A generic construction of CCA-secure deterministic encryption

Abstract

Deterministic public-key encryption (D-PKE), introduced by Bellare, Boldyreva, and O'Neill (CRYPTO'07), encrypts every plaintext into a unique ciphertext without using any randomness. Compared with the traditional randomized public-key encryptions, D-PKE has advantages in searching encrypted values across the database thanks to its lower computational overheads. In the literature, Bellare et al. gave the “strongest possible” notion of security for this primitive, called PRIV, and they also showed how this notion can be achieved in the random oracle model. Afterwards, Boldyreva, Fehr, and O'Neill (CRYPTO'08), followed by many other researchers, designed chosen ciphertext attack (CCA) secure D-PKE schemes in the standard model. These works are all based on lossy trapdoor functions and all-but-one trapdoor functions. In this paper, we present an alternative paradigm to design CCA-secure D-PKE. Our approach is a generic construction based on the identity-based lossy trapdoor functions (IB-LTDF), and it also can be extended to design CCA secure deterministic identity-based encryption schemes (D-IBE). To the best of our knowledge, this gives the first efficient construction of CCA-secure D-IBE schemes. Moreover, our approach can be considered as another application of the CHK transformation.