We study simulation-based, selective opening security against chosen-ciphertext attacks (SIM-SO-CCA security) for public key encryption (PKE). In a selective opening, chosen-ciphertext attack (SOCCA), an adversary has access to a decryption oracle, sees a vector of ciphertexts, adaptively chooses to open some of them, and obtains the corresponding plaintexts and random coins used in the creation of the ciphertexts. The SIM-SO-CCA notion captures the security of unopened ciphertexts with respect to probabilistic polynomial-time (ppt) SO-CCA adversaries in a semantic way: what a ppt SO-CCA adversary can compute can also be simulated by a ppt simulator with access only to the opened messages. Building on techniques used to achieve weak deniable encryption and non-committing encryption, Fehr et al. (Eurocrypt 2010) presented an approach to constructing SIM-SO-CCA secure PKE from extended hash proof systems (EHPSs), collision-resistant hash functions and an information-theoretic primitive called Cross Authentication Codes (XACs). We generalize their approach by introducing a special type of Key Encapsulation Mechanism (KEM) and using it to build SIMSO-CCA secure PKE. We investigate what properties are needed from the KEM to achieve SIM-SO-CCA security. We also give three instantiations of our construction. The first uses hash proof systems, the second relies on the n-Linear assumption, and the third uses indistinguishability obfuscation (iO) in combination with extracting, puncturable PseudoRandom Functions in a similar way to Sahai and Waters (STOC 2014). Our results establish the existence of SIM-SO-CCA secure PKE assuming only the existence of one-way functions and iO. This result further highlights the simplicity and power of iO in constructing different cryptographic primitives. c © International Association for Cryptologic Research 2015 J. Katz (Ed.): PKC 2015, LNCS 9020, pp. 3–26, 2015. DOI: 10.1007/978-3-662-46447-2 1 4 S. Liu and K.G. Paterson
[1]
Amit Sahai,et al.
On the (im)possibility of obfuscating programs
,
2001,
JACM.
[2]
Kenneth G. Paterson,et al.
Simulation-Based Selective Opening CCA Security for PKE from Key Encapsulation Mechanisms
,
2015,
Public Key Cryptography.
[3]
Moni Naor,et al.
Magic functions
,
1999,
40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).
[4]
Mihir Bellare,et al.
Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening
,
2009,
EUROCRYPT.
[5]
Eike Kiltz,et al.
Encryption Schemes Secure against Chosen-Ciphertext Selective Opening Attacks
,
2010,
EUROCRYPT.
[6]
Ronald Cramer,et al.
Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack
,
2003,
SIAM J. Comput..
[7]
Dennis Hofheinz,et al.
On definitions of selective opening security
,
2012,
IACR Cryptol. ePrint Arch..
[8]
Yunlei Zhao,et al.
Identity-Based Encryption Secure Against Selective Opening Chosen-Ciphertext Attack
,
2014,
IACR Cryptol. ePrint Arch..
[9]
Kefei Chen,et al.
Sender-Equivocable Encryption Schemes Secure against Chosen-Ciphertext Attacks Revisited
,
2015,
Int. J. Appl. Math. Comput. Sci..