Sender-Equivocable Encryption Schemes Secure against Chosen-Ciphertext Attacks Revisited

  • Zhengan Huang
  • Shengli Liu
  • Baodong Qin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7778)


In Eurocrypt 2010, Fehr et al. proposed the first sender-equivocable encryption scheme secure against chosen-ciphertext attacks (NC-CCA) and proved that NC-CCA security implies security against selective opening chosen-ciphertext attacks (SO-CCA). The NC-CCA security proof of the scheme relies on security against substitution attacks of a new primitive, “cross-authentication code”. However, the security of cross-authentication code can not be guaranteed when all the keys used in the code are exposed. Our key observation is that in the NC-CCA security game, the randomness used in the generation of the challenge ciphertext is exposed to the adversary. This random information can be used to recover all the keys involved in the cross-authentication code, and forge a ciphertext (like a substitution attack of cross-authentication code) that is different from but related to the challenge ciphertext. And the response of the decryption oracle, with respect to the forged ciphertext, leaks information. This leaked information can be employed by an adversary to spoil the NC-CCA security proof of Fehr et al.’s scheme encrypting multi-bit plaintexts. We also show that Fehr et al.’s scheme encrypting single-bit plaintexts can be refined to achieve NC-CCA security, free of any cross-authentication code.


sender-equivocable encryption chosen-ciphertext attack cross-authentication code 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Dowsley, R., Waters, B., Yilek, S.: Standard Security Does Not Imply Security against Selective-Opening. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 645–662. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  2. 2.
    Böhl, F., Hofheinz, D., Kraschewski, D.: On Definitions of Selective Opening Security. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 522–539. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Hofheinz, D., Yilek, S.: Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 1–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Waters, B., Yilek, S.: Identity-Based Encryption Secure against Selective Opening Attack. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 235–252. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Canetti, R., Friege, U., Goldreich, O., Naor, M.: Adaptively secure multi-party computation. In: 28th ACM STOC, pp. 639–648. ACM Press, New York (1996)Google Scholar
  6. 6.
    Cramer, R., Shoup, V.: Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Fehr, S., Hofheinz, D., Kiltz, E., Wee, H.: Encryption Schemes Secure against Chosen-Ciphertext Selective Opening Attacks. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 381–402. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Gao, C.-Z., Xie, D., Wei, B.: Deniable Encryptions Secure against Adaptive Chosen Ciphertext Attack. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol. 7232, pp. 46–62. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Hofheinz, D.: All-But-Many Lossy Trapdoor Functions. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 209–227. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  10. 10.
    Hemenway, B., Libert, B., Ostrovsky, R., Vergnaud, D.: Lossy Encryption: Constructions from General Assumptions and Efficient Selective Opening Chosen Ciphertext Security. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 70–88. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. 11.
    Huang, Z., Liu, S., Qin, B.: Sender equivocable encryption schemes secure against chosen-ciphertext attacks revisited. Cryptology ePrint Archive, Report 2012/473 (2012)Google Scholar
  12. 12.
    Myers, S., Shelat, A.: Bit encryption is complete. In: FOCS 2009, pp. 607–616. IEEE Computer Society Press (2009)Google Scholar
  13. 13.
    Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: STOC 2008, pp. 187–196. ACM, New York (2008)Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Zhengan Huang
    • 1
  • Shengli Liu
    • 1
  • Baodong Qin
    • 1
    • 2
  1. 1.Department of Computer Science and EngineeringShanghai Jiao Tong UniversityShanghaiChina
  2. 2.College of Computer Science and TechnologySouthwest University of Science and TechnologyMianyangChina

Personalised recommendations