Abstract
Non-interactive zero-knowledge (NIZK) proofs for chosen-ciphertext security are generally considered to give an impractical construction. An interesting recent work by Seo, Abdalla, Lee, and Park (Information Sciences, July 2019) proposed an efficient semi-generic conversion method for achieving chosen-ciphertext security based on NIZK proofs in the random oracle model. The recent work by Seo et al. demonstrated that the semi-generic conversion method transforms a one-way (OW)-secure key encapsulation mechanism (KEM) into a chosen-ciphertext secure KEM while preserving tight security reduction. This paper shows that the security analysis of the semi-generic conversion method has a flaw, which comes from the OW security condition of the underlying KEM. Without changing the conversion method, this paper presents a revised security proof under the changed conditions that (1) the underlying KEM must be chosen-plaintext secure in terms of indistinguishability and (2) an NIZK proof derived from the underlying KEM via the Fiat–Shamir transform must have the properties of zero-knowledge and simulation soundness. This work extended the security proof strategy to the case of identity-based KEM (IBKEM) and also revise the security proof for IBKEM of previous method by Seo et al. Finally, this work gives a corrected security proof by applying the new proofs to several existing (IB)KEMs.
Highlights
Non-interactive zero-knowledge (NIZK) proofs [1,2,3] are considered as some of the most fundamental and versatile cryptographic primitives [4,5]
A recent work by Seo et al [12] proposed a new semi-generic approach for constructing a CCA-secure key encapsulation mechanism (KEM) based on NIZK proof systems derived from the Fiat–Shamir (FS) transform [13]
Seo et al [12] demonstrated that their approach can transform an OW-secure KEM into a CCA-secure KEM in the random oracle model without security loss
Summary
Non-interactive zero-knowledge (NIZK) proofs [1,2,3] are considered as some of the most fundamental and versatile cryptographic primitives [4,5]. A recent work by Seo et al [12] proposed a new semi-generic approach for constructing a CCA-secure (and practical) key encapsulation mechanism (KEM) based on NIZK proof systems derived from the Fiat–Shamir (FS) transform [13]. As building blocks, their technique uses a one-way (OW)-secure KEM and an FS-derived NIZK proof system to prove the relationship (such as equality or linearity) among discrete logarithms. Seo et al [12] demonstrated that their approach can transform an OW-secure (and NIZK-compatible) KEM into a CCA-secure KEM in the random oracle model without security loss
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call