Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks

Fouque, Pierre-Alain; Pointcheval, David

doi:10.1007/3-540-45682-1_21

Cited by 91 publications

(79 citation statements)

References 51 publications

(78 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Putting all these together, we have the following whose proof immediately follows the results of [36,46,45] SUMMARY. Figure 1 summarizes the possible conversions covered in this paper between various primitives, including public key cryptosystem (PKC), threshold decryption scheme (TD) and multicast encryption (ME), at different security levels such as IND-CPA, IND-CCA (1 and 2).…”

Section: From Ind-cpa To Ind-cca: Generic Conversionmentioning

confidence: 73%

“…For example, some threshold schemes are known to be CCA2 secure (e.g. [35,32,33,34] and the IND-CCA2 threshold ElGamal in [36]) and a multicast encryption constructed via Construction 1 using one of these schemes is therefore guaranteed to be CCA2 secure too. In addition, all existing ATD-based multicast encryption schemes [17,14,22,23,24] are based on discrete logarithm.…”

Section: Theorem 1 (Security Inheritance) Let µ ∈ {Cp a Cca2} Givementioning

confidence: 99%

“…Such scheme can be used to construct a RSA-based CPA secure multicast cryptosystem. Another example of factorization-based scheme is the threshold version of Paillier cryptosystem [37] presented in [36]. [36] provides techniques to make this scheme IND-CCA2.…”

Section: Theorem 1 (Security Inheritance) Let µ ∈ {Cp a Cca2} Givementioning

confidence: 99%

“…Another example of factorization-based scheme is the threshold version of Paillier cryptosystem [37] presented in [36]. [36] provides techniques to make this scheme IND-CCA2. A multicast cryptosystem with the same level of security based on Paillier cryptosystem can thus be constructed using Construction 1.…”

Section: Theorem 1 (Security Inheritance) Let µ ∈ {Cp a Cca2} Givementioning

confidence: 99%

“…Their solution involves replacing one of the twin encryption keys with the sender 's public key and providing a NIZKP of knowledge of the plaintext. [36] also provided similar conversion, in the random oracle model, that also works directly with threshold cryptosystems. The NIZKPs used in [45,46,36] are all publicly verifiable thus can be readily used in a threshold setting.…”

Section: From Ind-cpa To Ind-cca: Generic Conversionmentioning

confidence: 99%

See 4 more Smart Citations

How to Construct Multicast Cryptosystems Provably Secure Against Adaptive Chosen Ciphertext Attack

Duan

Canny

2006

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper we present a general framework for constructing efficient multicast cryptosystems with provable security and show that a line of previous work on multicast encryption are all special cases of this general approach. We provide new methods for building such cryptosystems with various levels of security (e.g., IND-CPA, IND-CCA2). The results we obtained enable the construction of a whole class of new multicast schemes with guaranteed security using a broader range of common primitives such as OAEP. Moreover, we show that multicast cryptosystems with high level of security (e.g. IND-CCA2) can be based upon public key cryptosystems with weaker (e.g. CPA) security as long as the decryption can be securely and efficiently "shared". Our constructions feature truly constant-size decryption keys whereas the lengths of both the encryption key and ciphertext are independent of group size.

show abstract

Section: From Ind-cpa To Ind-cca: Generic Conversionmentioning

confidence: 73%

Section: Theorem 1 (Security Inheritance) Let µ ∈ {Cp a Cca2} Givementioning

confidence: 99%

Section: Theorem 1 (Security Inheritance) Let µ ∈ {Cp a Cca2} Givementioning

confidence: 99%

Section: Theorem 1 (Security Inheritance) Let µ ∈ {Cp a Cca2} Givementioning

confidence: 99%

Section: From Ind-cpa To Ind-cca: Generic Conversionmentioning

confidence: 99%

See 3 more Smart Citations

How to Construct Multicast Cryptosystems Provably Secure Against Adaptive Chosen Ciphertext Attack

Duan

Canny

2006

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

SCCR: a generic approach to simultaneously achieve CCA security and collusion‐resistance in proxy re‐encryption

Shao

Cao

Liu

2011

Security Comm Networks

View full text Add to dashboard Cite

By allowing a proxy to blindly perform meaningful transformations from one ciphertext to another, proxy re-encryption (PRE) is an important cryptographic primitive in many applications, such as encrypted email forwarding and distributed file system. Due to its usefulness, various PRE schemes have been proposed; however, only one can simultaneously achieve chosen ciphertext security (CCA security) and collusion-resistance. When such schemes are deployed, lack of CCA security will cause secret leaking, and lack of collusion-resistance will cause non-repudiation damage. In this paper, we propose a novel approach (denoted SCCR) to simultaneously achieve CCA security and collusion-resistance in PRE, which faces daunting new challenges. We address these challenges by using CCA-secure (2, 2) threshold cryptosystem to obtain public verifiability, and the method of key management in identity-based encryption (IBE) to achieve collusion-resistance. These two novel techniques have not been yet used in any previous PRE schemes. A unique characteristic of SCCR is that it is a generic construction which has more advantages than a concrete PRE scheme does.CCA security and collusion-resistance in proxy re-encryption § In Reference [20], we showed that none of existing IBPRE scheme is CCA-secure.Recently, Deng et al. [24] proposed a PRE scheme based on the computational Diffie-Hellman assumption.Security Comm. Networks 2011; 4:122-135

show abstract

Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM

Abe

Gennaro²,

Kurosawa

et al. 2005

Lecture Notes in Computer Science

112

109

View full text Add to dashboard Cite

Abstract. This paper presents a novel framework for generic construction of hybrid encryption schemes secure against chosen ciphertext attack. Our new framework yields new and more efficient CCA-secure schemes, and provides insightful explanations about existing schemes that do not fit into the previous frameworks. This could result in finding future improvements. Moreover, it allows immediate conversion from a class of threshold public-key encryption to a hybrid one without considerable overhead, which is not possible in the previous approaches.Finally we present an improved security proof of the KurosawaDesmedt scheme, which removes the original need for informationtheoretic key derivation and message authentication functions. We show that the scheme can be instantiated with any computationally secure such functions, thus extending the applicability of their paradigm, and improving its efficiency.

show abstract

Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks

Cited by 91 publications

References 51 publications

How to Construct Multicast Cryptosystems Provably Secure Against Adaptive Chosen Ciphertext Attack

How to Construct Multicast Cryptosystems Provably Secure Against Adaptive Chosen Ciphertext Attack

SCCR: a generic approach to simultaneously achieve CCA security and collusion‐resistance in proxy re‐encryption

Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM

Contact Info

Product

Resources

About