Effort-Release Public-Key Encryption from Cryptographic Puzzles

Timed-release cryptography addresses the problem of "sending messages into the future": a message is encrypted so that it can only be decrypted after a certain amount of time, either (a) with the help of a trusted third party time server, or (b) after a party performs the required number of sequential operations. We generalise the latter case to what we call effort-release public key encryption (ER-PKE), where only the party holding the private key corresponding to the public key can decrypt, and only after performing a certain amount of computation which may or may not be parallelisable. Effort-release PKE generalises both the sequential-operation-based timed-release encryption of Rivest, Shamir, and Wagner, and also the encapsulated key escrow techniques of Bellare and Goldwasser. We give a generic construction for ER-PKE based on the use of moderately hard computational problems called puzzles. Our approach extends the KEM/DEM framework for public key encryption by introducing a difficulty notion for KEMs which results in effort-release PKE. When the puzzle used in our generic construction is non-parallelisable, we recover timed-release cryptography, with the addition that only the designated receiver (in the PKE setting) can decrypt.

[1]  Bogdan Warinschi,et al.  Security Notions and Generic Constructions for Client Puzzles , 2009, ASIACRYPT.

[2]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[3]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[4]  Colin Boyd,et al.  Stronger Difficulty Notions for Client Puzzles and Denial-of-Service-Resistant Protocols , 2011, CT-RSA.

[5]  Ari Juels,et al.  $evwu Dfw , 1998 .

[6]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[7]  Dimitrios Hristu-Varsakelis,et al.  Improved Anonymous Timed-Release Encryption , 2007, ESORICS.

[8]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[9]  Victor Shoup,et al.  A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[10]  Siu-Ming Yiu,et al.  Timed-Release Encryption Revisited , 2008, ProvSec.

[11]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[12]  Mihir Bellare,et al.  Encapsulated Key Escrow , 1996 .

[13]  Colin Boyd,et al.  An integrated approach to cryptographic mitigation of denial-of-service attacks , 2011, ASIACCS '11.

[14]  Jung Hee Cheon,et al.  Provably Secure Timed-Release Public Key Encryption , 2008, TSEC.

[15]  Douglas R. Stinson,et al.  On the Construction of Practical Key Predistribution Schemes for Distributed Sensor Networks Using Combinatorial Designs , 2008, TSEC.

[16]  Colin Boyd,et al.  Efficient Modular Exponentiation-Based Puzzles for Denial-of-Service Protection , 2011, ICISC.

[17]  Mihir Bellare,et al.  Verifiable partial key escrow , 1997, CCS '97.

[18]  David Pointcheval,et al.  REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform , 2001, CT-RSA.