On definitions of selective opening security

Florian Böhl, Dennis Hofheinz, and Daniel Kraschewski

Abstract

Assume that an adversary observes many ciphertexts, and may then ask for openings, i.e. the plaintext and the randomness used for encryption, of some of them. Do the unopened ciphertexts remain secure? There are several ways to formalize this question, and the ensuing security notions are not known to be implied by standard notions of encryption security. In this work, we relate the two existing flavors of selective opening security. Our main result is that indistinguishability-based selective opening security and simulation-based selective opening security do not imply each other. We show our claims by counterexamples. Concretely, we construct two public-key encryption schemes. One scheme is secure under selective openings in a simulation-based sense, but not in an indistinguishability-based sense. The other scheme is secure in an indistinguishability-based sense, but not in a simulation-based sense. Our results settle an open question of Bellare et al. (Eurocrypt 2009). Also, taken together with known results about selective opening secure encryption, we get an almost complete picture how the two flavors of selective opening security relate to standard security notions.

Available format(s)
Category
Public-key cryptography
Publication info
A minor revision of an IACR publication in PKC 2012
Keywords
security definitionsselective opening securitypublic-key encryption
Contact author(s)
florian boehl @ kit edu
dennis hofheinz @ kit edu
daniel kraschewski @ kit edu
History
2013-10-29: last of 3 revisions
See all versions
Short URL
https://ia.cr/2011/678

CC BY

BibTeX

@misc{cryptoeprint:2011/678,
author = {Florian Böhl and Dennis Hofheinz and Daniel Kraschewski},
title = {On definitions of selective opening security},
howpublished = {Cryptology ePrint Archive, Paper 2011/678},
year = {2011},
note = {\url{https://eprint.iacr.org/2011/678}},
url = {https://eprint.iacr.org/2011/678}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.