Non-interactive Opening for Ciphertexts Encrypted by Shared Keys

  • Jiageng Chen
  • Keita Emura
  • Atsuko Miyaji
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7043)

Abstract

Let a sender Alice computes a ciphertext C of a message M by using a receiver Bob’s public key pk B . Damgård, Hofheinz, Kiltz, and Thorbek (CT-RSA2008) has proposed the notion public key encryption with non-interactive opening (PKENO), where Bob can make an non-interactive proof π that proves the decryption result of C under sk B is M, without revealing sk B itself. When Bob would like to prove the correctness of (C, M) (e.g., the information M sent to Bob is not the expected one), PKENO turns out to be an effective cryptographic primitive. A PKENO scheme for the KEM/DEM framework has also been proposed by Galindo (CT-RSA2009). Bob can make a non-interactive proof π that proves the decapsulation result of C under sk B is K without revealing sk B itself, where K is an encapsulation key of the DEM part. That is, no verifier can verify π without knowing K. This setting is acceptable if K is an ephemeral value. However, PKENO is not applicable if an encryption key is shared among certain users beforehand, and is used for a relatively long period before re-running the key agreement protocol, such as symmetric cryptosystems. In this paper, we define the notion secret key encryption with non-interactive opening (SKENO), and give a generic construction of SKENO from verifiable random function (VRF) and the Berbain-Gilbert IV-dependent stream cipher construction (FSE2007). Bob can make a non-interactive proof π that proves the decryption result of C under K is M, without revealing K itself.

Keywords

Stream Cipher Security Parameter Proof Soundness Oblivious Transfer Protocol Decryption Result 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    ISO CD 18033-2. Encryption algorithms part 2: asymmetric ciphers (2004)Google Scholar
  2. 2.
    Abdalla, M., Catalano, D., Fiore, D.: Verifiable Random Functions from Identity-based Key Encapsulation. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 554–571. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: Compact E-cash and Simulatable VRFs Revisited. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 114–131. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Shi, H., Zhang, C.: Foundations of Group Signatures: The Case of Dynamic Groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Shoup, S.: Two-tier Signatures, Strongly Unforgeable Signatures, and Fiat-shamir without Random Oracles. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 201–216. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Berbain, C., Gilbert, H.: On the Security of IV Dependent Stream Ciphers. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 254–273. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge-based Pseudo-random Number Generators. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 33–47. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13(4), 850–864 (1984)CrossRefMATHGoogle Scholar
  9. 9.
    Boneh, D., Franklin, M.K.: Identity-based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Boneh, D., Katz, J.: Improved Efficiency for CCA-secure Cryptosystems Built Using Identity-based Encryption. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 87–103. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Brakerski, Z., Goldwasser, S., Rothblum, G.N., Vaikuntanathan, V.: Weak Verifiable Random Functions. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 558–576. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Camenisch, J.L., Hohenberger, S., Lysyanskaya, A.: Compact E-cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Damgård, I., Hofheinz, D., Kiltz, E., Thorbek, R.: Public-Key Encryption with Non-interactive Opening. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 239–255. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Dodis, Y.: Efficient Construction of (Distributed) Verifiable Random Functions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 1–17. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Dodis, Y., Yampolskiy, A.: A Verifiable Random Function with Short Proofs and Keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Dwork, C., Naor, M.: Zaps and their applications. SIAM J. Comput. 36(6), 1513–1543 (2007)MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    Emura, K., Hanaoka, G., Sakai, Y.: Group Signature Implies PKE with Non-interactive Opening and Threshold PKE. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC 2010. LNCS, vol. 6434, pp. 181–198. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    Fiore, D., Schröder, D.: Uniqueness is a different story: Impossibility of verifiable random functions from trapdoor permutations. Cryptology ePrint Archive, Report 2010/648 (2010), http://eprint.iacr.org/
  19. 19.
    Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword Search and Oblivious Pseudorandom Functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Galindo, D.: Breaking and Repairing Damgård et al. Public Key Encryption Scheme with Non-interactive Opening. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 389–398. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    Galindo, D., Libert, B., Fischlin, M., Fuchsbauer, G., Lehmann, A., Manulis, M., Schröder, D.: Public-Key Encryption with Non-Interactive Opening: New Constructions and Stronger Definitions. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 333–350. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  22. 22.
    Goldreich, O.: Foundations of Cryptography. Basic Tools, vol. 1. Cambridge University Press, New York (2001)CrossRefMATHGoogle Scholar
  23. 23.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)MathSciNetCrossRefMATHGoogle Scholar
  24. 24.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefMATHGoogle Scholar
  25. 25.
    Hazay, C., Lindell, Y.: Efficient Protocols for Set Intersection and Pattern Matching with Security Against Malicious and Covert Adversaries. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 155–175. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. 26.
    Hohenberger, S., Waters, B.: Constructing Verifiable Random Functions with Large Input Spaces. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 656–672. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  27. 27.
    Jarecki, S., Liu, X.: Efficient Oblivious Pseudorandom Function with Applications to Adaptive OT and Secure Computation of Set Intersection. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 577–594. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  28. 28.
    Lai, J., Deng, R.H., Liu, S., Kou, W.: Efficient CCA-secure PKE from Identity-based Techniques. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 132–147. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  29. 29.
    Liskov, M.: Updatable Zero-knowledge Databases. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 174–198. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  30. 30.
    Lysyanskaya, A.: Unique Signatures and Verifiable Random Functions from the DH-DDH Separation. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 597–612. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  31. 31.
    Matsuda, T., Hanaoka, G., Matsuura, K., Imai, H.: An Efficient Encapsulation Scheme from Near Collision Resistant Pseudorandom Generators and its Application to IBE-to-PKE Transformations. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 16–31. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  32. 32.
    Matsuda, T., Matsuura, K.: On Black-box Separations among Injective One-way Functions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 597–614. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  33. 33.
    Micali, S., Rabin, M.O., Vadhan, S.P.: Verifiable random functions. In: FOCS, pp. 120–130 (1999)Google Scholar
  34. 34.
    Micali, S., Reyzin, L.: Soundness in the Public-key Model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 542–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  35. 35.
    Micali, S., Rivest, R.L.: Micropayments Revisited. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 149–163. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  36. 36.
    Yao, A.C.-C.: Theory and applications of trapdoor functions (extended abstract). In: FOCS, pp. 80–91 (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Jiageng Chen
    • 1
  • Keita Emura
    • 2
  • Atsuko Miyaji
    • 1
  1. 1.School of Information ScienceJapan Advanced Institute of Science and TechnologyNomiJapan
  2. 2.Center for Highly Dependable Embedded Systems TechnologyJAISTJapan

Personalised recommendations