Standard Security Does Imply Security Against Selective Opening for Markov Distributions

  • Georg FuchsbauerEmail author
  • Felix Heuer
  • Eike Kiltz
  • Krzysztof Pietrzak
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9562)


About three decades ago it was realized that implementing private channels between parties which can be adaptively corrupted requires an encryption scheme that is secure against selective opening attacks. Whether standard (\({\mathsf {IND\text {-}CPA}}\)) security implies security against selective opening attacks has been a major open question since. The only known reduction from selective opening to \({\mathsf {IND\text {-}CPA}}\) security loses an exponential factor. A polynomial reduction is only known for the very special case where the distribution considered in the selective opening security experiment is a product distribution, i.e., the messages are sampled independently from each other.

In this paper we give a reduction whose loss is quantified via the dependence graph (where message dependencies correspond to edges) of the underlying message distribution. In particular, for some concrete distributions including Markov distributions, our reduction is polynomial.


Public-key encryption Selective opening security Markov \({\mathsf {IND\text {-}CPA}}\) \({\mathsf {IND\text {-}SO\text {-}CPA}}\) 



We would like to thank the anonymous reviewers for their helpful comments and remarks.

G. Fuchsbauer and K. Pietrzak are supported by the European Research Council, ERC Starting Grant (259668-PSPC). F. Heuer is funded by a Sofja Kovalevskaja Award of the Alexander von Humboldt Foundation and DFG SPP 1736, Algorithms for BIG DATA. E. Kiltz is supported by a Sofja Kovalevskaja Award of the Alexander von Humboldt Foundation, the German Israel Foundation, and ERC Project ERCC (FP7/615074).


  1. 1.
    Bellare, M., Dowsley, R., Waters, B., Yilek, S.: Standard security does not imply security against selective-opening. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 645–662. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Hofheinz, D., Yilek, S.: Possibility and impossibility results for encryption and commitment secure under selective opening. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 1–35. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Yilek, S.: Encryption schemes secure under selective opening attack. IACR Cryptology ePrint Archive 2009, p. 101 (2009)Google Scholar
  4. 4.
    Böhl, F., Hofheinz, D., Kraschewski, D.: On definitions of selective opening security. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 522–539. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  5. 5.
    Borwein, J.M., Chan, O.-Y.: Uniform bounds for the complementary incomplete gamma function. Math. Inequal. Appl. 12, 115–121 (2009)MathSciNetzbMATHGoogle Scholar
  6. 6.
    Canetti, R., Dwork, C., Naor, M., Ostrovsky, R.: Deniable encryption. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 90–104. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  7. 7.
    Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively secure multi-party computation. In: 28th ACM STOC, 22–24 May 1996, Philadephia, Pennsylvania, USA, pp. 639–648 (1996)Google Scholar
  8. 8.
    Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.J.: Magic functions. In: 40th FOCS, 17–19 October 1999, pp. 523–534. IEEE Computer Society Press, New York (1999)Google Scholar
  9. 9.
    Hofheinz, D., Rao, V., Wichs. D.: Standard security does not imply indistinguishability under selective opening. Cryptology ePrint Archive, Report 2015/792 (2015).
  10. 10.
    Hofheinz, D., Rupp, A.: Standard versus selective opening security: separation and equivalence results. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 591–615. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  11. 11.
    Natalini, P., Palumbo, B.: Inequalities for the incomplete gamma function. Math. Inequal. Appl. 3, 69–77 (2000)MathSciNetzbMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Georg Fuchsbauer
    • 1
    Email author
  • Felix Heuer
    • 2
  • Eike Kiltz
    • 2
  • Krzysztof Pietrzak
    • 1
  1. 1.Institute of Science and Technology AustriaKlosterneuburgAustria
  2. 2.Horst Görtz Institute for IT-SecurityRuhr-University BochumBochumGermany

Personalised recommendations