Revisiting the Security Model for Timed-Release Encryption with Pre-open Capability

Abstract: Abstract. The concept of timed-released encryption with pre-open capability (TRE-PC) was introduced by Hwang, Yum and Lee. In a TRE-PC scheme, a message is encrypted in such a way that it can only be decrypted at a certain point in time or if the sender releases a piece of trapdoor information known as a pre-open key. This paper examines the security model for a TRE-PC scheme, demonstrates that a TRE-PC scheme can be constructed using a KEM-DEM approach, and provides an efficient example of a TRE-PC scheme.

“…The recovery of past time-dependent trapdoors from a current trapdoor was studied in [9] and [27], which employs a hash chain and a tree structure [6] respectively. The study of the pre-open capability in TRE was initiated in [24] and improved by [19]. Recently, Chalkias, Hristu-Varsakelis and Stephanides proposed an efficient TRE scheme [8] with random oracles.…”

“…Typically in TRE [3,8,12,19,24], a single public key is given to the adversary as the target of attack. However, the non-standard TRE formulation in [7] does allow uncertified public keys.…”

“…We following the typical TRE formulation [3,8,12,19,24] such that public key is certified and the typical TRE security model [8,12,19,24] such that only a single public key is considered. However, we extend the existing notion such that partial decryption by a security-mediator is supported.…”

“…A timeserver is trusted to keep a trapdoor confidential until an appointed time. Apart from delayed release of information, TRE supports many other applications due to its small trapdoor size and its commitment provision (see [13,19]). …”

General Certificateless Encryption and Timed-Release Encryption

“…The recovery of past time-dependent trapdoors from a current trapdoor was studied in [9] and [27], which employs a hash chain and a tree structure [6] respectively. The study of the pre-open capability in TRE was initiated in [24] and improved by [19]. Recently, Chalkias, Hristu-Varsakelis and Stephanides proposed an efficient TRE scheme [8] with random oracles.…”

“…Typically in TRE [3,8,12,19,24], a single public key is given to the adversary as the target of attack. However, the non-standard TRE formulation in [7] does allow uncertified public keys.…”

“…We following the typical TRE formulation [3,8,12,19,24] such that public key is certified and the typical TRE security model [8,12,19,24] such that only a single public key is considered. However, we extend the existing notion such that partial decryption by a security-mediator is supported.…”

“…A timeserver is trusted to keep a trapdoor confidential until an appointed time. Apart from delayed release of information, TRE supports many other applications due to its small trapdoor size and its commitment provision (see [13,19]). …”

General Certificateless Encryption and Timed-Release Encryption

“…The work in [16] described a similar, but computationally less efficient scheme, that could also support message pre-opening 2 . Improvements to [16] were later proposed by [10]. Also, [7] designed a user-anonymous TRE protocol that could make use of pre-computations (i.e., some of the calculations required to run the protocol can be performed off-line, prior to specifying a message or a receiver), and thus be faster than previous approaches.…”

Low-cost Anonymous Timed-Release Encryption

Privacy Preservation for Versatile Pay-TV Services