Practical Dual-Receiver Encryption - Soundness, Complete Non-Malleability, and Applications

We reformalize and recast dual-receiver encryption (DRE) proposed in CCS ’04, a public-key encryption (PKE) scheme for encrypting to two independent recipients in one shot. We start by defining the crucial soundness property for DRE, which ensures that two recipients will get the same decryption result. While conceptually simple, DRE with soundness turns out to be a powerful primitive for various goals for PKE, such as complete non-malleability (CNM) and plaintext-awareness (PA). We then construct practical DRE schemes without random oracles under the Bilinear Decisional Diffie-Hellman assumption, while prior approaches rely on random oracles or inefficient non-interactive zero-knowledge proofs. Finally, we investigate further applications or extensions of DRE, including DRE with CNM, combined use of DRE and PKE, strengthening two types of PKE schemes with plaintext equality test, off-the-record messaging with a stronger notion of deniability, etc.

[1]  Hideki Imai,et al.  Generic Combination of Public Key Encryption with Keyword Search and Public Key Encryption , 2007, CANS.

[2]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[3]  Silvio Micali,et al.  Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.

[4]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[5]  Jonathan Katz,et al.  Composability and On-Line Deniability of Authentication , 2009, TCC.

[6]  Jean-Jacques Quisquater,et al.  Identity Based Encryption Without Redundancy , 2005, ACNS.

[7]  Moti Yung,et al.  Efficient Completely Non-malleable Public Key Encryption , 2010, ICALP.

[8]  Fred B. Schneider,et al.  Distributed Blinding for Distributed ElGamal Re-Encryption , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[9]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[10]  Wolfgang Küchlin Public key encryption , 1987, SIGS.

[11]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[12]  Mihir Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.

[13]  Amit Sahai,et al.  Efficient Noninteractive Proof Systems for Bilinear Groups , 2008, SIAM J. Comput..

[14]  Ivan Damgård,et al.  Public-Key Encryption with Non-interactive Opening , 2008, CT-RSA.

[15]  Nikita Borisov,et al.  Off-the-record communication, or, why not to use PGP , 2004, WPES '04.

[16]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[17]  Shai Halevi,et al.  EME*: Extending EME to Handle Arbitrary-Length Messages with Associated Data , 2004, INDOCRYPT.

[18]  Silvio Micali,et al.  Plaintext Awareness via Key Registration , 2003, CRYPTO.

[19]  Tanja Lange,et al.  Pairing-Based Cryptography – Pairing 2012 , 2012, Lecture Notes in Computer Science.

[20]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[21]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[22]  David Naccache,et al.  Topics in Cryptology — CT-RSA 2001 , 2001, Lecture Notes in Computer Science.

[23]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[24]  Jeffrey Harr,et al.  Building Blocks , 2013 .

[25]  Markus Jakobsson,et al.  Mix and Match: Secure Function Evaluation via Ciphertexts , 2000, ASIACRYPT.

[26]  R. Kaur,et al.  Digital Signature , 2012, 2012 International Conference on Computing Sciences.

[27]  David Pointcheval,et al.  REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform , 2001, CT-RSA.

[28]  Qixiang Mei,et al.  Direct chosen ciphertext security from identity-based techniques , 2005, CCS '05.

[29]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, Journal of Cryptology.

[30]  Aggelos Kiayias,et al.  Multi-query Computationally-Private Information Retrieval with Constant Communication Rate , 2010, Public Key Cryptography.

[31]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[32]  Jan Camenisch,et al.  Separability and Efficiency for Generic Group Signature Schemes , 1999, CRYPTO.

[33]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[34]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[35]  Eike Kiltz,et al.  Chosen-Ciphertext Secure Key-Encapsulation Based on Gap Hashed Diffie-Hellman , 2007, Public Key Cryptography.

[36]  David Pointcheval,et al.  The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[37]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[38]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[39]  Guomin Yang,et al.  Probabilistic Public Key Encryption with Equality Test , 2010, CT-RSA.

[40]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[41]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[42]  Phillip Rogaway,et al.  Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[43]  Carmine Ventre,et al.  Completely Non-malleable Encryption Revisited , 2008, Public Key Cryptography.

[44]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[45]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[46]  Angelos D. Keromytis,et al.  The dual receiver cryptosystem and its applications , 2004, CCS '04.

[47]  Dan Boneh,et al.  Chosen Ciphertext Secure Public Key Threshold Encryption Without Random Oracles , 2006, CT-RSA.

[48]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[49]  Mike Scott,et al.  Authenticated ID-based Key Exchange and remote log-in with simple token and PIN number , 2002, IACR Cryptol. ePrint Arch..

[50]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[51]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[52]  Brent Waters,et al.  Lossy trapdoor functions and their applications , 2008, SIAM J. Comput..

[53]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[54]  Georg Fuchsbauer,et al.  Strong Cryptography from Weak Secrets , 2010, AFRICACRYPT.

[55]  Sean W. Smith,et al.  Batch Pairing Delegation , 2007, IWSEC.

[56]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[57]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[58]  Josef Pieprzyk Topics in Cryptology - CT-RSA 2010, The Cryptographers' Track at the RSA Conference 2010, San Francisco, CA, USA, March 1-5, 2010. Proceedings , 2010, CT-RSA.

[59]  Marc Fischlin,et al.  Completely Non-malleable Schemes , 2005, ICALP.

[60]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[61]  Ronald Cramer,et al.  Public Key Cryptography - PKC 2008, 11th International Workshop on Practice and Theory in Public-Key Cryptography, Barcelona, Spain, March 9-12, 2008. Proceedings , 2008, Public Key Cryptography.

[62]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[63]  Fred B. Schneider,et al.  Distributed Blinding for ElGamal Re-encryption , 2004 .

[64]  Dongdai Lin,et al.  Stronger Security Model for Public-Key Encryption with Equality Test , 2012, Pairing.

[65]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[66]  Josep Domingo-Ferrer,et al.  Ad hoc broadcast encryption , 2010, CCS '10.

[67]  Tal Malkin Topics in Cryptology - CT-RSA 2008, The Cryptographers' Track at the RSA Conference 2008, San Francisco, CA, USA, April 8-11, 2008. Proceedings , 2008, CT-RSA.

[68]  Eike Kiltz,et al.  Chosen-Ciphertext Security from Tag-Based Encryption , 2006, TCC.

[69]  Oded Goldreich,et al.  More Constructions of Lossy and Correlation-Secure Trapdoor Functions , 2010, Journal of Cryptology.

[70]  Joonsang Baek,et al.  On the Integration of Public Key Data Encryption and Public Key Encryption with Keyword Search , 2006, ISC.

[71]  Hideki Imai,et al.  A generic construction of useful client puzzles , 2009, ASIACCS '09.