Standard Security Does Not Imply Security Against Selective-Opening

Mihir Bellare, Rafael Dowsley, Brent Waters, and Scott Yilek

Abstract

We show that no commitment scheme that is hiding and binding according to the standard definition is semantically-secure under selective opening attack (SOA), resolving a long-standing and fundamental open question about the power of SOAs. We also obtain the first examples of IND-CPA encryption schemes that are not secure under SOA, both for sender corruptions where encryption coins are revealed and receiver corruptions where decryption keys are revealed. These results assume only the existence of collision-resistant hash functions.

Available format(s)
Publication info
Published elsewhere. A preliminary version appears on EUROCRYPT 2012. This is the full version.
Keywords
Commitment schemesencryptionimpossibility resultsattacks
Contact author(s)
mihir @ eng ucsd edu
History
2012-01-18: revised
See all versions
Short URL
https://ia.cr/2011/581

CC BY

BibTeX

@misc{cryptoeprint:2011/581,
author = {Mihir Bellare and Rafael Dowsley and Brent Waters and Scott Yilek},
title = {Standard Security Does Not Imply Security Against Selective-Opening},
howpublished = {Cryptology ePrint Archive, Paper 2011/581},
year = {2011},
note = {\url{https://eprint.iacr.org/2011/581}},
url = {https://eprint.iacr.org/2011/581}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.