Multi-Recipient Encryption Schemes: Security Notions and Randomness Re-Use

This paper begins by rening Kurosawa’s [Ku] denitions of security for multi-recipient encryption schemes (MRESs). It then considers a subclass of MRESs, that are formed by transforming standard encryption schemes via a natural technique called randomness re-use, and that oer important performance benets. The main result is a way to avoid ad-hoc analyses of such schemes: we provide a general test that can be applied to a standard encryption scheme to determine whether the associated randomness re-using MRES is secure. This is applied to identify numerous specic secure and ecient randomness re-using MRESs. The results and applications cover both asymmetric and symmetric encryption.

[1]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[2]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[3]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[4]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[5]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[6]  Silvio Micali,et al.  The Notion of Security for Probabilistic Cryptosystems , 1986, CRYPTO.

[7]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[8]  Johan Håstad,et al.  Solving Simultaneous Modular Equations of Low Degree , 1988, SIAM J. Comput..

[9]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[10]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[11]  Shimshon Berkovits,et al.  How To Broadcast A Secret , 1991, EUROCRYPT.

[12]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[13]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[14]  Markus Stadler,et al.  Publicly Verifiable Secret Sharing , 1996, EUROCRYPT.

[15]  Ran Canetti,et al.  Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information , 1997, CRYPTO.

[16]  Mihir Bellare,et al.  A concrete security treatment of symmet-ric encryption: Analysis of the DES modes of operation , 1997, FOCS 1997.

[17]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[18]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[19]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[20]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[21]  Jan Camenisch,et al.  Confirmer Signature Schemes Secure against Adaptive Adversaries , 2000, EUROCRYPT.

[22]  Jacques Stern,et al.  Extended Notions of Security for Multicast Public Key Cryptosystems , 2000, ICALP.

[23]  Silvio Micali,et al.  Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.

[24]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[25]  Dan Boneh,et al.  Simplified OAEP for the RSA and Rabin Functions , 2001, CRYPTO.

[26]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[27]  Kaoru Kurosawa,et al.  Multi-recipient Public-Key Encryption with Shortened Ciphertext , 2002, Public Key Cryptography.

[28]  Jacques Stern,et al.  RSA-OAEP Is Secure under the RSA Assumption , 2001, Journal of Cryptology.

[29]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.