Certified Encryption Revisited

The notion of certified encryption had recently been suggested as a suitable setting for analyzing the security of encryption against adversaries that tamper with the key-registration process. The flexible syntax afforded by certified encryption suggests that identity-based and certificateless encryption schemes can be analyzed using the models for certified encryption. In this paper we explore the relationships between security models for these two primitives and that for certified encryption. We obtain the following results. We show that an identity-based encryption scheme is secure if and only if it is secure when viewed as a certified encryption scheme. This result holds under the (unavoidable) restriction that registration occurs over private channels. In the case of certificateless encryption we observe that a similar result cannot hold. The reason is that existent models explicitly account for attacks against the non-monolithic structure of the secret keys whereas certified encryption models treat secret keys as whole entities. We propose an extension for certified encryption where the adversary is allowed to partially modify the secret keys of honest parties. The extension that we propose is very general and may lead to unsatisfiable notions. Nevertheless, we exhibit one instantiation for which we can prove the desired result: a certificateless encryption is secure if and only if its associated certified encryption scheme is secure. As part of our analysis, and a result of separate interest we confirm the folklore belief that for both IBE and CLE, security in the single-user setting (as captured by existent models) is equivalent to security in the multi-user setting.

[1]  Mihir Bellare,et al.  Randomness Re-use in Multi-recipient Encryption Schemeas , 2003, Public Key Cryptography.

[2]  Burton S. Kaliski,et al.  An unknown key-share attack on the MQV key agreement protocol , 2001, ACM Trans. Inf. Syst. Secur..

[3]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[4]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[5]  Richard Comley,et al.  Efficient Certificateless Public Key Encryption , 2005, IACR Cryptol. ePrint Arch..

[6]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[7]  Yi Mu,et al.  Malicious KGC attacks in certificateless cryptography , 2007, ASIACCS '07.

[8]  Chi Sung Laih,et al.  Advances in Cryptology - ASIACRYPT 2003 , 2003 .

[9]  Joonsang Baek,et al.  Certificateless Public Key Encryption Without Pairing , 2005, ISC.

[10]  Silvio Micali,et al.  Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.

[11]  Alexander W. Dent,et al.  A survey of certificateless encryption schemes and security models , 2008, International Journal of Information Security.

[12]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[13]  Masao Kasahara,et al.  ID based Cryptosystems with Pairing on Elliptic Curve , 2003, IACR Cryptol. ePrint Arch..

[14]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[15]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[16]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[17]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[18]  Marc Fischlin,et al.  A Closer Look at PKI: Security and Efficiency , 2007, Public Key Cryptography.

[19]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[20]  Alexander W. Dent A Note On Game-Hopping Proofs , 2006, IACR Cryptol. ePrint Arch..

[21]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[22]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[23]  Silvio Micali,et al.  Plaintext Awareness via Key Registration , 2003, CRYPTO.

[24]  M. Bellare,et al.  Multi-Recipient Encryption Schemes: Security Notions and Randomness Re-Use , 2003 .

[25]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[26]  Joseph K. Liu,et al.  Self-Generated-Certificate Public Key Cryptography and certificateless signature/encryption scheme in the standard model: extended abstract , 2007, ASIACCS '07.

[27]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[28]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.