Complementary witness soundness for witness indistinguishable proof system and CCA2 public-key encryption schemes

Abstract

We introduce the notion of complementary-witness-soundness for a witness indistinguishable proof system. We then present a new general framework for public key encryption schemes, denoted as CWSWI-type encryption, based on a complementary-witness-sound witness indistinguishable CWSWI proof system. The construction of a CWSWI-type encryption scheme is relatively straightforward, while the security thereof against adaptive chosen ciphertext attack denoted CCA2 can be rigorously proven. Many existing CCA2 public key encryption schemes can be interpreted as being of CWSWI-type, including the schemes of Lindell, Cramer-Shoup and Peikert-Waters. Thus, our CWSWI approach provides a novel means for designing and analysing CCA2 secure public key encryption schemes.