babai L.: On Lovász lattice reduction and the nearest lattice point problem. Combinatorica 6, 1–13 (1986)CrossRefMATHMathSciNetGoogle Scholar
  5. 5.
    Boneh D., Boyen X.: Secure identity based encryption without random oracles. In: Matt F. (ed.) Advances in Cryptology—CRYPTO 2004, vol. 3152 of Lecture Notes in Computer Science, pp. 197–206. Springer, Berlin/Heidelberg (2004).Google Scholar
  6. 6.
    Bellare M., Desai A., Pointcheval D., Rogaway P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk H. (ed.) Advances in Cryptology—CRYPTO 98, pp. 26–46. Springer, New York (1998).Google Scholar
  7. 7.
    Barbosa M., Farshim P.: Relations among notions of complete non-malleability: Indistinguishability and efficient construction without random oracles. In: ACISP, pp. 145–163. Springer, Heidelberg (2010).Google Scholar
  8. 8.
    Bellare M., Sahai A.: Non-malleable encryption: Equivalence between two notions, and an indistinguishability-based characterization (2006). doi:10.1109/FOCS.2006.25.
  9. 9.
    Blake-Wilson S., Menezes A.: Unknown key-share attacks on the station-to-station (sts) protocol. In: Public Key Cryptography, vol. 1560 of Lecture Notes in Computer Science, pp. 634–634. Springer, Berlin/Heidelberg (1999).Google Scholar
  10. 10.
    Canetti R., Halevi S., Katz J.: Chosen-ciphertext security from identity-based encryption. In: Christian C., Jan C. (eds.) Advances in Cryptology—EUROCRYPT 2004, Volume 3027 of Lecture Notes in Computer Science, pp. 207–222. Springer, Berlin/Heidelberg (2004).Google Scholar
  11. 11.
    Cash D., Hofheinz D., Kiltz E., Peikert C.: Bonsai trees, or how to delegate a lattice basis. In: Henri G. (ed.) Advances in Cryptology—EUROCRYPT 2010, Volume 6110 of Lecture Notes in Computer Science, pp. 523–552. Springer, Berlin/Heidelberg (2010).Google Scholar
  12. 12.
    Cramer R., Shoup V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology, pp. 13–25. Springer, London (1998).Google Scholar
  13. 13.
    Dolev D., Dwork C., Naor M.: Non-malleable cryptography. In: Proceedings of the 23rd STOC, pp. 542–552. ACM Press, New York (1991).Google Scholar
  14. 14.
    Dolev D., Dwork C., Naor M.: Non-malleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)CrossRefMATHMathSciNetGoogle Scholar
  15. 15.
    Dent A., Libert B., Paterson K.: Certificateless encryption schemes strongly secure in the standard model. In: Cramer R. (ed.) Public Key Cryptography—PKC 2008, Volume 4939 of Lecture Notes in Computer Science, pp. 344–359. Springer, Berlin/Heidelberg (2008).Google Scholar
  16. 16.
    Dodis Y., Ostrovsky R., Reyzin L., Smith A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38, 97–139 (2008)CrossRefMATHMathSciNetGoogle Scholar
  17. 17.
    Dolev D., Andrew C.Y: On the security of public key protocols. Technical report, Stanford (1981).Google Scholar
  18. 18.
    Fischlin M.: Completely non-malleable schemes. In: Caires L. et al. (eds.) Proceedings of ICALP, pp. 779–790. Springer, New York (2005).Google Scholar
  19. 19.
    Fujisaki E., Okamoto T., Pointcheval D., Stern J.: RSA–OAEP is secure under the rsa assumption. In: CRYPTO, pp. 260–274. Springer, New York (2001).Google Scholar
  20. 20.
    Goldreich O., Goldwasser S., Halevi S.: Collision-free hashing from lattice problems. Electron. Colloquium Comput. Complex. (ECCC). 3, 42 (1996)Google Scholar
  21. 21.
