Efficient KDM-CCA Secure Public-Key Encryption for Polynomial Functions

KDM $$[\mathcal {F}]$$ -CCA secure public-key encryption PKE protects the security of message fsk, with $$f\in \mathcal {F}$$ , that is computed directly from the secret key, even if the adversary has access to a decryption oracle. An efficient KDM $$[\mathcal {F}_{\text {aff}}]$$ -CCA secure PKE scheme for affine functions was proposed by Lu, Li and Jia LLJ, EuroCrypt2015. We point out that their security proof cannot go through based on the DDH assumption. In this paper, we introduce a new concept Authenticated Encryption with Auxiliary-Input $$\mathsf {AIAE}$$ and define for it new security notions dealing with related-key attacks, namely IND-RKA security and weak INT-RKA security. We also construct such an $$\mathsf {AIAE}$$ w.r.t. a set of restricted affine functions from the DDH assumption. With our $$\mathsf {AIAE}$$ ,we construct the first efficient KDM $$[\mathcal {F}_{\text {aff}}]$$ -CCA secure PKE w.r.t. affine functions with compact ciphertexts, which consist only of a constant number of group elements;we construct the first efficient KDM $$[\mathcal {F}_{\text {poly}}^d]$$ -CCA secure PKE w.r.t. polynomial functions of bounded degree d with almost compact ciphertexts, and the number of group elements in a ciphertext is polynomial in d, independent of the security parameter. Our PKEs are both based on the DDH & DCR assumptions, free of NIZK and free of pairing.

[1]  Jorge Luis Villar,et al.  Identity-Based Encryption with Master Key-Dependent Message Security and Leakage-Resilience , 2012, ESORICS.

[2]  Moti Yung,et al.  Efficient Circuit-Size Independent Public Key Encryption with KDM Security , 2011, EUROCRYPT.

[3]  Yael Tauman Kalai,et al.  Black-Box Circular-Secure Encryption beyond Affine Functions , 2011, TCC.

[4]  John Black,et al.  Encryption-Scheme Security in the Presence of Key-Dependent Messages , 2002, Selected Areas in Cryptography.

[5]  Dingding Jia,et al.  KDM-CCA Security from RKA Secure Authenticated Encryption , 2015, EUROCRYPT.

[6]  Dennis Hofheinz,et al.  Circular Chosen-Ciphertext Security with Compact Ciphertexts , 2013, EUROCRYPT.

[7]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.

[8]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[9]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[10]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[11]  Rafail Ostrovsky,et al.  Circular-Secure Encryption from Decision Diffie-Hellman , 2008, CRYPTO.

[12]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[13]  Zvika Brakerski,et al.  Circular and Leakage Resilient Public-Key Encryption Under Subgroup Indistinguishability (or: Quadratic Residuosity Strikes Back) , 2010, IACR Cryptol. ePrint Arch..

[14]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[15]  Martin Barratt Assumptions , 2002, The Lancet.

[16]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[17]  Jan Camenisch,et al.  A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks , 2009, IACR Cryptol. ePrint Arch..

[18]  Yuval Ishai,et al.  Bounded Key-Dependent Message Security , 2010, IACR Cryptol. ePrint Arch..

[19]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[20]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..