On Notions of Security for Deterministic Encryption, and Efficient Constructions without Random Oracles

  • Alexandra Boldyreva
  • Serge Fehr
  • Adam O’Neill
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5157)

Abstract

The study of deterministic public-key encryption was initiated by Bellare et al. (CRYPTO ’07), who provided the “strongest possible” notion of security for this primitive (called PRIV) and constructions in the random oracle (RO) model. We focus on constructing efficient deterministic encryption schemes without random oracles. To do so, we propose a slightly weaker notion of security, saying that no partial information about encrypted messages should be leaked as long as each message is a-priori hard-to-guess given the others (while PRIV did not have the latter restriction). Nevertheless, we argue that this version seems adequate for many practical applications. We show equivalence of this definition to single-message and indistinguishability-based ones, which are easier to work with. Then we give general constructions of both chosen-plaintext (CPA) and chosen-ciphertext-attack (CCA) secure deterministic encryption schemes, as well as efficient instantiations of them under standard number-theoretic assumptions. Our constructions build on the recently-introduced framework of Peikert and Waters (STOC ’08) for constructing CCA-secure probabilistic encryption schemes, extending it to the deterministic-encryption setting as well.

References

  1. 1.
    Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Boldyreva, A., Palacio, A.: An uninstantiable random-oracle-model scheme for a hybrid-encryption problem. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027. Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Bellare, M., Fischlin, M., O’Neill, A., Ristenpart, T.: Deterministic encryption: Definitional equivalences and constructions without random oracles. In: CRYPTO 2008. LNCS. Springer, Heidelberg (2008)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: CCS 1993. ACM, New York (1993)Google Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Collision-resistant hashing: Towards making UOWHFs practical. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294. Springer, Heidelberg (1997)Google Scholar
  6. 6.
    Bennett, C., Brassard, G., Crepeau, C., Maurer, U.: Generalized privacy amplification. Transactions on Information Theory 41(6) (1995)Google Scholar
  7. 7.
    Boldyreva, A., Fehr, S., O’Neill, A.: On notions of security for deterministic encryption, and efficient constructions without random oracles. Full version of this paper (2008), http://eprint.iacr.org/2008/
  8. 8.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: STOC 1998. ACM, New York (1998)Google Scholar
  9. 9.
    Carter, J.L., Wegman, M.N.: Universal classes of hash functions. Journal of Computer and System Sciences 18 (1979)Google Scholar
  10. 10.
    Carter, J.L., Wegman, M.N.: New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences 22 (1981)Google Scholar
  11. 11.
    Chaum, D., van Heijst, E., Pfitzmann, B.: Cryptographically strong undeniable signatures, unconditionally secure for the signer. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576. Springer, Heidelberg (1992)Google Scholar
  12. 12.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462. Springer, Heidelberg (1998)Google Scholar
  13. 13.
    Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of paillier’s probabilistic public-key system. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Damgård, I., Nielsen, J.-B.: Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Damgård, I., Nielsen, J.-B.: Universally composable efficient multiparty computation from threshold homomorphic encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729. Springer, Heidelberg (2003)Google Scholar
  16. 16.
    Desrosiers, S.: Entropic security in quantum cryptography. ArXiv e-Print quant-ph/0703046 (2007), http://arxiv.org/abs/quant-ph/0703046
  17. 17.
    Desrosiers, S., Dupuis, F.: Quantum entropic security and approximate quantum encryption. arXiv e-Print quant-ph/0707.0691 (2007), http://arxiv.org/abs/0707.0691
  18. 18.
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data, http://eprint.iacr.org/2003/235; Preliminary version appeared in: EUROCRYPT 2004. LNCS, vol. 3027. Springer, Heidelberg (2004)
  19. 19.
    Dodis, Y., Smith, A.: Correcting errors without leaking partial information. In: STOC 2005. ACM, New York (2005)Google Scholar
  20. 20.
    Dodis, Y., Smith, A.: Entropic security and the encryption of high entropy messages. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378. Springer, Heidelberg (2005)Google Scholar
  21. 21.
    ElGamal, T.: A public key cryptosystem and signature scheme based on discrete logarithms. In: Transactions on Information Theory, vol. 31. IEEE, Los Alamitos (1985)Google Scholar
  22. 22.
    Goldwasser, S., Tauman Kalai, Y.: On the (in)security of the Fiat-Shamir paradigm. In: FOCS 2003. IEEE, Los Alamitos (2003)Google Scholar
  23. 23.
    Hastad, J., Impagliazzo, R., Levin, L., Luby, M.: A pseudorandom generator from any one-way function. Journal of Computing 28(4) (1999)Google Scholar
  24. 24.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: STOC 1989. ACM, New York (1989)Google Scholar
  25. 25.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592. Springer, Heidelberg (1999)Google Scholar
  26. 26.
    Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: STOC 2008. ACM, New York (2008)Google Scholar
  27. 27.
    Rosen, A., Segev, G.: Efficient lossy trapdoor functions based on the composite residuosity assumption. In: Cryptology ePrint Archive: Report 2008/134 (2008)Google Scholar
  28. 28.
    Russell, A., Wang, H.: How to fool an unbounded adversary with a short key. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  29. 29.
    Shoup, V.: A composition theorem for universal one-way hash functions. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807. Springer, Heidelberg (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Alexandra Boldyreva
    • 1
  • Serge Fehr
    • 2
  • Adam O’Neill
    • 1
  1. 1.Georgia Institute of TechnologyAtlantaUSA
  2. 2.CWIAmsterdamNetherlands

Personalised recommendations