    Gentry C., Peikert C., Vaikuntanathan V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, STOC ’08, pp. 197–206. ACM, New York (2008).Google Scholar
  22. 22.
    Hofheinz D., Kiltz E.: Programmable hash functions and their applications. In: David W. (ed.) Advances in Cryptology—CRYPTO 2008, Volume 5157 of Lecture Notes in Computer Science, pp. 21–38. Springer, Berlin/Heidelberg (2008).Google Scholar
  23. 23.
    Kaliski B.: On hash function firewalls in signature schemes. In: Preneel B. (ed.) Topics in Cryptology, CT-RSA 2002, Volume 2271 of Lecture Notes in Computer Science, pp. 89–109. Springer, Berlin/Heidelberg (2002).Google Scholar
  24. 24.
    Katz J., Lindell Y.: Introduction to Modern Cryptography. Cryptography and Network Security. Chapman and Hall/CRC, Boca Raton (2008).Google Scholar
  25. 25.
    Lyubashevsky V., Micciancio D.: Asymptotically efficient lattice-based digital signatures. In: Proceedings of TCC 2008, Volume 4948 of LNCS, pp. 37–54. Springer, New York (2008).Google Scholar
  26. 26.
    Libert B., Yung M.: Efficient completely non-malleable public key encryption. In: Proceedings of the 37th International Colloquium Conference on Automata, Languages and Programming, ICALP’10, pp. 127–139. Springer, Berlin, Heidelberg (2010).Google Scholar
  27. 27.
    Micciancio D., Goldwasser S.: Complexity of Lattice Problems: A Cryptographic Perspective, Volume 671 of The Kluwer International Series in Engineering and Computer Science. Kluwer Academic Publishers, Boston (2002).Google Scholar
  28. 28.
    Micciancio D., Peikert C.: Trapdoors for lattices: Simpler, tighter, faster, smaller. In: Advances in Cryptology—EUROCRYPT 2012. Springer, Berlin/Heidelberg (2012).Google Scholar
  29. 29.
    Peikert C.: An efficient and parallel gaussian sampler for lattices. In: Proceedings of the 30th Annual Conference on Advances in Cryptology, CRYPTO’10, pp. 80–97. Springer, Berlin, Heidelberg (2010).Google Scholar
  30. 30.
    Peikert C., Waters B.: Lossy trapdoor functions and their applications. In: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, STOC ’08, pp. 187–196. ACM, New York (2008).Google Scholar
  31. 31.
    Regev O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the Thirty-seventh Annual ACM Symposium on Theory of Computing, STOC ’05, pp. 84–93. ACM, New York (2005).Google Scholar
  32. 32.
    Regev O.: Lecture notes of lattices in computer science. Computer Science Tel Aviv University. Accessed 28 Feb 2008.
  33. 33.
    Shoup V.: A Computational Introduction to Number Theory and Algebra. Cambridge University Press, Cambridge (2008)Google Scholar
  34. 34.
    Sepahi R., Steinfeld R., Pieprzyk J.: Lattice-based completely non-malleable PKE in the standard model (poster). In: Udaya P., Philip H. (eds.) Information Security and Privacy, Volume 6812 of Lecture Notes in Computer Science, pp. 407–411. Springer, Berlin/Heidelberg (2011).Google Scholar
  35. 35.
    Ventre C., Visconti I.: Completely non-malleable encryption revisited. In: Cramer R. (ed.) Public Key Cryptography—PKC 2008, pp. 65–84. Springer, New York (2008).Google Scholar
  36. 36.
    Waters B.: Efficient identity-based encryption without random oracles. In: Cramer R. (ed.) Advances in Cryptology—EUROCRYPT 2005, Volume 3494 of Lecture Notes in Computer Science, pp. 557–557. Springer, Berlin/Heidelberg (2005).Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  1. 1.Department of ComputingMacquarie UniversitySydneyAustralia

Personalised recommendations