Sender-equivocable encryption schemes secure against chosen-ciphertext attacks revisited

Zhengan Huang; Shengli Liu; Baodong Qin; Kefei Chen

International Journal of Applied Mathematics and Computer Science (2015)

  • Volume: 25, Issue: 2, page 415-430
  • ISSN: 1641-876X

Abstract

top
Fehr et al. (2010) proposed the first sender-equivocable encryption scheme secure against chosen-ciphertext attacks (NCCCA) and proved that NC-CCA security implies security against selective opening chosen-ciphertext attacks (SO-CCA). The NC-CCA security proof of the scheme relies on security against substitution attacks of a new primitive, the “crossauthentication code”. However, the security of the cross-authentication code cannot be guaranteed when all the keys used in the code are exposed. Our key observation is that, in the NC-CCA security game, the randomness used in the generation of the challenge ciphertext is exposed to the adversary. Based on this observation, we provide a security analysis of Fehr et al.'s scheme, showing that its NC-CCA security proof is flawed. We also point out that the scheme of Fehr et al. encrypting a single-bit plaintext can be refined to achieve NC-CCA security, free of the cross-authentication code. Furthermore, we propose the notion of “strong cross-authentication code”, apply it to Fehr et al.'s scheme, and show that the new version of the latter achieves NC-CCA security for multi-bit plaintexts.

How to cite

top

Zhengan Huang, et al. "Sender-equivocable encryption schemes secure against chosen-ciphertext attacks revisited." International Journal of Applied Mathematics and Computer Science 25.2 (2015): 415-430. <http://eudml.org/doc/270433>.

@article{ZhenganHuang2015,
abstract = {Fehr et al. (2010) proposed the first sender-equivocable encryption scheme secure against chosen-ciphertext attacks (NCCCA) and proved that NC-CCA security implies security against selective opening chosen-ciphertext attacks (SO-CCA). The NC-CCA security proof of the scheme relies on security against substitution attacks of a new primitive, the “crossauthentication code”. However, the security of the cross-authentication code cannot be guaranteed when all the keys used in the code are exposed. Our key observation is that, in the NC-CCA security game, the randomness used in the generation of the challenge ciphertext is exposed to the adversary. Based on this observation, we provide a security analysis of Fehr et al.'s scheme, showing that its NC-CCA security proof is flawed. We also point out that the scheme of Fehr et al. encrypting a single-bit plaintext can be refined to achieve NC-CCA security, free of the cross-authentication code. Furthermore, we propose the notion of “strong cross-authentication code”, apply it to Fehr et al.'s scheme, and show that the new version of the latter achieves NC-CCA security for multi-bit plaintexts.},
author = {Zhengan Huang, Shengli Liu, Baodong Qin, Kefei Chen},
journal = {International Journal of Applied Mathematics and Computer Science},
keywords = {sender-equivocable encryption; chosen-ciphertext attack; cross-authentication code},
language = {eng},
number = {2},
pages = {415-430},
title = {Sender-equivocable encryption schemes secure against chosen-ciphertext attacks revisited},
url = {http://eudml.org/doc/270433},
volume = {25},
year = {2015},
}

TY - JOUR
AU - Zhengan Huang
AU - Shengli Liu
AU - Baodong Qin
AU - Kefei Chen
TI - Sender-equivocable encryption schemes secure against chosen-ciphertext attacks revisited
JO - International Journal of Applied Mathematics and Computer Science
PY - 2015
VL - 25
IS - 2
SP - 415
EP - 430
AB - Fehr et al. (2010) proposed the first sender-equivocable encryption scheme secure against chosen-ciphertext attacks (NCCCA) and proved that NC-CCA security implies security against selective opening chosen-ciphertext attacks (SO-CCA). The NC-CCA security proof of the scheme relies on security against substitution attacks of a new primitive, the “crossauthentication code”. However, the security of the cross-authentication code cannot be guaranteed when all the keys used in the code are exposed. Our key observation is that, in the NC-CCA security game, the randomness used in the generation of the challenge ciphertext is exposed to the adversary. Based on this observation, we provide a security analysis of Fehr et al.'s scheme, showing that its NC-CCA security proof is flawed. We also point out that the scheme of Fehr et al. encrypting a single-bit plaintext can be refined to achieve NC-CCA security, free of the cross-authentication code. Furthermore, we propose the notion of “strong cross-authentication code”, apply it to Fehr et al.'s scheme, and show that the new version of the latter achieves NC-CCA security for multi-bit plaintexts.
LA - eng
KW - sender-equivocable encryption; chosen-ciphertext attack; cross-authentication code
UR - http://eudml.org/doc/270433
ER -

