×

Dynamic threshold public-key encryption with decryption consistency from static assumptions. (English) Zbl 1358.94077

Foo, Ernest (ed.) et al., Information security and privacy. 20th Australasian conference, ACISP 2015, Brisbane, QLD, Australia, June 29 – July 1, 2015. Proceedings. Cham: Springer (ISBN 978-3-319-19961-0/pbk; 978-3-319-19962-7/ebook). Lecture Notes in Computer Science 9144, 77-92 (2015).
Summary: Dynamic threshold public-key encryption (dynamic TPKE) is a natural extension of ordinary TPKE which allows decryption servers to join the system dynamically after the system is set up, and allows the sender to dynamically choose the authorized set and the decryption threshold at the time of encryption. Currently, the only known dynamic TPKE scheme is a scheme proposed by C. Delerablée and D. Pointcheval [CRYPTO 2008, Lect. Notes Comput. Sci. 5157, 317–334 (2008; Zbl 1183.94028)]. This scheme is proven to provide message confidentiality under a \(q\)-type assumption, but to achieve decryption consistency, a random oracle extension is required.{ }In this paper we show conceptually simple methods for constructing dynamic TPKE schemes with decryption consistency from only static assumptions (e.g., the decisional linear assumption in bilinear groups) without relying on random oracles. Our first construction is a purely generic construction from public-key encryption with non-interactive opening (PKENO) formalized by I. Damgård et al. [CT-RSA 2008, Lect. Notes Comput. Sci. 4964, 239–255 (2008; Zbl 1161.94393)]. However, this construction achieves a slightly weaker notion of decryption consistency compared to the random oracle extension of the Delerablée and Pointcheval scheme, which satisfies the notion defined by Boneh, Boyen and Halevi [D. Boneh et al., CT-RSA 2006, Lect. Notes Comput. Sci. 3860, 226–243 (2006; Zbl 1125.94012)]. Our second construction uses a specific PKENO scheme based on the decisional linear assumption in combination with the efficient zero-knowledge proofs by Groth and Sahai. In contrast to our first construction, our second construction achieves the stronger notion of decryption consistency defined by Boneh, Boyen and Halevi.
For the entire collection see [Zbl 1314.94007].

MSC:

