Public-Key Encryption with Non-Interactive Opening: New Constructions and Stronger Definitions
- Cite this paper as:
- Galindo D. et al. (2010) Public-Key Encryption with Non-Interactive Opening: New Constructions and Stronger Definitions. In: Bernstein D.J., Lange T. (eds) Progress in Cryptology – AFRICACRYPT 2010. AFRICACRYPT 2010. Lecture Notes in Computer Science, vol 6055. Springer, Berlin, Heidelberg
Public-key encryption schemes with non-interactive opening (PKENO) allow a receiver to non-interactively convince third parties that a ciphertext decrypts to a given plaintext or, alternatively, that such a ciphertext is invalid. Two practical generic constructions for PKENO have been proposed so far, starting from either identity-based encryption or public-key encryption with witness-recovering decryption (PKEWR). We show that the known transformation from PKEWR to PKENO fails to provide chosen-ciphertext security; only the transformation from identity-based encryption remains thus valid. Next, we prove that PKENO can alternatively be built out of robust non-interactive threshold public-key cryptosystems, a primitive that differs from identity-based encryption. Using the new transformation, we construct two efficient PKENO schemes: one based on the Decisional Diffie-Hellman assumption (in the Random-Oracle Model) and one based on the Decisional Linear assumption (in the standard model). Last but not least, we propose new applications of PKENO in protocol design. Motivated by these applications, we reconsider proof soundness for PKENO and put forward new definitions that are stronger than those considered so far. We give a taxonomy of all definitions and demonstrate them to be satisfiable.
Keywordspublic-key encryption non-interactive proofs security definitions constructions
Unable to display preview. Download preview PDF.