An Efficient Public-Key Dual-Receiver Encryption Scheme

Abstract: Public-key dual-receiver encryption (PK-DRE) is a kind of particular public-key encryption for enabling two independent recipients to obtain the same plaintext from the same ciphertext. Due to its dual-receiver property, PK-DRE is quite helpful in many scenarios, such as deniable authentication, global key escrow, security puzzle, and even blockchain. To the best of our knowledge, the PK-DRE scheme proposed by Chow, Franklin, and Zhang at CT-RSA 2014 is the best one among the existing schemes in terms of secur… Show more

“…The work in [7] presented a combination of identity based encryption and DRE to provide ID-DRE. The authors in [8], revised the security proof of CFZ14 and based on their observation, they proposed an efficient variant of CFZ14 in terms of computation and storage. Several works considered the construction of PK-DRE based on lattice, authors in [3] employed the learning with errors hypothesis to provide a lattice based DRE scheme.…”

“…As stated before, the PB-DRE schemes are more preferable for practical applications. CFZ14 [6] and its variant introduced in [8] are considered as the most effective PB-DRE schemes. Hence, in this section a comparison is carried out between our suggested PFDRE scheme and CFZ14 and its efficient variant.…”

“…The proposed schemes can be categorized, according to their complexity, into lattice based [3 -5] and pairing based [2, 6 -8]. The most common category for practical application is the pairing based type due to its advantages compared to the lattice based one in terms of corroboration of public verifiability and smaller key size [8]. The smaller key size is suitable in some application with limited storage such as internet of things.…”

“…𝑝𝑢 . 𝑚) as an input and proceed as follow: Generate a random number 𝑟 and calculates: 𝑐 = 𝑔 𝑚 , 𝑐 = (𝑢 𝑣 ) , 𝑐 = (𝑢 𝑣 )  𝑝𝑐 = 𝑐 (𝑢 𝑣 ) , 𝑝𝑐 = 𝑐 (𝑢 𝑣 )The ciphertext passes through one time signature, OTS, algorithm as done by the authors in[6,8]. OTS algorithm incorporates three stages; creating key pair (𝑝𝑢 , 𝑠𝑒𝑐 ), message signing 𝑂𝑇𝑆(𝑠𝑒𝑐 , 𝑐, 𝑐 , 𝑐 ) and signature verification 𝑂𝑇𝑆(𝑣𝑘, 𝑐, 𝑐 , 𝑐 ).The sender sends the ciphertext 𝑐𝑥 = 𝑂𝑇𝑆(𝑠𝑘, 𝑐, 𝑐 , 𝑐 ), also broadcasts (𝑝𝑐 , 𝑝𝑐 ).Decryption: after signature verification done; each user can extract the original message m by calculating: if 𝑂𝑇𝑆(𝑣𝑘, 𝑐, 𝑐 , 𝑐 ) = 1 then 𝑚 = 𝑐(if the equation 𝑝𝑐 (𝑢 𝑣 ) = (𝑢 𝑣 ) = 𝑐 holds then compute 𝑚 = 𝑐 𝑐 and for receiver 2: if the equation 𝑝𝑐 (𝑢 𝑣 ) = (𝑢 𝑣 ) = 𝑐 holds then compute 𝑚 = start with R.H.S to reach the L.H.S m: start with R.H.S to reach the L.H.S m: L.H.S: The ciphertext of our variant proposed algorithm achieves the public verifiability by verifying the following equation respectively for each user:  User 1: 𝑝𝑐 = 𝑐 (𝑢 𝑣 ) i.e 𝑝𝑐 (𝑢 𝑣 ) = 𝑐 , 𝑝𝑐 = 𝑐 (𝑢 𝑣 )  𝑝𝑐 (𝑢 𝑣 ) = 𝑐 𝑐 𝑢 𝑣 (𝑢 𝑣 ) = 𝑐 In addition, anyone can verify that 𝑐 corresponds to 𝑐 and 𝑐 through 𝑂𝑇𝑆.…”

“…Performance comparison between CFZ14, its variant and our proposed scheme.Gao, Chen, Wang and Zhixian[8] (with pairings) Chow, Franklin and Zhang[6] (with pairings) Encryption 𝑇 +2𝑇 . +𝑇 .…”

A Pairing Free Provable Public Key Dual Receiver Encryption Scheme

“…The work in [7] presented a combination of identity based encryption and DRE to provide ID-DRE. The authors in [8], revised the security proof of CFZ14 and based on their observation, they proposed an efficient variant of CFZ14 in terms of computation and storage. Several works considered the construction of PK-DRE based on lattice, authors in [3] employed the learning with errors hypothesis to provide a lattice based DRE scheme.…”

“…As stated before, the PB-DRE schemes are more preferable for practical applications. CFZ14 [6] and its variant introduced in [8] are considered as the most effective PB-DRE schemes. Hence, in this section a comparison is carried out between our suggested PFDRE scheme and CFZ14 and its efficient variant.…”

“…The proposed schemes can be categorized, according to their complexity, into lattice based [3 -5] and pairing based [2, 6 -8]. The most common category for practical application is the pairing based type due to its advantages compared to the lattice based one in terms of corroboration of public verifiability and smaller key size [8]. The smaller key size is suitable in some application with limited storage such as internet of things.…”

“…𝑝𝑢 . 𝑚) as an input and proceed as follow: Generate a random number 𝑟 and calculates: 𝑐 = 𝑔 𝑚 , 𝑐 = (𝑢 𝑣 ) , 𝑐 = (𝑢 𝑣 )  𝑝𝑐 = 𝑐 (𝑢 𝑣 ) , 𝑝𝑐 = 𝑐 (𝑢 𝑣 )The ciphertext passes through one time signature, OTS, algorithm as done by the authors in[6,8]. OTS algorithm incorporates three stages; creating key pair (𝑝𝑢 , 𝑠𝑒𝑐 ), message signing 𝑂𝑇𝑆(𝑠𝑒𝑐 , 𝑐, 𝑐 , 𝑐 ) and signature verification 𝑂𝑇𝑆(𝑣𝑘, 𝑐, 𝑐 , 𝑐 ).The sender sends the ciphertext 𝑐𝑥 = 𝑂𝑇𝑆(𝑠𝑘, 𝑐, 𝑐 , 𝑐 ), also broadcasts (𝑝𝑐 , 𝑝𝑐 ).Decryption: after signature verification done; each user can extract the original message m by calculating: if 𝑂𝑇𝑆(𝑣𝑘, 𝑐, 𝑐 , 𝑐 ) = 1 then 𝑚 = 𝑐(if the equation 𝑝𝑐 (𝑢 𝑣 ) = (𝑢 𝑣 ) = 𝑐 holds then compute 𝑚 = 𝑐 𝑐 and for receiver 2: if the equation 𝑝𝑐 (𝑢 𝑣 ) = (𝑢 𝑣 ) = 𝑐 holds then compute 𝑚 = start with R.H.S to reach the L.H.S m: start with R.H.S to reach the L.H.S m: L.H.S: The ciphertext of our variant proposed algorithm achieves the public verifiability by verifying the following equation respectively for each user:  User 1: 𝑝𝑐 = 𝑐 (𝑢 𝑣 ) i.e 𝑝𝑐 (𝑢 𝑣 ) = 𝑐 , 𝑝𝑐 = 𝑐 (𝑢 𝑣 )  𝑝𝑐 (𝑢 𝑣 ) = 𝑐 𝑐 𝑢 𝑣 (𝑢 𝑣 ) = 𝑐 In addition, anyone can verify that 𝑐 corresponds to 𝑐 and 𝑐 through 𝑂𝑇𝑆.…”

“…Performance comparison between CFZ14, its variant and our proposed scheme.Gao, Chen, Wang and Zhixian[8] (with pairings) Chow, Franklin and Zhang[6] (with pairings) Encryption 𝑇 +2𝑇 . +𝑇 .…”

A Pairing Free Provable Public Key Dual Receiver Encryption Scheme

Efficient provable dual receiver hybrid and light weight public key schemes based on the discrete logarithm problem without pairings