(R)CCA Secure Updatable Encryption with Integrity Protection

Klooß, Michael; Lehmann, Anja; Rupp, Andy

doi:10.1007/978-3-030-17653-2_3

Cited by 39 publications

(43 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They formalize an entire spectrum of security notions: at the weakest end, they propose RCCA security, which for large message spaces (size super-polynomial in the security parameter) is known to achieve confidential channels [9]. This fact has bolstered RCCA security into becoming the default security notion in settings where CCA-2 is not achievable, such as in rerandomizable encryption schemes [22,14] and updatable encryption schemes [16]. Intuitively, a scheme can be RCCA secure even if it is easy to create from a known ciphertext another one that still decrypts to the same message.…”

Section: Motivationmentioning

confidence: 99%

See 1 more Smart Citation

Revisiting (R)CCA Security and Replay Protection

Badertscher¹,

Maurer

Portmann

et al. 2021

Public-Key Cryptography – PKC 2021

View full text Add to dashboard Cite

Section: Motivationmentioning

confidence: 99%

“…The investigation of relaxed, enhanced, and modified versions of CCA-2 security has a rich history and has found numerous applications in proxy-reencryption, updatable encryption, attribute based-encryption, rerandomizable encryption, or steganography [2,4,6,8,11,13,14,16,22,23].…”

Section: Further Related Workmentioning

confidence: 99%

Revisiting (R)CCA Security and Replay Protection

Badertscher¹,

Maurer

Portmann

et al. 2021

Public-Key Cryptography – PKC 2021

View full text Add to dashboard Cite

“…In the past few years there has been considerable interest in extending the understanding of UE. A series of prominent papers [BLMR13,EPRS17a,LT18a,KLR19a] have provided both new (typically stronger) security definitions and concrete or generic constructions to meet their definitions. (We make a detailed comparison of related work in Section 1.1.1 next.)…”

Section: Introductionmentioning

confidence: 99%

“…A clear and important goal is to limit the bandwidth required and so, in general, one should prefer ciphertext-independent schemes. Thus, as with the most recent work [LT18a,KLR19a], we focus on such schemes in this paper. The ciphertext update procedure, performed by the server, may be deterministic or randomized -note that in the latter case the server is burdened with producing (good) randomness and using it correctly.…”

Section: Introductionmentioning

confidence: 99%

Fast and Secure Updatable Encryption

Boyd

Davies

Gjøsteen

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Key-homomorphic PRFs have many useful applications in symmetric cryptography and give rise to distributed PRFs, symmetric-key proxy re-encryption, and updatable encryption. The study of updatable encryption, in particular, have recently gained a considerable amount of traction [ 17 , 19 , 29 , 38 , 40 ]. Most of these existing proposals for updatable encryption rely on key-homomorphic PRFs or use direct updatable encryption constructions that take advantage of similar algebraic structures.…”

Section: Introductionmentioning

confidence: 99%

Key-Homomorphic Pseudorandom Functions from LWE with Small Modulus

Kim

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Pseudorandom functions (PRFs) are fundamental objects in cryptography that play a central role in symmetric-key cryptography. Although PRFs can be constructed from one-way functions generically, these black-box constructions are usually inefficient and require deep circuits to evaluate compared to direct PRF constructions that rely on specific algebraic assumptions. From lattices, one can directly construct PRFs from the Learning with Errors (LWE) assumption (or its ring variant) using the result of Banerjee, Peikert, and Rosen (Eurocrypt 2012) and its subsequent works. However, all existing PRFs in this line of work rely on the hardness of the LWE problem where the associated modulus is super-polynomial in the security parameter. In this work, we provide two new PRF constructions from the LWE problem. In each of these constructions, each focuses on either minimizing the depth of its evaluation circuit or providing key-homomorphism while relying on the hardness of the LWE problem with either a polynomial modulus or nearly polynomial modulus. Along the way, we introduce a new variant of the LWE problem called the Learning with Rounding and Errors (LWRE) problem. We show that for certain settings of parameters, the LWRE problem is as hard as the LWE problem. We then show that the hardness of the LWRE problem naturally induces a pseudorandom synthesizer that can be used to construct a low-depth PRF. The techniques that we introduce to study the LWRE problem can then be used to derive variants of existing key-homomorphic PRFs whose security can be reduced from the hardness of the LWE problem with a much smaller modulus.

show abstract

(R)CCA Secure Updatable Encryption with Integrity Protection

Cited by 39 publications

References 25 publications

Revisiting (R)CCA Security and Replay Protection

Revisiting (R)CCA Security and Replay Protection

Fast and Secure Updatable Encryption

Key-Homomorphic Pseudorandom Functions from LWE with Small Modulus

Contact Info

Product

Resources

About