论文信息 - Lower and Upper Bounds for Deniable Public-Key Encryption

Lower and Upper Bounds for Deniable Public-Key Encryption

A deniable cryptosystem allows a sender and a receiver to communicate over an insecure channel in such a way that the communication is still secure even if the adversary can threaten the parties into revealing their internal states after the execution of the protocol. This is done by allowing the parties to change their internal state to make it look like a given ciphertext decrypts to a message different from what it really decrypts to. Deniable encryption was in this way introduced to allow to deny a message exchange and hence combat coercion. Depending on which parties can be coerced, the security level, the flavor and the number of rounds of the cryptosystem, it is possible to define a number of notions of deniable encryption. In this paper we prove that there does not exist any non-interactive receiver-deniable cryptosystem with better than polynomial security. This also shows that it is impossible to construct a non-interactive bi-deniable public-key encryption scheme with better than polynomial security. Specifically, we give an explicit bound relating the security of the scheme to how efficient the scheme is in terms of key size. Our impossibility result establishes a lower bound on the security. As a final contribution we give constructions of deniable public-key encryption schemes which establishes upper bounds on the security in terms of key length. There is a gap between our lower and upper bounds, which leaves the interesting open problem of finding the tight bounds.

[1] Brent Waters,et al. Bi-Deniable Public-Key Encryption , 2011, CRYPTO.

[2] Tal Malkin,et al. Improved Non-committing Encryption with Applications to Adaptively Secure Protocols , 2009, ASIACRYPT.

[3] Rafail Ostrovsky,et al. Deniable Encryption , 1997, IACR Cryptol. ePrint Arch..

[4] Daniel Wichs,et al. Somewhat Non-Committing Encryption and Efficient Adaptively Secure Oblivious Transfer , 2009, IACR Cryptol. ePrint Arch..

[5] Moni Naor,et al. Adaptively secure multi-party computation , 1996, STOC '96.

[6] I. Shevtsova,et al. On the Upper Bound for the Absolute Constant in the Berry–Esseen Inequality , 2010 .

[7] Donald Beaver,et al. Plug and Play Encryption , 1997, CRYPTO.

[8] Markus Dürmuth,et al. Deniable Encryption with Negligible Detection Probability: An Interactive Construction , 2011, EUROCRYPT.

[9] Rafail Ostrovsky,et al. Round-Optimal Secure Two-Party Computation , 2004, CRYPTO.

[10] Jesper Buus Nielsen,et al. Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[11] Ivan Damgård,et al. Improved Non-committing Encryption Schemes Based on a General Complexity Assumption , 2000, CRYPTO.