Cryptology ePrint Archive: Report 2012/159

Hybrid Encryption in the Multi-User Setting

G.M. Zaverucha

Abstract: This paper presents an attack in the multi-user setting on various public-key encryption schemes standardized in IEEE 1363a, SECG SEC 1 and ISO 18033-2. The multi-user setting is a security model proposed by Bellare et al., which allows adversaries to simultaneously attack multiple ciphertexts created by one or more users. An attack is considered successful if the attacker learns information about any of the plaintexts. We show that many standardized public-key encryption schemes are vulnerable in this model, and give ways to prevent the attack. We also show that the key derivation function and pseudorandom generator used to implement a hybrid encryption scheme must be secure in the multi-user setting, in order for the overall primitive to be secure in the multi-user setting. As an illustration of the former, we show that using HKDF (as standardized in NIST SP 800-56C) as a key derivation function for certain standardized hybrid public-key encryption schemes is insecure in the multi-user setting.

Category / Keywords: public-key cryptography / hybrid public-key encryption, multi-user security

Date: received 20 Mar 2012

Contact author: gzaveruc at cs uwaterloo ca

Available format(s): PDF | BibTeX Citation

Version: 20120328:131609 (All versions of this report)

Short URL: ia.cr/2012/159

Discussion forum: Show discussion | Start new discussion