Robust Encryption, Revisited

We revisit the notions of robustness introduced by Abdalla, Bellare, and Neven (TCC 2010). One of the main motivations for the introduction of strong robustness for public-key encryption (PKE) by Abdalla et al. is to prevent certain types of attack on Sako’s auction protocol. We show, perhaps surprisingly, that Sako’s protocol is still vulnerable to attacks exploiting robustness problems in the underlying PKE scheme, even when it is instantiated with a strongly robust scheme. This demonstrates that current notions of robustness are insufficient even for one of its most natural applications. To address this and other limitations in existing notions, we introduce a series of new robustness notions for PKE and explore their relationships. In particular, we introduce complete robustness, our strongest new notion of robustness, and give a number of constructions for completely robust PKE schemes.

[1]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[2]  Eike Kiltz,et al.  Message Authentication, Revisited , 2012, EUROCRYPT.

[3]  Kenneth G. Paterson,et al.  Security and Anonymity of Identity-Based Encryption with Multiple Trusted Authorities , 2008, Pairing.

[4]  Kenneth G. Paterson,et al.  Anonymous Broadcast Encryption: Adaptive Security and Efficient Constructions in the Standard Model , 2012, Public Key Cryptography.

[5]  Mihir Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.

[6]  Léo Ducas,et al.  Anonymity from Asymmetry: New Constructions for Anonymous HIBE , 2010, CT-RSA.

[7]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[8]  Victor Shoup,et al.  A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[9]  Kazue Sako,et al.  An Auction Protocol Which Hides Bids of Losers , 2000, Public Key Cryptography.

[10]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[11]  Rosario Gennaro,et al.  A Note on An Encryption Scheme of Kurosawa and Desmedt , 2004, IACR Cryptol. ePrint Arch..

[12]  John Black,et al.  Encryption-Scheme Security in the Presence of Key-Dependent Messages , 2002, Selected Areas in Cryptography.

[13]  Dennis Hofheinz,et al.  Searchable encryption with decryption in the standard model , 2008, IACR Cryptol. ePrint Arch..

[14]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[15]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[16]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[17]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[18]  Brent Waters,et al.  Privacy in Encrypted Content Distribution Using Private Broadcast Encryption , 2006, Financial Cryptography.

[19]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[20]  Payman Mohassel,et al.  A Closer Look at Anonymity and Robustness in Encryption Schemes , 2010, ASIACRYPT.

[21]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[22]  Eike Kiltz,et al.  Secure Hybrid Encryption from Weakened Key Encapsulation , 2007, CRYPTO.

[23]  Kenneth G. Paterson,et al.  Building Key-Private Public-Key Encryption Schemes , 2009, ACISP.

[24]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[25]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[26]  Marc Fischlin,et al.  Pseudorandom Function Tribe Ensembles Based on One-Way Permutations: Improvements and Applications , 1999, EUROCRYPT.