Sender-equivocable encryption schemes secure against chosen-ciphertext attacks revisited
Fehr et al. (2010) proposed the first sender-equivocable encryption scheme secure against chosen-ciphertext attacks (NCCCA) and proved that NC-CCA security implies security against selective opening chosen-ciphertext attacks (SO-CCA). The NC-CCA security proof of the scheme relies on security against substitution attacks of a new primitive, the “crossauthentication code”. However, the security of the cross-authentication code cannot be guaranteed when all the keys used in the code are exposed. Our...