New Techniques for Public Key Encryption with Sender Recovery

  • Murali Godi
  • Roopa Vishwanathan
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 738)


In this paper, we consider a scenario where a sender transmits ciphertexts to multiple receivers using a public-key encryption scheme, and at a later point of time, wants to retrieve the plaintexts, without having to request the receivers’ help in decrypting the ciphertexts, and without having to locally store a separate recovery key for every receiver the sender interacts with. This problem, known as public key encryption with sender recovery has intuitive solutions based on hybrid encryption-based key encapsulation mechanism and data encapsulation mechanism (KEM/DEM) schemes. We propose a KEM/DEM-based solution that is CCA2-secure, allows for multiple receivers, only requires the receivers to be equipped with public/secret keypairs (the sender needs only a single symmetric recovery key), and uses an analysis technique called plaintext randomization that results in greatly simplified, clean, and intuitive proofs compared to prior work in this area. We instantiate our protocol for public key encryption with sender recovery with the Cramer-Shoup hybrid encryption scheme.


Cryptography Authentication Encryption Confidentiality Signatures Public-key encryption Hybrid encryption 



Supported by NSF award no. 1566297.


  1. 1.
    P. Wei, Y. Zheng, On the construction of public key encryption with sender recovery. Int. J. Found. Comput. Sci. 26(1), 1–32 (2015)Google Scholar
  2. 2.
    P. Wei, Y. Zheng, Efficient public key encryption admitting decryption by sender, in Public Key Infrastructures, Services and Applications - 9th European Workshop on Public Key Cryptography, EuroPKI (2012), pp. 37–52Google Scholar
  3. 3.
    P. Wei, Y. Zheng, X. Wang, Public key encryption for the forgetful, in Cryptography and Security, ed. by D. Naccache (Springer, Berlin, 2012), pp. 185–206Google Scholar
  4. 4.
    S.R. Tate, R. Vishwanathan, S. Weeks, Encrypted secret sharing and analysis by plaintext randomization, in 16th Information Security Conference ISC (2013), pp. 49–65Google Scholar
  5. 5.
    M. Bellare, B.S. Yee, Forward-security in private-key cryptography, in Topics in Cryptology - CT-RSA 2003, The Cryptographers’ Track at the RSA Conference 2003, San Francisco, CA, April 13-17, 2003, Proceedings (2003), pp. 1–18Google Scholar
  6. 6.
    M. Bellare, S.K. Miner, A forward-secure digital signature scheme, in Advances in Cryptology - CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999, Proceedings (1999), pp. 431–448Google Scholar
  7. 7.
    K.Y. Choi, J. Cho, J.Y. Hwang, T. Kwon, Constructing efficient PAKE protocols from identity-based KEM/DEM, in IACR Cryptology ePrint Archive, vol. 2015 (2015), p. 606Google Scholar
  8. 8.
    S. Liu, K.G. Paterson, Simulation-based selective opening CCA security for PKE from key encapsulation mechanisms, in Public-Key Cryptography - PKC 2015 - 18th IACR International Conference on Practice and Theory in Public-Key Cryptography, Gaithersburg, MD, March 30 - April 1, 2015, Proceedings (2015), pp. 3–26Google Scholar
  9. 9.
    J. Blömer, G. Liske, Direct chosen-ciphertext secure attribute-based key encapsulations without random oracles, IACR Cryptology ePrint Archive, vol. 2013 (2013), p. 646Google Scholar
  10. 10.
    M. Bellare, A. Desai, E. Jokipii, P. Rogaway, A concrete security treatment of symmetric encryption, in 38th Annual Symposium on Foundations of Computer Science, FOCS (1997), pp. 394–403Google Scholar
  11. 11.
    R. Cramer, V. Shoup, Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2003)Google Scholar
  12. 12.
    M. Bellare, A. Boldyreva, S. Micali, Public-key encryption in a multi-user setting: security proofs and improvements, in Advances in Cryptology - EUROCRYPT (2000), pp. 259–274Google Scholar
  13. 13.
    M. Godi, R. Vishwanathan, New techniques for public key encryption with sender recovery, Cryptology eprint archive (2018).

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.SUNY PolytechnicUticaUSA
  2. 2.New Mexico State UniversityLas CrucesUSA

Personalised recommendations