Abstract
We formally define the primitive of public-key encryption with non-interactive opening (PKENO), where the receiver of a ciphertext C can, convincingly and without interaction, reveal what the result was of decrypting C, without compromising the scheme’s security. This has numerous applications in cryptographic protocol design, e.g., when the receiver wants to demonstrate that some information he was sent privately was not correctly formed. We give a definition based on the UC framework as well as an equivalent game-based definition. The PKENO concept was informally introduced by Damgård and Thorbek who suggested that it could be implemented based on Identity-Based Encryption. In this paper, we give direct and optimized implementations, that work without having to keep state information, unlike what one obtains from directly using IBE.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Backes, M., Dürmuth, M., Hofheinz, D., Küsters, R.: Conditional reactive simulatability. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 424–443. Springer, Heidelberg (2006), http://eprint.iacr.org/2006/132.ps
Backes, M., Pfitzmann, B.: Limits of the cryptographic realization of Dolev-Yao-style XOR. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 178–196. Springer, Heidelberg (2005), http://eprint.iacr.org/2005/220.ps
Boneh, D., Boyen, X.: Efficient selective-ID secure identity based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)
Boneh, D., Franklin, M.K.: Identity based encryption from the Weil pairing. SIAM Journal on Computing 32(3), 586–615 (2003)
Boyen, X., Mei, Q., Waters, B.: Direct chosen ciphertext security from identity-based techniques. In: Atluri, V., Meadows, C., Juels, A. (eds.) ACM CCS 2005, pp. 320–329. ACM Press, New York (2005)
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42th Annual Symposium on Foundations of Computer Science, Proceedings of FOCS 2001, pp. 136–145. IEEE Computer Society, Los Alamitos (2001), http://www.eccc.uni-trier.de/eccc-reports/2001/TR01-016/revisn01.ps
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. IACR ePrint Archive, Online (January 2005), http://eprint.iacr.org/2000/067.ps
Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001), http://eprint.iacr.org/2001/055.ps
Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004)
Canetti, R., Krawczyk, H., Nielsen, J.B.: Relaxing chosen-ciphertext security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 565–582. Springer, Heidelberg (2003), http://eprint.iacr.org/2003/174.ps
Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing 33(1), 167–226 (2003)
Damgård, I., Thorbek, R.: Non-interactive proofs for integer multiplication. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 412–429. Springer, Heidelberg (2007), http://eprint.iacr.org/2007/086
Datta, A., Derek, A., Mitchell, J.C., Ramanathan, A., Scredrov, A.: Games and the impossibility of realizable ideal functionality. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 360–379. Springer, Heidelberg (2006), http://eprint.iacr.org/2005/211.pdf
Hofheinz, D., Müller-Quade, J., Steinwandt, R.: On modeling IND-CCA security in cryptographic protocols. 14 pages. Tatra Mountains Mathematical Publications (to be published, 2005)
Kiltz, E.: Chosen-ciphertext security from tag-based encryption. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 581–600. Springer, Heidelberg (2006)
Lindell, Y.: General composition and universal composability in secure multi-party computation. In: 44th Annual Symposium on Foundations of Computer Science, Proceedings of FOCS 2003, pp. 394–403. IEEE Computer Society, Los Alamitos (2003), http://eprint.iacr.org/2003/141.ps
Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: 22nd ACM STOC, May 1990, ACM Press, New York (1990)
Nielsen, J.B.: On Protocol Security in the Cryptographic Model. PhD thesis, University of Aarhus (2003), http://www.brics.dk/~buus/jbnthesis.ps.gz
Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. Cryptology ePrint Archive, Report 2007/279 (2007), http://eprint.iacr.org/
Waters, B.R.: Efficient identity-based encryption without random oracles. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Damgård, I., Hofheinz, D., Kiltz, E., Thorbek, R. (2008). Public-Key Encryption with Non-interactive Opening. In: Malkin, T. (eds) Topics in Cryptology – CT-RSA 2008. CT-RSA 2008. Lecture Notes in Computer Science, vol 4964. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79263-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-79263-5_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79262-8
Online ISBN: 978-3-540-79263-5
eBook Packages: Computer ScienceComputer Science (R0)