Paper 2012/673

Robust Encryption, Revisited

Pooya Farshim, Benoît Libert, Kenneth G. Paterson, and Elizabeth A. Quaglia


We revisit the notions of robustness introduced by Abdalla, Bellare, and Neven (TCC 2010). One of the main motivations for the introduction of strong robustness for public-key encryption (PKE) by Abdalla et al. to prevent certain types of attack on Sako's auction protocol. We show, perhaps surprisingly, that Sako's protocol is still vulnerable to attacks exploiting robustness problems in the underlying PKE scheme, even when it is instantiated with a \emph{strongly} robust scheme. This demonstrates that current notions of robustness are insufficient even for one of its most natural applications. To address this and other limitations in existing notions, we introduce a series of new robustness notions for PKE and explore their relationships. In particular, we introduce \emph{complete} robustness, our strongest new notion of robustness, and give a number of constructions for completely robust PKE schemes.

Available format(s)
Publication info
Published elsewhere. PKC 2013
RobustnessAnonymityPublic-key encryptionSecurity proofs
Contact author(s)
pooya farshim @ gmail com
2012-11-29: received
Short URL
Creative Commons Attribution


      author = {Pooya Farshim and Benoît Libert and Kenneth G.  Paterson and Elizabeth A.  Quaglia},
      title = {Robust Encryption, Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2012/673},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.