Identity-Based Encryption Secure against Selective Opening Chosen-Ciphertext Attack

Security against selective opening attack (SOA) requires that in a multi-user setting, even if an adversary has access to all ciphertexts from users, and adaptively corrupts some fraction of the users by exposing not only their messages but also the rando

  • PDF / 320,604 Bytes
  • 16 Pages / 439.363 x 666.131 pts Page_size
  • 100 Downloads / 229 Views

DOWNLOAD

REPORT

Department of Computer Science, Jinan University, China {laijunzuo,cryptjweng}@gmail.com 2 School of Information Systems, Singapore Management University, Singapore [email protected] 3 Department of Computer Science and Engineering, Shanghai Jiao Tong University, China [email protected] 4 Software School, Fudan University, SKLOIS (Beijing) and KLAISTC (Wuhan), China [email protected]

Abstract. Security against selective opening attack (SOA) requires that in a multi-user setting, even if an adversary has access to all ciphertexts from users, and adaptively corrupts some fraction of the users by exposing not only their messages but also the random coins, the remaining unopened messages retain their privacy. Recently, Bellare, Waters and Yilek considered SOA-security in the identity-based setting, and presented the first identity-based encryption (IBE) schemes that are proven secure against selective opening chosen plaintext attack (SO-CPA). However, how to achieve SO-CCA security for IBE is still open. In this paper, we introduce a new primitive called extractable IBE and define its IND-ID-CCA security notion. We present a generic construction of SO-CCA secure IBE from an IND-ID-CCA secure extractable IBE with “One-Sided Public Openability”(1SPO), a collision-resistant hash function and a strengthened cross-authentication code. Finally, we propose two concrete constructions of extractable 1SPO-IBE schemes, resulting in the first simulation-based SO-CCA secure IBE schemes without random oracles. Keywords: identity-based encryption, chosen ciphertext security, selective opening security.

1

Introduction

Security against chosen-plaintext attack (CPA) and security against chosenciphertext attack (CCA) are now well-accepted security notions for encryption. 

Corresponding author.

P.Q. Nguyen and E. Oswald (Eds.): EUROCRYPT 2014, LNCS 8441, pp. 77–92, 2014. c International Association for Cryptologic Research 2014 

78

J. Lai et al.

However, they may not suffice in some scenarios. For example, in a secure multiparty computation protocol, the communications among parties are encrypted, but an adversary may corrupt some parties to obtain not only their messages, but also the random coins used to encrypt the messages. This is the so-called “selective opening attack” (SOA). The traditional CPA (CCA) security does not imply SOA-security [1]. IND-SOA Security vs. SIM-SOA Security. There are two ways to formalize the SOA-security notion [2,4,18] for encryption, namely IND-SOA and SIM-SOA. IND-SOA security requires that no probabilistic polynomial-time (PPT) adversary can distinguish an unopened ciphertext from an encryption of a fresh message, which is distributed according to the conditional probability distribution (conditioned on the opened ciphertexts). Such a security notion requires that the joint plaintext distribution should be “efficiently conditionally re-samplable”, which restricts SOA security to limited settings. To eliminate this restriction, the so-called full-IND-SOA security [5] was suggested. Unfortunat

Data Loading...

Recommend Documents
Receiver Selective Opening CCA Secure Public Key Encryption from Various Assumptions

160 42 12MB

Reset Attack: An Attack Against Homomorphic Encryption-Based Privacy-Preserving Deep Learning System

161 84 61MB

Public-Key Encryption with Simulation-Based Selective-Opening Security and Compact Ciphertexts

169 24 11MB

Possibility and Impossibility Results for Receiver Selective Opening Secure PKE in the Multi-challenge Setting

160 82 22MB

An Improved Adversarial Neural Network Encryption Algorithm Against the Chosen-Cipher Text Attack (CCA)

164 110 103MB

Conjunctive Keywords Searchable Encryption Scheme Against Inside Keywords Guessing Attack from Lattice

140 52 88MB

Security for cyber-physical systems: Secure control against known-plaintext attack

167 97 137KB

Tightly Secure Hierarchical Identity-Based Encryption

181 65 4MB

Adaptively Secure Inner Product Encryption from LWE

183 38 26MB

Secure Cloud Encryption Using File Hierarchy Attribute

155 65 57MB

Selective Opening Security from Simulatable Data Encapsulation

188 88 32MB

Information-theoretic approach for secure localization against sybil attack in wireless sensor network

141 99 828KB