Advertisement

Adaptively-Secure, Non-interactive Public-Key Encryption

  • Ran Canetti
  • Shai Halevi
  • Jonathan Katz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3378)

Abstract

Adaptively-secure encryption schemes ensure secrecy even in the presence of an adversary who can corrupt parties in an adaptive manner based on public keys, ciphertexts, and secret data of already-corrupted parties. Ideally, an adaptively-secure encryption scheme should, like standard public-key encryption, allow arbitrarily-many parties to use a single encryption key to securely encrypt arbitrarily-many messages to a given receiver who maintains only a single short decryption key. However, it is known that these requirements are impossible to achieve: no non-interactive encryption scheme that supports encryption of an unbounded number of messages and uses a single, unchanging decryption key can be adaptively secure. Impossibility holds even if secure data erasure is possible.

We show that this limitation can be overcome by updating the decryption key over time and making some mild assumptions about the frequency of communication between parties. Using this approach, we construct adaptively-secure, completely non-interactive encryption schemes supporting secure encryption of arbitrarily-many messages from arbitrarily-many senders. Our schemes additionally provide forward security and security against chosen-ciphertext attacks.

Keywords

Encryption Scheme Security Parameter Message Space Decryption Oracle Forward Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. [af04]
    Abe, M., Fehr, S.: Adaptively Secure Feldman VSS and Applications to Universally-Composable Threshold Cryptography. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 317–334. Springer, Heidelberg (2004)Google Scholar
  2. [a97]
    Anderson, R.: Two Remarks on Public Key Cryptology. Invited lecture, given at ACM CCCS (1997), Available at http://www.cl.cam.ac.uk/ftp/users/rja14/forwardsecure.pdf
  3. [b97]
    Beaver, D.: Plug and play encryption. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 75–89. Springer, Heidelberg (1997)Google Scholar
  4. [bh92]
    Beaver, D., Haber, S.: Cryptographic Protocols Provably Secure Against Dynamic Adversaries. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 307–323. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  5. [bdpr98]
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)Google Scholar
  6. [bb04]
    Boneh, D., Boyen, X.: Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. [cs03]
    Camenisch, J., Shoup, V.: Practical Verifiable Encryption and Decryption of Discrete Logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. [c01]
    Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 136–145 (2001), Also available as ECCC TR 01-16, or from http://eprint.iacr.org/2000/067
  9. [cfgn96]
    Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively Secure Computation. In: 28th ACM Symposium on Foundations of Computing (STOC), pp. 639–648 (1996); Full version in MIT-LCS-TR #682 (1996)Google Scholar
  10. [chk03]
    Canetti, R., Halevi, S., Katz, J.: A Forward-Secure Public-Key Encryption Scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. [chk04]
    Canetti, R., Halevi, S., Katz, J.: Chosen-Ciphertext Security from Identity-Based Encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. [chk05]
    Canetti, R., Halevi, S., Katz, J.: Adaptively-Secure, Non-Interactive Public-Key Encryption, Full version available at http://eprint.iacr.org/2004/317
  13. [ckn03]
    Canetti, R., Krawczyk, H., Nielsen, J.B.: Relaxing Chosen Ciphertext Security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 565–582. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. [cs98]
    Cramer, R., Shoup, V.: A Practical Public Key Cryptosystem Provably Secure Against Chosen Ciphertext Attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)Google Scholar
  15. [cs02]
    Cramer, R., Shoup, V.: Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–63. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. [dn00]
    Damgård, I., Nielsen, J.B.: Improved Non-Committing Encryption Schemes Based on General Complexity Assumptions. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 432–450. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. [ddops01]
    De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust Non-Interactive Zero Knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 566–598. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. [ddn00]
    Dolev, D., Dwork, C., Naor, M.: Non-Malleable Cryptography. SIAM. J. Computing 30(2), 391–437 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  19. [gl03]
    Gennaro, R., Lindell, Y.: A Framework for Password-Based Authenticated Key Exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003), Full version available at http://eprint.iacr.org/2003/032 CrossRefGoogle Scholar
  20. [gm84]
    Goldwasser, S., Micali, S.: Probabilistic Encryption. J. Computer System Sciences 28(2), 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  21. [hms03]
    Hofheinz, D., Mueller-Quade, J., Steinwandt, R.: On Modeling IND-CCA Security in Cryptographic Protocols, Available at http://eprint.iacr.org/2003/024
  22. [jl00]
    Jarecki, S., Lysyanskaya, A.: Adaptively Secure Threshold Cryptography: Introducing Concurrency, Removing Erasures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 221–242. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  23. [ny90]
    Naor, M., Yung, M.: Public-Key Cryptosystems Provably-Secure against Chosen-Ciphertext Attacks. In: 22nd ACM Symposium on Foundations of Computing (STOC), pp. 427–437 (1990)Google Scholar
  24. [n02]
    Nielsen, J.B.: Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-Committing Encryption Case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  25. [p99]
    Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  26. [rs91]
    Rackoff, C., Simon, D.: Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
  27. [s99]
    Sahai, A.: Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security. In: 40th IEEE Symposium on Foundations of Computer Science (FOCS), pp. 543–553 (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ran Canetti
    • 1
  • Shai Halevi
    • 1
  • Jonathan Katz
    • 2
  1. 1.IBM T.J. Watson Research CenterUSA
  2. 2.Department of Computer ScienceUniversity of Maryland 

Personalised recommendations