Simulation-Based Receiver Selective Opening CCA Secure PKE from Standard Computational Assumptions

In the situation where there are one sender and multiple receivers, a receiver selective opening (RSO) attack for a public key encryption (PKE) scheme considers adversaries that can corrupt some of the receivers and get their secret keys and plaintexts. Security against RSO attacks for a PKE scheme ensures confidentiality of ciphertexts of uncorrupted receivers. Simulation-based RSO security against chosen ciphertext attacks (SIM-RSO-CCA) is the strongest security notion in all RSO attack scenarios. Jia, Lu, and Li (INDOCRYPT 2016) proposed the first SIM-RSO-CCA secure PKE scheme. However, their scheme used indistinguishability obfuscation, which is not known to be constructed from any standard computational assumption. In this paper, we propose two constructions of SIM-RSO-CCA secure PKE from standard computational assumptions. First, we propose a generic construction of SIM-RSO-CCA secure PKE using an IND-CPA secure PKE scheme and a non-interactive zero-knowledge proof system satisfying one-time simulation soundness. Second, we propose an efficient concrete construction of SIM-RSO-CCA secure PKE based on the decisional Diffie-Hellman assumption.

[1]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[2]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[3]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[4]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[5]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[6]  Tibor Jager,et al.  Public-Key Encryption with Simulation-Based Selective-Opening Security and Compact Ciphertexts , 2016, TCC.

[7]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[8]  Brent Waters,et al.  Standard Security Does Not Imply Security against Selective-Opening , 2012, EUROCRYPT.

[9]  Dennis Hofheinz,et al.  All-But-Many Lossy Trapdoor Functions , 2012, EUROCRYPT.

[10]  Jonathan Katz,et al.  Adaptively-Secure, Non-interactive Public-Key Encryption , 2005, TCC.

[11]  Tibor Jager,et al.  Tightly-Secure Authenticated Key Exchange , 2015, IACR Cryptol. ePrint Arch..

[12]  Ivan Damgård,et al.  Improved Non-committing Encryption Schemes Based on a General Complexity Assumption , 2000, Annual International Cryptology Conference.

[13]  Yehuda Lindell,et al.  A Simpler Construction of CCA2-Secure Public-Key Encryption under General Assumptions , 2003, EUROCRYPT.

[14]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[15]  Carmit Hazay,et al.  Selective Opening Security for Receivers , 2015, ASIACRYPT.

[16]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[17]  Man Ho Au,et al.  Simulation-based selective opening security for receivers under chosen-ciphertext attacks , 2018, IACR Cryptol. ePrint Arch..

[18]  Kenneth G. Paterson,et al.  Simulation-Based Selective Opening CCA Security for PKE from Key Encapsulation Mechanisms , 2015, Public Key Cryptography.

[19]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[20]  Mihir Bellare,et al.  Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening , 2009, EUROCRYPT.

[21]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[22]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[23]  Mihir Bellare,et al.  Encryption Schemes Secure under Selective Opening Attack , 2009, IACR Cryptol. ePrint Arch..

[24]  Dingding Jia,et al.  Constructions Secure Against Receiver Selective Opening and Chosen Ciphertext Attacks , 2017, CT-RSA.

[25]  Brent Waters,et al.  Lossy Trapdoor Functions and Their Applications , 2011, SIAM J. Comput..

[26]  Dingding Jia,et al.  Receiver Selective Opening Security from Indistinguishability Obfuscation , 2016, INDOCRYPT.

[27]  Kefei Chen,et al.  Selective Opening Chosen Ciphertext Security Directly from the DDH Assumption , 2012, NSS.

[28]  Dawu Gu,et al.  Tightly SIM-SO-CCA Secure Public Key Encryption from Standard Assumptions , 2018, Public Key Cryptography.

[29]  Goichiro Hanaoka,et al.  Simulation-based receiver selective opening CCA secure PKE from standard computational assumptions , 2019, Theor. Comput. Sci..

[30]  Gil Segev,et al.  Chosen-Ciphertext Security via Correlated Products , 2009, SIAM J. Comput..