Paper Info
Title
How to Make the Cramer-Shoup Cryptosystem Secure Against Linear Related-Key Attacks.
Abstract
Related-key attacks allow an adversary to change the key stored in the memory of a physical device via tampering or other means, and subsequently observe the outcomes of the cryptosystem under these modified keys. Cramer and Shoup (CRYPTO 1998) proposed the first practical public-key encryption scheme proven to be secure against adaptive chosen-ciphertext attacks in the standard model. The scheme (CS-PKE for short) has great influence since it embodies the paradigm of hash proof system. However, Wee (PKC 2012) showed that the CS-PKE scheme is not secure in the scenario of related-key attacks when the related-key derivation functions include linear functions. A fascinating problem left open is how to protect the classical CS-PKE scheme secure against linear related-key attacks. In this paper, we propose a simple method to make the Cramer-Shoup scheme secure against linear related-key attacks. The idea is to recompute the public key in the decryption algorithm from the secret key, so that any (dangerous) modification to the secret key could be detected during the decryption phase. The new scheme has the same efficiency as the original one, except for involving six exponentiations to fixed bases in the decryption algorithm. Fortunately, the computing time for one fixed-base exponentiation with precomputations is at least 5 times faster than that of one regular exponentiation.
Year
Venue
Field
2016
Inscrypt
Hybrid cryptosystem,Cramer–Shoup cryptosystem,Goldwasser–Micali cryptosystem,Computer science,Benaloh cryptosystem,Encryption,Cryptosystem,Theoretical computer science,Hash function,Public-key cryptography
DocType
Citations 
PageRank 
Conference
0
0.34
References 
Authors
0
5
Name
Order
Citations
PageRank
Baodong Qin119019.40
Shuai Han2710.28
Yu Chen36910.26
Shengli Liu4916.98
Zhuo Wei500.34