Cryptology ePrint Archive: Report 2009/101

Encryption Schemes Secure under Selective Opening Attack

Mihir Bellare and Scott Yilek

Abstract: We provide the first public key encryption schemes proven secure against selective opening attack (SOA). This means that if an adversary obtains a number of ciphertexts and then corrupts some fraction of the senders, obtaining not only the corresponding messages but also the coins under which they were encrypted then the security of the other messages is guaranteed. Whether or not schemes with this property exist has been open for many years. Our schemes are based on a primitive we call lossy encryption. Our schemes have short keys (public and secret keys of a fixed length suffice for encrypting an arbitrary number of messages), are stateless, are non-interactive, and security does not rely on erasures. The schemes are without random oracles, proven secure under standard assumptions (DDH, Paillier’s DCR, QR, lattices), and even efficient. We are able to meet both an indistinguishability (IND-SOA-C) and a simulation-style, semantic security (SS-SOA-C) definition.

Category / Keywords: encryption, selective opening, lossy trapdoor functions, DDH

Publication Info: A preliminary version of this paper appears as part of our Eurocrypt 2009 paper with Dennis Hofheinz

Date: received 27 Feb 2009, last revised 23 Sep 2012

Contact author: syilek at stthomas edu

Available formats: PDF | BibTeX Citation

Note: Updated full version.

Version: 20120923:212424 (All versions of this report)

Discussion forum: Show discussion | Start new discussion