Cryptology ePrint Archive: Report 2015/010

Simulation-based Selective Opening CCA Security for PKE from Key Encapsulation Mechanisms

Shengli Liu and Kenneth G. Paterson

Abstract: We study simulation-based, selective opening security against chosen-ciphertext attacks (SIM-SO-CCA security) for public key encryption (PKE). In a selective opening, chosen-ciphertext attack (SO-CCA), an adversary has access to a decryption oracle, sees a vector of ciphertexts, adaptively chooses to open some of them, and obtains the corresponding plaintexts and random coins used in the creation of the ciphertexts. The SIM-SO-CCA notion captures the security of unopened ciphertexts with respect to probabilistic polynomial-time (ppt) SO-CCA adversaries in a semantic way: what a ppt SO-CCA adversary can compute can also be simulated by a ppt simulator with access only to the opened messages. Building on techniques used to achieve weak deniable encryption and non-committing encryption, Fehr et al. (Eurocrypt 2010) presented an approach to constructing SIM-SO-CCA secure PKE from extended hash proof systems (EHPSs), collision-resistant hash functions and an information-theoretic primitive called Cross Authentication Codes (XACs). We generalize their approach by introducing a special type of Key Encapsulation Mechanism (KEM) and using it to build SIM-SO-CCA secure PKE. We investigate what properties are needed from the KEM to achieve SIM-SO-CCA security. We also give three instantiations of our construction. The first uses hash proof systems, the second relies on the n-Linear assumption, and the third uses indistinguishability obfuscation (iO) in combination with extracting, puncturable Pseudo-Random Functions in a similar way to Sahai and Waters (STOC 2014). Our results establish the existence of SIM-SO-CCA secure PKE assuming only the existence of one-way functions and iO. This result further highlights the simplicity and power of iO in constructing different cryptographic primitives.

Category / Keywords: public-key cryptography; selective opening

Original Publication (with major differences): IACR-PKC-2015

Date: received 6 Jan 2015, last revised 10 Jan 2015

Contact author: slliu at sjtu edu cn

Available format(s): PDF | BibTeX Citation

Note: An extended abstract of this paper will be published in the proceedings of the 18th International Conference on Practice and Theory in Public-Key Cryptography (PKC 2015). This is the full version.

Version: 20150110:074911 (All versions of this report)

Short URL: ia.cr/2015/010

Discussion forum: Show discussion | Start new discussion