Cryptology ePrint Archive: Report 2016/389
A Quasipolynomial Reduction for Generalized Selective Decryption on Trees
Georg Fuchsbauer and Zahra Jafargholi and Krzysztof Pietrzak
Abstract: Generalized Selective Decryption (GSD), introduced by Panjwani [TCC’07], is a game for a symmetric encryption scheme Enc that captures the difficulty of proving adaptive security of certain protocols, most notably the Logical Key Hierarchy (LKH) multicast encryption protocol. In the GSD game there are n keys k1, . . . , kn, which the adversary may adaptively corrupt (learn); moreover, it can ask for encryptions Enc_ki (kj ) of keys under other keys. The adversary’s task is to distinguish keys (which it cannot trivially compute) from random. Proving the hardness of GSD assuming only IND-CPA security of Enc is surprisingly hard. Using “complexity leveraging” loses a factor exponential in n, which makes the proof practically meaningless.
We can think of the GSD game as building a graph on n vertices, where we add an edge i → j when the adversary asks for an encryption of kj under ki. If restricted to graphs of depth l, Panjwani gave a reduction that loses only a factor exponential in l (not n). To date, this is the only non-trivial result known for GSD.
In this paper we give almost-polynomial reductions for large classes of graphs. Most importantly, we prove the security of the GSD game restricted to trees losing only a quasi-polynomial factor n^(3 log n+5). Trees are an important special case capturing real-world protocols like the LKH protocol. Our new bound improves upon Panjwani’s on some LKH variants proposed in the literature where the underlying tree is not balanced. Our proof builds on ideas from the “nested hybrids” technique recently introduced by Fuchsbauer et al. [Asiacrypt’14] for proving the adaptive security of constrained PRFs.
Category / Keywords: Nested Hybrids, Broadcast Encryption, Multicast Encryption, Logical Key Hierarchy
Original Publication (with minor differences): IACR-CRYPTO-2015
Date: received 18 Apr 2016
Contact author: zahra at ccs neu edu
Available format(s): PDF | BibTeX Citation
Version: 20160419:170337 (All versions of this report)
Short URL: ia.cr/2016/389
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]