We have noticed, however, that when anyone can contribute ciphertexts (as this is a public key setting), and when clients have access to some ciphertexts (encrypted data) at storage servers (since we do not exclude this possibility), then, when in order to retrieve plaintexts they employ decryption service (i.e., probe crypto servers in the cloud), this service may be sensitive to Chosen Ciphertext Attacks (CCA) when the adversary plays as a client. Next notice that when considering CCA, the RS-ABE functionality, by definition, allows certain malleability, namely, updating of messages by anyone (e.g., storage servers) over time. This seems, at first, anathema to this security notion, and this has to be dealt with!
Here, we propose the first SUE and RS-ABE schemes, secure against a relevant form of CCA, which allows ciphertexts submitted by attackers to decryption servers. Due to the fact that some ciphertexts are easily derived from others, we employ a different notion of CCA which avoids easy challenge related messages (we note that this type of idea was employed in other contexts before). Specifically, we define "time extended challenge" (TEC) CCA security for SUE which excludes ciphertexts that are easily derived from the challenge (over time periods) from being queried on (namely, once a challenge is decided by an adversary, no easy modification of this challenge to future and past time periods is allowed to be queried upon). We then propose an efficient SUE scheme with such CCA security, and we also define similar CCA security for RS-ABE and present an RS-ABE scheme with this CCA security.Category / Keywords: public-key cryptography / Public-key encryption, Self-updatable encryption, Chosen-ciphertext security, Cloud storage. Date: received 15 Dec 2015 Contact author: guspin at korea ac kr Available format(s): PDF | BibTeX Citation Version: 20151218:222119 (All versions of this report) Short URL: ia.cr/2015/1202 Discussion forum: Show discussion | Start new discussion