Anonymous protocols: Notions and equivalence

Privacy protection has become a major issue in modern societies. Many efforts have been provided in the last years to catch properly the requirements that cryptographic primitives and low-level protocols should meet in order to be useful for building privacy-preserving applications. In particular, anonymity is an important property to achieve, and the notion of key privacy in public-key encryption, which guarantees that an adversary is unable to tell with which public key a certain ciphertext has been produced, plays a key-role in the design of anonymous protocols.Secret sets and anonymous broadcast encryption are two examples of useful anonymous protocols. A secret set is a representation of a subset of users of a given universe satisfying some basic membership privacy properties, and anonymous broadcast encryption is a mechanism to encrypt a broadcast message that only authorized users, whose identities are kept secret, can decrypt.In this paper we show that, even if apparently the key privacy property of an encryption scheme seems to be unrelated to the security of the encrypted content, and it looks like just an additional property the encryption scheme can enjoy, for a robust encryption scheme key privacy under chosen ciphertext attack implies non-malleability and, hence, security under chosen ciphertext attacks. This result helps to simplify the set of requirements that public key encryption schemes need to satisfy when stating and proving theorems regarding anonymous protocols in which the encryption schemes are used.Then, we provide a formal model for both secret sets and anonymous broadcast encryption and we prove that they are equivalent with respect to non-adaptive adversaries: the former can be used to design the latter and vice versa.Finally, we revisit some previous constructions for secret sets, and we analyze the security properties they enjoy within our adversarial model.

[1]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[2]  Brent Waters,et al.  Privacy in Encrypted Content Distribution Using Private Broadcast Encryption , 2006, Financial Cryptography.

[3]  Mihir Bellare,et al.  Robust Encryption , 2010, TCC.

[4]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[5]  李江滔,et al.  Algebraic Construction for Zero-Knowledge Sets , 2008 .

[6]  Tal Malkin,et al.  Mercurial Commitments with Applications to Zero-Knowledge Sets , 2005, Journal of Cryptology.

[7]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[8]  Silvio Micali,et al.  Zero-knowledge sets , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[9]  Kenneth G. Paterson,et al.  Anonymous Broadcast Encryption: Adaptive Security and Efficient Constructions in the Standard Model , 2012, Public Key Cryptography.

[10]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[11]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[12]  Alfredo De Santis,et al.  On secret set schemes , 2000, Inf. Process. Lett..

[13]  Ivan Visconti,et al.  Mercurial Commitments: Minimal Assumptions and Efficient Constructions , 2006, TCC.

[14]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[15]  Johan Håstad,et al.  The Security of All RSA and Discrete Log Bits , 1998 .

[16]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[17]  Yehuda Lindell,et al.  Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series) , 2007 .

[18]  Mario Di Raimondo,et al.  Zero-Knowledge Sets With Short Proofs , 2008, IEEE Transactions on Information Theory.

[19]  Gene Tsudik,et al.  Secret Sets and Applications , 1998, Inf. Process. Lett..