References

top
  1. Bellare, M., Dowsley, R., Waters, B. and Yilek, S. (2012). Standard security does not imply security against selective-opening, in D. Pointcheval and T. Johansson (Eds.), Advances in Cryptology-EUROCRYPT 2012, Springer, Berlin/Heidelberg, pp. 645-662. Zbl1297.94046
  2. Bellare, M., Hofheinz, D. and Yilek, S. (2009). Possibility and impossibility results for encryption and commitment secure under selective opening, in A. Joux (Ed.), Advances in Cryptology-EUROCRYPT 2009, Springer, Berlin/Heidelberg, pp. 1-35. Zbl1239.94033
  3. Bellare, M., Waters, B. and Yilek, S. (2011). Identity-based encryption secure against selective opening attack, in Y. Ishai (Ed.), Theory of Cryptography, Springer, Berlin/Heidelberg, pp. 235-252. Zbl1295.94020
  4. Böhl, F., Hofheinz, D. and Kraschewski, D. (2012). On definitions of selective opening security, in M. Fischlin, J. Buchmann and M. Manulis (Eds.), Public Key Cryptography-PKC 2012, Springer, Berlin/Heidelberg, pp. 522-539. Zbl1300.94041
  5. Canetti, R., Friege, U., Goldreich, O. and Naor, M. (1996). Adaptively secure multi-party computation, Technical report, Massachusetts Institute of Technology, Cambridge, MA. Zbl0922.68048
  6. Cramer, R. and Shoup, V. (2002). Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption, in L.R. Knudsen (Ed.), Advances in Cryptology-EUROCRYPT 2002, Springer, Berlin/Heidelberg, pp. 45-64. Zbl1055.94011
  7. Fehr, S., Hofheinz, D., Kiltz, E. and Wee, H. (2010). Encryption schemes secure against chosen-ciphertext selective opening attacks, in H. Gilbert (Ed.), Advances in Cryptology-EUROCRYPT 2010, Berlin/Heidelberg, Springer, pp. 381-402. Zbl1280.94052
  8. Gao, C.-z., Xie, D. and Wei, B. (2012). Deniable encryptions secure against adaptive chosen ciphertext attack, in M.D. Ryan, B. Smyth and G. Wang (Eds.), Information Security Practice and Experience, Springer, Berlin/Heidelberg, pp. 46-62. Zbl1291.94087
  9. Hemenway, B., Libert, B., Ostrovsky, R. and Vergnaud, D. (2011). Lossy encryption: Constructions from general assumptions and efficient selective opening chosen ciphertext security, in D.H. Lee and X. Wang (Eds.), Advances in Cryptology-ASIACRYPT 2011, Springer, Berlin/Heidelberg, pp. 70-88. Zbl1227.94048
  10. Hofheinz, D. (2012). All-but-many lossy trapdoor functions, in D. Pointcheval and T. Johansson (Eds.), Advances in Cryptology-EUROCRYPT 2012, Springer, Berlin/Heidelberg, pp. 209-227. Zbl1279.94086
  11. Myers, S. and Shelat, A. (2009). Bit encryption is complete, 50th Annual IEEE Symposium on Foundations of Computer Science, FOCS'09, Atlanta, GA, USA, pp. 607-616. Zbl1292.94119
  12. Peikert, C. and Waters, B. (2011). Lossy trapdoor functions and their applications, SIAM Journal on Computing 40(6): 1803-1844. Zbl1236.94063

NotesEmbed ?

top

You must be logged in to post comments.

To embed these notes on your page include the following JavaScript code on your page where you want the notes to appear.

Only the controls for the widget will be shown in your chosen language. Notes will be shown in their authored language.

Tells the widget how many notes to show per page. You can cycle through additional notes using the next and previous controls.

    
                

                
Note: Best practice suggests putting the JavaScript code just before the closing </body> tag.