94A60 Cryptography
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Backes, M.; Kate, A.; Patra, A.; Lee, DH; Wang, X., Computational verifiable secret sharing revisited, Advances in Cryptology - ASIACRYPT 2011, 590-609 (2011), Heidelberg: Springer, Heidelberg · Zbl 1227.94071 · doi:10.1007/978-3-642-25385-0_32
[2] Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Proceedings of the 20th Annual ACM Symposium on Theory of Computing, pp. 1-10. ACM (1988)
[3] Boneh, D.; Boyen, X.; Halevi, S.; Pointcheval, D., Chosen ciphertext secure public key threshold encryption without random oracles, Topics in Cryptology - CT-RSA 2006, 226-243 (2006), Heidelberg: Springer, Heidelberg · Zbl 1125.94012 · doi:10.1007/11605805_15
[4] Canetti, R.; Goldwasser, S.; Stern, J., An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack, Advances in Cryptology - EUROCRYPT 1999, 90-106 (1999), Heidelberg: Springer, Heidelberg · Zbl 0948.94008
[5] Damgård, I.; Hofheinz, D.; Kiltz, E.; Thorbek, R.; Malkin, T., Public-key encryption with non-interactive opening, Topics in Cryptology - CT-RSA 2008, 239-255 (2008), Heidelberg: Springer, Heidelberg · Zbl 1161.94393 · doi:10.1007/978-3-540-79263-5_15
[6] Daza, V.; Herranz, J.; Morillo, P.; Ràfols, C.; Susilo, W.; Liu, JK; Mu, Y., CCA2-secure threshold broadcast encryption with shorter ciphertexts, Provable Security, 35-50 (2007), Heidelberg: Springer, Heidelberg · Zbl 1138.94360 · doi:10.1007/978-3-540-75670-5_3
[7] De Santis, A., Desmedt, Y., Frankel, Y., Yung, M.: How to share a function securely. In: Proceedings of the Twenty-sixth Annual ACM Symposium on Theory of Computing, pp. 522-533. ACM (1994) · Zbl 1345.94094
[8] Delerablée, C.; Pointcheval, D.; Wagner, D., Dynamic threshold public-key encryption, Advances in Cryptology - CRYPTO 2008, 317-334 (2008), Heidelberg: Springer, Heidelberg · Zbl 1183.94028 · doi:10.1007/978-3-540-85174-5_18
[9] Desmedt, Y.; Seberry, J.; Zheng, Y., Threshold cryptosystems, Advances in Cryptology - AUSCRYPT 1992, 1-14 (1993), Heidelberg: Springer, Heidelberg · Zbl 0867.94016
[10] Dodis, Y.; Katz, J.; Kilian, J., Chosen-ciphertext security of multiple encryption, Theory of Cryptography, 188-209 (2005), Heidelberg: Springer, Heidelberg · Zbl 1079.94545 · doi:10.1007/978-3-540-30576-7_11
[11] Emura, K.; Hanaoka, G.; Sakai, Y.; Schuldt, JCN, Group signature implies public-key encryption with non-interactive opening, International Journal of Information Security, 13, 1, 51-62 (2014) · doi:10.1007/s10207-013-0204-y
[12] Galindo, David; Fischlin, Marc, Breaking and repairing damgård et al. public key encryption scheme with non-interactive opening, Topics in Cryptology - CT-RSA 2009, 389-398 (2009), Heidelberg: Springer, Heidelberg · Zbl 1237.94065 · doi:10.1007/978-3-642-00862-7_26
[13] Galindo, D.; Libert, B.; Fischlin, M.; Fuchsbauer, G.; Lehmann, A.; Manulis, M.; Schröder, D.; Bernstein, DJ; Lange, T., Public-key encryption with non-interactive opening: new constructions and stronger definitions, Progress in Cryptology - AFRICACRYPT 2010, 333-350 (2010), Heidelberg: Springer, Heidelberg · Zbl 1284.94074 · doi:10.1007/978-3-642-12678-9_20
[14] Gan, Y.; Wang, L.; Wang, L.; Pan, P.; Yang, Y., Efficient threshold public key encryption with full security based on dual pairing vector spaces, International Journal of Communication Systems, 27, 12, 4059-4077 (2014) · doi:10.1002/dac.2598
[15] Groth, J.; Sahai, A.; Smart, NP, Efficient non-interactive proof systems for bilinear groups, Advances in Cryptology - EUROCRYPT 2008, 415-432 (2008), Heidelberg: Springer, Heidelberg · Zbl 1149.94320 · doi:10.1007/978-3-540-78967-3_24
[16] Ito, M.; Saito, A.; Nishizeki, T., Multiple assignment scheme for sharing secret, Journal of Cryptology, 6, 1, 15-20 (1993) · Zbl 0795.68070 · doi:10.1007/BF02620229
[17] Kiltz, E.; Halevi, S.; Rabin, T., Chosen-ciphertext security from tag-based encryption, Theory of Cryptography, 581-600 (2006), Heidelberg: Springer, Heidelberg · Zbl 1113.94008 · doi:10.1007/11681878_30
[18] Libert, B.; Yung, M.; Aceto, L.; Henzinger, M.; Sgall, J., Adaptively secure non-interactive threshold cryptosystems, Automata, Languages and Programming, 588-600 (2011), Heidelberg: Springer, Heidelberg · Zbl 1334.94085 · doi:10.1007/978-3-642-22012-8_47
[19] Libert, B.; Yung, M.; Cramer, R., Non-interactive CCA-secure threshold cryptosystems with adaptive security: new framework and constructions, Theory of Cryptography, 75-93 (2012), Heidelberg: Springer, Heidelberg · Zbl 1303.94089 · doi:10.1007/978-3-642-28914-9_5
[20] Lim, CH; Lee, PJ; Stinson, DR, Another method for attaining security against adaptively chosen ciphertext attacks, Advances in Cryptology - CRYPTO 1993, 420-434 (1994), Heidelberg: Springer, Heidelberg · Zbl 0870.94033
[21] MacKenzie, P.; Reiter, MK; Yang, K.; Naor, M., Alternatives to non-malleability: definitions, constructions, and applications, Theory of Cryptography, 171-190 (2004), Heidelberg: Springer, Heidelberg · Zbl 1197.94193 · doi:10.1007/978-3-540-24638-1_10
[22] Qin, B.; Wu, Q.; Zhang, L.; Domingo-Ferrer, J.; Soriano, M.; Qing, S.; López, J., Threshold public-key encryption with adaptive security and short ciphertexts, Information and Communications Security, 62-76 (2010), Heidelberg: Springer, Heidelberg · Zbl 1295.94134 · doi:10.1007/978-3-642-17650-0_6
[23] Shoup, V.; Gennaro, R.; Nyberg, K., Securing threshold cryptosystems against chosen ciphertext attack, Advances in Cryptology - EUROCRYPT 1998, 1-16 (1998), Heidelberg: Springer, Heidelberg · Zbl 0919.94031 · doi:10.1007/BFb0054113
[24] Shoup, V.; Gennaro, R., Securing threshold cryptosystems against chosen ciphertext attack, Journal of Cryptology, 15, 2, 75-96 (2002) · Zbl 0997.94016
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.