Selective opening security of practical public‐key encryption schemes

Heuer, Felix; Jager, Tibor; Schäge, Sven; Kiltz, Eike

doi:10.1049/iet-ifs.2015.0507

Cited by 6 publications

(1 citation statement)

References 45 publications

(100 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ese scenarios usually require a set of senders to generate their own messages (possibly correlated) encrypted with the same receiver's public key and may suffer from some special attacks. One of the mostly studied attacks is selective opening attacks (SOA) [7][8][9][10][11][12][13][14][15][16][17][18], in which an attacker may corrupt a subset of the senders to open their ciphertexts as well as the corresponding random bits used in the encryption algorithm. Under such an attack, the requirement to guarantee the security of the unopened ciphertexts is beyond the capability of traditional IND-CPA/CCA security [14,15,19].…”

Section: Introductionmentioning

confidence: 99%

Selective-Opening Security for Public-Key Encryption in the Presence of Parameter Subversion

Kang

Huang

Zhang

2021

Security and Communication Networks

View full text Add to dashboard Cite

In public-key encryption (PKE), ciphertexts received by a receiver may be possibly correlated and the security of a PKE relies on honestly generated system parameters. Security against selective opening attacks (SOA) for PKE guarantees that even when an attacker has broken into a subset of honestly generated ciphertexts and opened them (i.e., seeing plaintexts and random bits), the unopened ciphertexts remain secure. While security against parameter subversion attacks (PSA) for PKE requires that even when the public system parameters are maliciously generated, a PKE scheme should be secure. In this paper, we initiate the study of PKE secure against both SOA and PSA. To capture SOA and PSA simultaneously, we formulate a new security notion called indistinguishability under selective opening attacks and parameter subversion attacks (IND-SO-PSA). Further, we define the lossy trapdoor function and all-but-many lossy trapdoor function in the presence of PSA (LTF-PSA and ABM-LTF-PSA correspondingly) and propose an instantiation with the efficiently-embeddable group (EG). Applying these new primitives, we construct a PKE scheme that is proven to be IND-SO-PSA secure.

show abstract