A Generic Construction for Token-Controlled Public Key Encryption
Token-controlled public key encryption (TCPKE) schemes, introduced in , offer many possibilities of application in financial or legal scenarios. Roughly speaking, in a TCPKE scheme messages are encrypted by using a public key together with a secret token, in such a way that the receiver is not able to decrypt this ciphertext until the token is published or released. The communication overhead for releasing the token is small in comparison with the ciphertext size.
However, the fact that the same ciphertext could decrypt to different messages under different tokens was not addressed in the original work. In our opinion this is an essential security property that limits the use of this primitive in practice. In this work, we formalize this natural security goal and show that the schemes in are insecure under this notion. In the second place, we propose a very simple and efficient generic construction of TCPKE schemes, starting from any trapdoor partial one-way function. This construction is obtained from a slight but powerful modification of the celebrated Fujisaki-Okamoto transformation . We prove that the resulting schemes satisfy all the required security properties, in the random oracle model. Previous to this work, only particular instantiations of TCPKE schemes were proposed.
KeywordsPublic key encryption provable security timed-release cryptography random oracle model
Unable to display preview. Download preview PDF.
- 3.Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)Google Scholar
- 4.Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of CCS 1993 (1993)Google Scholar
- 6.Di Crescenzo, G., Ostrovsky, R., Rajagopalan, S.: Conditional oblivious transfer and timed-release encryption. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 74–89. Springer, Heidelberg (1999)Google Scholar
- 7.Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999)Google Scholar
- 11.May, T.: Timed-release crypto. Manuscript, available at http://www.cyphernet.org/cyphernomicon/chapter14/14.5.html
- 13.Rivest, R., Shamir, A., Wagner, D.: Timed-lock puzzles and timed-release crypto. Technical report, MIT/LCS/TR-684 (1996)Google Scholar