Skip to main content
SpringerLink
Log in

Key-Dependent Message Chosen-Ciphertext Security of the Cramer-Shoup Cryptosystem

  • Conference paper
Information Security and Privacy (ACISP 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7959))

Included in the following conference series:

Abstract

The Key-Dependent Message (KDM) security requires that an encryption scheme remains secure, even if an adversary has access to encryptions of messages that depend on the secret key. In a multi-user surrounding, a key-dependent message can be any polynomial-time function f(sk 1, sk 2, …, sk n ) in the secret keys of the users. The Key-Dependent Message Chosen-Ciphertext (KDM-CCA2) security can be similarly defined if the adversary is also allowed to query a decryption oracle. To date, KDM security has been obtained by a few constructions. But most of them are limited f(sk 1, sk 2, …, sk n ) to affine functions. As to KDM-CCA2 security, there are only two constructions available. However, neither of them has comparable key sizes and reasonable efficiency, compared to the traditional KDM-free but CCA2 secure public key encryption schemes. This article defines a new function ensemble, and shows how to obtain KDM-CCA2 security with respect to this new ensemble from the traditional Cramer-Shoup (CS) cryptosystem. To obtain KDM security, the CS system has to be tailored for encryption of key-dependent messages. We present an efficient instantiation of the Cramer-Shoup public-key encryption (CS-PKE) scheme over the subgroup of quadratic residues in \(\mathbb{Z}_p^*\), where p is a safe prime, and prove the CS-PKE to be KDM-CCA2 secure with respect to the new function ensemble. We show that our proposed ensemble covers some affine functions, as well as other functions that are not contained in the affine ensemble. At the same time, the CS-PKE scheme with respect to our proposed function ensemble finds immediate application to anonymous credential systems. Compared to other KDM-CCA2 secure proposals, the CS scheme is the most practical one due to its short ciphertext size and computational efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adão, P., Bana, G., Herzog, J., Scedrov, A.: Soundness of formal encryption in the presence of key-cycles. In: De Capitani di Vimercati, S., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 374–396. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Alperin-Sheriff, J., Peikert, C.: Circular and KDM security for identity-based encryption. In: Fischlin, et al. (eds.) [16], pp. 334–352

    Google Scholar 

  3. Backes, M., Pfitzmann, B., Scedrov, A.: Key-dependent message security under active attacks - BRSIM/UC-soundness of dolev-yao-style encryption with key cycles. Journal of Computer Security 16(5), 497–530 (2008)

    Google Scholar 

  4. Barak, B., Haitner, I., Hofheinz, D., Ishai, Y.: Bounded key-dependent message security. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 423–444. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  5. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM Conference on Computer and Communications Security, pp. 62–73. ACM (1993)

    Google Scholar 

  6. Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 62–75. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  7. Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  8. Boneh, D., Halevi, S., Hamburg, M., Ostrovsky, R.: Circular-secure encryption from decision Diffie-Hellman. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 108–125. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  9. Brakerski, Z., Goldwasser, S.: Circular and leakage resilient public-key encryption under subgroup indistinguishability - (or: Quadratic residuosity strikes back). In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 1–20. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  10. Brakerski, Z., Goldwasser, S., Kalai, Y.T.: Black-box circular-secure encryption beyond affine functions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 201–218. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  11. Camenisch, J., Chandran, N., Shoup, V.: A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 351–368. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  12. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  13. Cash, D., Green, M., Hohenberger, S.: New definitions and separations for circular security. In: Fischlin, et al. (eds.) [16], pp. 540–557

    Google Scholar 

  14. Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  15. Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2004), http://dx.doi.org/10.1137/S0097539702403773

    Article  MathSciNet  Google Scholar 

  16. Fischlin, M., Buchmann, J., Manulis, M. (eds.): PKC 2012. LNCS, vol. 7293. Springer, Heidelberg (2012)

    MATH  Google Scholar 

  17. Galindo, D., Herranz, J., Villar, J.: Identity-based encryption with master key-dependent message security and leakage-resilience. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 627–642. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  18. Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)

    Article  MathSciNet  MATH  Google Scholar 

  19. Groth, J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 444–459. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  20. Groth, J., Ostrovsky, R., Sahai, A.: Perfect non-interactive zero knowledge for NP. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 339–358. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  21. Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart (ed.) [31], pp. 415–432

    Google Scholar 

  22. Hofheinz, D.: Circular chosen-ciphertext security with compact ciphertexts. Cryptology ePrint Archive, Report 2012/150 (2012), http://eprint.iacr.org/ (to appear, Eurocrypt 2013)

  23. Hofheinz, D., Kiltz, E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  24. Hofheinz, D., Unruh, D.: Towards key-dependent message security in the standard model. In: Smart (ed.) [31], pp. 108–126

    Google Scholar 

  25. Lu, X., Li, B., Mei, Q., Xu, H.: Key-dependent message security for division function: Discouraging anonymous credential sharing. In: Boyen, X., Chen, X. (eds.) ProvSec 2011. LNCS, vol. 6980, pp. 297–308. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  26. Malkin, T., Teranishi, I., Yung, M.: Efficient circuit-size independent public key encryption with KDM security. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 507–526. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  27. Malkin, T., Teranishi, I., Yung, M.: Key dependent message security: recent results and applications. In: Sandhu, R.S., Bertino, E. (eds.) CODASPY, pp. 3–12. ACM (2011)

    Google Scholar 

  28. Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Ortiz, H. (ed.) STOC, pp. 427–437. ACM (1990)

    Google Scholar 

  29. Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)

    Google Scholar 

  30. Shacham, H.: A cramer-shoup encryption scheme from the linear assumption and from progressively weaker linear variants. Cryptology ePrint Archive, Report 2007/074 (2007), http://eprint.iacr.org/

  31. Smart, N.P. (ed.): EUROCRYPT 2008. LNCS, vol. 4965. Springer, Heidelberg (2008)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China

    Baodong Qin, Shengli Liu & Zhengan Huang

  2. College of Computer Science and Technology, Southwest University of Science and Technology, Mianyang, China

    Baodong Qin

Authors
  1. Baodong Qin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shengli Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhengan Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Queensland University of Technology, 2434, 4001, Brisbane, QLD, Australia

    Colin Boyd  & Leonie Simpson  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Qin, B., Liu, S., Huang, Z. (2013). Key-Dependent Message Chosen-Ciphertext Security of the Cramer-Shoup Cryptosystem. In: Boyd, C., Simpson, L. (eds) Information Security and Privacy. ACISP 2013. Lecture Notes in Computer Science, vol 7959. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39059-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-39059-3_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-39058-6

  • Online ISBN: 978-3-642-39059-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation