Public-Key Encryption with Non-interactive Opening

Damgård, Ivan; Hofheinz, Dennis; Kiltz, Eike; Thorbek, Rune

doi:10.1007/978-3-540-79263-5_15

Cited by 38 publications

(40 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As a consequence, for invalid ciphertexts "the coins used to construct C" might not be well defined. Indeed, we show in Section 4.1 how the (apparently) straightforward construction of PKENO out of PKEWR fails to provide security in the sense of [DHKT08]. This then motivates the quest for both new generic and concrete constructions for PKENO.…”

Section: Our Contributionsmentioning

confidence: 91%

“…Damgård et al [DHKT08] showed that a PKENO can be built out of Identity-Based Encryption (IBE). Although IBE can now be realized under a variety of assumptions and without bilinear maps (see [BGH07,GPV08,AB09,CHK09,Pei09] for instance), it remains a very specialized and powerful cryptographic primitive.…”

Section: Our Contributionsmentioning

confidence: 99%

“…non-interactive user key derivation). In [DHKT08], the authors mentioned that PKENO can also be based upon a seemingly weaker primitive, called public-key encryption with witness-recovering decryption (PKEWR) [PW08]. In a PKEWR scheme, the receiver Bob is able to recover the random coins r used to encrypt a ciphertext C. Damgård et al proposed to use the coins r as the proof, and verification proceeds by re-encrypting C = Enc(pk B , m; r) and checking whether C = C .…”

Section: Our Contributionsmentioning

confidence: 99%

“…Proof soundness ensures that Bob can do so convincingly; in particular, it states that if a ciphertext C encrypts a message m, then Bob cannot make a proof for C being an encryption of a different message m (including the case of invalid messages m = ⊥). In the game that formally defines this security notion [DHKT08,Gal09], the challenger produces a private/public key pair, hands it to the adversary, who outputs a message of which he receives an encryption C. The adversary wins if he outputs a different message and makes a valid proof that this was the opening.…”

Section: Our Contributionsmentioning

confidence: 99%

“…Thus, previous definitions of proof soundness [DHKT08,Gal09] only considered the case of honestly chosen keys, where a malicious receiver tries to claim a different decryption result under the genuine keys. In real-world applications, however, the keys are usually chosen by the users themselves.…”

Section: Our Contributionsmentioning

confidence: 99%

See 4 more Smart Citations

Public-Key Encryption with Non-Interactive Opening: New Constructions and Stronger Definitions

Galindo

Libert

Fischlin

et al. 2010

Progress in Cryptology – AFRICACRYPT 2010

View full text Add to dashboard Cite

Abstract. Public-key encryption schemes with non-interactive opening (PKENO) allow a receiver to non-interactively convince third parties that a ciphertext decrypts to a given plaintext or, alternatively, that such a ciphertext is invalid. Two practical generic constructions for PKENO have been proposed so far, starting from either identity-based encryption or public-key encryption with witness-recovering decryption (PKEWR). We show that the known transformation from PKEWR to PKENO fails to provide chosen-ciphertext security; only the transformation from identity-based encryption remains thus valid. Next, we prove that PKENO can be built out of robust non-interactive threshold publickey cryptosystems, a primitive seemingly weaker than identity-based encryption. Using the new transformation, we construct two efficient PKENO schemes: one based on the Decisional Diffie-Hellman assumption (in the Random Oracle Model) and one based on the Decisional Linear assumption (in the standard model). Last but not least, we propose new applications of PKENO in protocol design. Motivated by these applications, we reconsider proof soundness for PKENO and put forward new definitions that are stronger than those considered so far. We give a taxonomy of all definitions and demonstrate them to be satisfiable.

show abstract

Section: Our Contributionsmentioning

confidence: 91%

Section: Our Contributionsmentioning

confidence: 99%

Section: Our Contributionsmentioning

confidence: 99%

Section: Our Contributionsmentioning

confidence: 99%

Section: Our Contributionsmentioning

confidence: 99%

See 3 more Smart Citations

Public-Key Encryption with Non-Interactive Opening: New Constructions and Stronger Definitions

Galindo

Libert

Fischlin

et al. 2010

Progress in Cryptology – AFRICACRYPT 2010

View full text Add to dashboard Cite

show abstract

New application of partitioning methodology: identity‐based dual receiver encryption

Zhang

Chen

et al. 2016

Security Comm Networks

View full text Add to dashboard Cite

Dual receiver encryption (DRE), a notion of public key encryption (PKE) introduced at CCS'04, allows two independent receivers to decrypt a ciphertext into a same plaintext. This crypto primitive is quite useful in designing denial of service attack‐resilient protocols. To our knowledge, prior DRE constructions are considered in the traditional PKE settings, which may face the difficulty of certificate management. This paper aiming at solving this dilemma of DRE in the traditional PKE settings, and gives an identity‐based variant version of DRE: identity‐based dual receiver encryption (ID‐DRE) that combines the notion of DRE and identity‐based encryption (IBE). Based on Waters' IBE (Crypto'05), two ID‐DRE schemes are constructed in the standard model and by partitioning methodology, provable security of our ID‐DRE schemes are obtained under the decisional bilinear Diffie‐Hellman. Furthermore, we achieve a tighter reduction by adopting a random walk‐like methodology of analysis on the lower bound of simulators' artificial abort, which also results in better security tightness for Waters IBE. This improved result scriptO(n·q) for Waters' IBE, where n is the bitlength of messages and q is the number of adversarial key queries, is consistent with Hofheinz and Kiltz's result (Crypto'08). Copyright © 2017 John Wiley & Sons, Ltd.

show abstract

Towards Efficient LPN-Based Symmetric Encryption

Bogos

Korolija

Locher

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Due to the rapidly growing number of devices that need to communicate securely, there is still significant interest in the development of efficient encryption schemes. It is important to maintain a portfolio of different constructions in order to enable a quick transition if a novel attack breaks a construction currently in use. A promising approach is to construct encryption schemes based on the learning parity with noise (LPN) problem as these schemes can typically be implemented fairly efficiently using mainly "exclusive or" (XOR) operations. Most LPNbased schemes in the literature are asymmetric, and there is no practical evaluation of any LPN-based symmetric encryption scheme. In this paper, we propose a novel LPN-based symmetric encryption scheme that is more efficient than related schemes. Apart from analyzing our scheme theoretically, we provide the first practical evaluation of a symmetric LPN-based scheme, including a study of its performance in terms of attainable throughput depending on the selected parameters. As the encryption scheme lends itself to an implementation in hardware, we further evaluate it on a low-end SoC FPGA. The measurement results attest that our encryption scheme achieves high performance rates in terms of throughput on such hardware, providing evidence that symmetric encryption schemes based on hard learning problems may be constructed that can compete with state-of-the-art encryption schemes.

show abstract

Public-Key Encryption with Non-interactive Opening

Cited by 38 publications

References 15 publications

Public-Key Encryption with Non-Interactive Opening: New Constructions and Stronger Definitions

Public-Key Encryption with Non-Interactive Opening: New Constructions and Stronger Definitions

New application of partitioning methodology: identity‐based dual receiver encryption

Towards Efficient LPN-Based Symmetric Encryption

Contact Info

Product

Resources

About