Selective Opening Security Research Articles

Receiver selective opening security for identity-based encryption in the multi-challenge setting

Receiver selective opening security for identity-based encryption in the multi-challenge setting

All-But-Many Lossy Trapdoor Functions under Decisional RSA Subgroup Assumption and Application

Abstract Lossy trapdoor functions (LTDFs) were introduced by Peikert and Waters (STOC 2008) and have a number of applications in cryptography. All-but-many lossy trapdoor functions (ABM-LTDFs) are generalizations of LTDFs studied by Hofheinz (Eurocrypt 2012). Specially, using ABM-LTDFs to construct public key encryption (PKE) scheme with selective opening security has been proven feasible. Existing ABM-LTDFs were built on pairings, lattices and decisional composite residuosity (DCR) assumption. However, pairing-based ABM-LTDFs and DCR-based ABM-LTDFs rely on non-standard assumptions. In this paper, we construct an ABM-LTDF under the decisional RSA subgroup (DRSA) assumption, and we employ it to construct PKE scheme with selective opening security. We also propose a construction of DCR-based ABM-LTDF relying on standard assumption in Appendix.

Practical public key encryption with selective opening security for receivers

Data security and privacy protection is one of the highest concerns in cloud computing. Selective opening security (SOA security) is a security notion focusing on a multi-user setting on the Internet. In recent years, many public-key encryption (PKE) constcutions have been proposed that meet SOA security. Most of them focus on the sender corruption setting. However, less attention has been paid on the receiver corruption setting. Inspired by the work of Heuer et al. (PKC 2015), which showed a practical SOA secure PKE scheme (in the sender corruption setting) from a key encapsulation mechanism (KEM) and a message authentication code (MAC), we propose a practical generic PKE construction achieving simulation-based SOA security under chosen-ciphertext attacks for recievers (RSIM-SO-CCA security). Our construction is also based on a KEM and a MAC. We show that if the underlying KEM is one-way secure in the presence of a plaintext-checking oracle (OW-PCA) and the underlying MAC is strong unforgeable under one-time chosen message attacks (sUF-OT-CMA), then our generic construction is RSIM-SO-CCA secure in the random oracle model.

Data security against receiver corruptions: SOA security for receivers from simulatable DEMs

Data security and privacy protection issues are the primary network security threats. The notion of selective opening security (SOA) for receivers focuses on such a scenario of multi-user setting: there are one sender and multiple receivers. Upon receiving the multiple challenge ciphertexts, even if the adversary is allowed to corrupt some of the receivers (e.g. the Heartbleed attack) by obtaining the decryption keys corresponding to some of the challenge ciphertexts, the SOA security for receivers requires that the ciphertexts of the uncorrupted receivers remain secure. The setting of receiver corruptions is much less studied than that of sender corruptions, where the corrupted senders expose their messages and the random coins employed during the encryption.In this paper, we propose an approach to achieve simulation-based selective opening security for receivers under chosen-ciphertext attacks (RSIM-SO-CCA), with the help of the technique proposed by Heuer and Poettering in Asiacrypt 2016. Specifically, for a hybrid public-key encryption (PKE) scheme consisting of a blockcipher-based data encapsulation mechanism (DEM) and a key encapsulation mechanism (KEM), if the DEM and KEM meet some special properties, then the hybrid PKE scheme is RSIM-SO-CCA secure in the ideal cipher model.

Simulation-based selective opening security for receivers under chosen-ciphertext attacks

Security against selective opening attack (SOA) for receivers requires that in a multi-user setting, even if an adversary has access to all ciphertexts, and adaptively corrupts some fraction of the users to obtain the decryption keys corresponding to some of the ciphertexts, the remaining (potentially related) ciphertexts retain their privacy. In this paper, we study simulation-based selective opening security for receivers of public key encryption (PKE) schemes under chosen-ciphertext attacks (RSIM-SO-CCA). Concretely, we first show that some known PKE schemes meet RSIM-SO-CCA security. Then, we introduce the notion of master-key SOA security for identity-based encryption (IBE), and extend the Canetti–Halevi–Katz transformation to show generic PKE constructions achieving RSIM-SO-CCA security. Finally, we show how to construct an IBE scheme achieving master-key SOA security.

Public-Key Encryption with Tight Simulation-Based Selective-Opening Security

Public-Key Encryption with Tight Simulation-Based Selective-Opening Security

Insight of the protection for data security under selective opening attacks

Data security and privacy protection issues are the primary restraints for adoption of cloud computing. Selective opening security (SOA security) focuses on such a scenario of cloud computing: Multiple senders encrypt their own data with the public key of a single receiver. Given the ciphertexts, the adversary is allowed to corrupt some of the senders, seeing not only their plaintexts but also the random coins used during the encryption. The security requirement of SOA security is that the privacy of the unopened data is preserved.On the other hand, non-malleability is also a very important security notion for data security in cloud computing and public-key cryptography. The security requirement of non-malleability is that given a challenge ciphertext, it should be infeasible to generate a ciphertext vector whose decryption is “meaningfully related” to the corresponding challenge plaintext. However, as far as we know, the relations between non-malleability and SOA security are still undiscovered, and the security notion of non-malleability under selective opening attacks has not yet been formally defined or researched.In this paper, we formalize the security notion of non-malleability under selective opening attacks (NM-SO security), and explore the relations between NM-SO security and the standard SOA security, the relations between NM-SO security and the standard non-malleability, and the relations among NM-SO security notions.

Selective opening security of practical public‐key encryption schemes

The authors show that two well-known and widely employed public-key encryption schemes – RSA optimal asymmetric encryption padding (RSA-OAEP) and Diffie–Hellman integrated encryption scheme (DHIES), instantiated with a one-time pad, – are secure under (the strong, simulation-based security notion of) selective opening security against chosen-ciphertext attacks in the random oracle model. Both schemes are obtained via known generic transformations that transform relatively weak primitives (with security in the sense of one-wayness) to indistinguishability (IND)-CCA secure encryption schemes. The authors also show a similar result for the well-known Fujisaki–Okamoto transformation that can generically turn a one-way secure public key encryption system and a one-time pad into a IND-CCA-secure public-key encryption system. The authors prove that selective opening security comes for free in these transformations. Both DHIES and RSA-OAEP are important building blocks in several standards for public key encryption and key exchange protocols. The Fujisaki–Okamoto transformation is very versatile and has successfully been utilised to build efficient lattice-based cryptosystems. The considered schemes are the first practical cryptosystems that meet the strong notion of simulation-based selective opening (SIM-SO-CCA) security.