Standard Security Does Not Imply Security against Selective-Opening

We show that no commitment scheme that is hiding and binding according to the standard definition is semantically-secure under selective opening attack (SOA), resolving a long-standing and fundamental open question about the power of SOAs. We also obtain the first examples of IND-CPA encryption schemes that are not secure under SOA, both for sender corruptions where encryption coins are revealed and receiver corruptions where decryption keys are revealed. These results assume only the existence of collision-resistant hash functions.

[1]  Brent Waters,et al.  Identity-Based Encryption Secure against Selective Opening Attack , 2011, TCC.

[2]  Moni Naor,et al.  Magic Functions: In Memoriam: Bernard M. Dwork 1923--1998 , 2003, JACM.

[3]  Moni Naor,et al.  Adaptively secure multi-party computation , 1996, STOC '96.

[4]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[5]  Eike Kiltz,et al.  Encryption Schemes Secure against Chosen-Ciphertext Selective Opening Attacks , 2010, EUROCRYPT.

[6]  Ivan Damgård,et al.  Improved Non-committing Encryption Schemes Based on a General Complexity Assumption , 2000, CRYPTO.

[7]  Rafail Ostrovsky,et al.  Revisiting Lower and Upper Bounds for Selective Decommitments , 2011, IACR Cryptol. ePrint Arch..

[8]  Mihir Bellare,et al.  Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening , 2009, EUROCRYPT.

[9]  Rafail Ostrovsky,et al.  Lossy Encryption: Constructions from General Assumptions and Efficient Selective Opening Chosen Ciphertext Security , 2011, ASIACRYPT.

[10]  Phillip Rogaway,et al.  Formalizing Human Ignorance , 2006, VIETCRYPT.

[11]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[12]  Rafail Ostrovsky,et al.  Deniable Encryption , 1997, IACR Cryptol. ePrint Arch..

[13]  Brent Waters,et al.  Bi-Deniable Public-Key Encryption , 2011, CRYPTO.

[14]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[15]  Yevgeniy Dodis,et al.  On the Generic Insecurity of the Full Domain Hash , 2005, CRYPTO.

[16]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[17]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[18]  Moni Naor,et al.  Magic functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[19]  Kevin Barraclough,et al.  I and i , 2001, BMJ : British Medical Journal.

[20]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[21]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[22]  Moni Naor,et al.  Cryptography and Game Theory: Designing Protocols for Exchanging Information , 2008, TCC.

[23]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[24]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[25]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[26]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[27]  David Xiao,et al.  Errata to (Nearly) Round-Optimal Black-Box Constructions of Commitments Secure against Selective Opening Attacks , 2013, TCC.

[28]  David Xiao,et al.  (Nearly) Round-Optimal Black-Box Constructions of Commitments Secure against Selective Opening Attacks , 2011, TCC.

[29]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[30]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[31]  Jonathan Katz,et al.  Adaptively-Secure, Non-interactive Public-Key Encryption , 2005, TCC.

[32]  Dennis Hofheinz,et al.  On definitions of selective opening security , 2012, IACR Cryptol. ePrint Arch..

[33]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[34]  Mihir Bellare,et al.  Encryption Schemes Secure under Selective Opening Attack , 2009, IACR Cryptol. ePrint Arch..

[35]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[36]  Mihir Bellare,et al.  GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks , 2002, CRYPTO.

[37]  Saurabh Panjwani,et al.  Tackling Adaptive Corruptions in Multicast Encryption Protocols , 2007, TCC.

[38]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[39]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[40]  Dennis Hofheinz,et al.  Possibility and Impossibility Results for Selective Decommitments , 2011, Journal of Cryptology.