Title | ||
---|---|---|
Public-Key Encryption with Simulation-Based Selective-Opening Security and Compact Ciphertexts. |
Abstract | ||
---|---|---|
In a selective-opening SO attack on an encryption scheme, an adversary $$A$$A gets a number of ciphertexts with possibly related plaintexts, and can then adaptively select a subset of those ciphertexts. The selected ciphertexts are then opened for $$A$$A which means that $$A$$A gets to see the plaintexts and the corresponding encryption random coins, and $$A$$A tries to break the security of the unopened ciphertexts. Two main flavors of SO security notions exist: indistinguishability-based IND-SO and simulation-based SIM-SO ones. Whereas IND-SO security allows for simple and efficient instantiations, its usefulness in larger constructions is somewhat limited, since it is restricted to special types of plaintext distributions. On the other hand, SIM-SO security does not suffer from this restriction, but turns out to be significantly harder to achieve. In fact, all known SIM-SO secure encryption schemes either require $$\\mathbf {O} |m |$$O|m| group elements in the ciphertext to encrypt $$|m |$$|m|-bit plaintexts, or use specific algebraic properties available in the DCR setting. In this work, we present the first SIM-SO secure PKE schemes in the discrete-log setting with compact ciphertexts whose size is $$\\mathbf {O} 1$$O1 group elements plus plaintext size. The SIM-SO security of our constructions can be based on, e.g., the $$k$$k-linear assumption for any $$k$$k. Technically, our schemes extend previous IND-SO secure schemes by the property that simulated ciphertexts can be efficiently opened to arbitrary plaintexts. We do so by encrypting the plaintext in a bitwise fashion, but such that each encrypted bit leads only to a single ciphertext bit plus $$\\mathbf {O} 1$$O1 group elements that can be shared across many bit encryptions. Our approach leads to rather large public keys of $$\\mathbf {O} |m |^2$$O|m|2 group elements, but we also show how this public key size can be reduced to $$\\mathbf {O} |m |$$O|m| group elements in pairing-friendly groups. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1007/978-3-662-53644-5_6 | IACR Cryptology ePrint Archive |
Keywords | DocType | Volume |
Public-key encryption,Selective-opening security,Lossy encryption,Matrix assumptions | Conference | 2016 |
ISSN | Citations | PageRank |
0302-9743 | 6 | 0.41 |
References | Authors | |
25 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Dennis Hofheinz | 1 | 1540 | 71.76 |
Tibor Jager | 2 | 420 | 27.65 |
Andy Rupp | 3 | 196 | 16.95 |