Paper 2012/473

Sender Equivocable Encryption Schemes Secure against Chosen-Ciphertext Attacks Revisited

Zhengan Huang, Shengli Liu, and Baodong Qin

Abstract

In Eurocrypt 2010, Fehr et al. proposed the first sender equivocable encryption scheme secure against chosen-ciphertext attack (NC-CCA) and proved that NC-CCA security implies security against selective opening chosen-ciphertext attack (SO-CCA). The NC-CCA security proof of the scheme relies on security against substitution attack of a new primitive, ``cross-authentication code''. However, the security of cross-authentication code can not be guaranteed when all the keys used in the code are exposed. Our key observation is that in the NC-CCA security game, the randomness used in the generation of the challenge ciphertext is exposed to the adversary. This random information can be used to recover all the keys involved in cross-authentication code, and forge a ciphertext (like a substitution attack of cross-authentication code) that is different from but related to the challenge ciphertext. And the response of decryption oracle, with respect to the forged ciphertext, leaks information. This leaked information can be employed by an adversary to spoil the NC-CCA security proof of Fehr et al.'s scheme encrypting multi-bit plaintext. In this paper, we provide a security analysis of Fehr et al.'s scheme, showing that its NC-CCA security proof is flawed by presenting an attack. We point out that Fehr et al.'s scheme encrypting single-bit plaintext can be refined to achieve NC-CCA security, free of cross-authentication code. We introduce the strong notion of cross-authentication code, apply it to Fehr et al.'s scheme, and show that the new version of Fehr et al.'s scheme achieves NC-CCA security for multi-bit plaintext.

Note: Added the notion of strong cross-authentication code, and utilized it to fix the NC-CCA security proof of Fehr et al.'s scheme.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. The first version (20120818:035753) of this work will appear in PKC 2013.
Keywords
sender equivocable encryptionchosen-ciphertext attackcross-authentication code
Contact author(s)
hzayusuo5288 @ sjtu edu cn
History
2013-01-28: last of 2 revisions
2012-08-18: received
See all versions
Short URL
https://ia.cr/2012/473
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/473,
      author = {Zhengan Huang and Shengli Liu and Baodong Qin},
      title = {Sender Equivocable Encryption Schemes Secure against Chosen-Ciphertext Attacks Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2012/473},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/473}},
      url = {https://eprint.iacr.org/2012/473}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.