Paper 2013/858

Practical Dual-Receiver Encryption---Soundness, Complete Non-Malleability, and Applications

Sherman S. M. Chow, Matthew Franklin, and Haibin Zhang


We reformalize and recast dual-receiver encryption (DRE) proposed in CCS '04, a public-key encryption (PKE) scheme for encrypting to two independent recipients in one shot. We start by defining the crucial soundness property for DRE, which ensures that two recipients will get the same decryption result. While conceptually simple, DRE with soundness turns out to be a powerful primitive for various goals for PKE, such as complete non-malleability (CNM) and plaintext-awareness (PA). We then construct practical DRE schemes without random oracles under the Bilinear Decisional Diffie-Hellman assumption, while prior approaches rely on random oracles or inefficient non-interactive zero-knowledge proofs. Finally, we investigate further applications or extensions of DRE, including DRE with CNM, combined use of DRE and PKE, strengthening two types of PKE schemes with plaintext equality test, off-the-record messaging with a stronger notion of deniability, etc.

Note: This is the full version of our CT-RSA 2014 paper with all the proofs.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. MAJOR revision.CT-RSA 2014
Dual receiver encryptionsoundnesscomplete non-malleabilityplaintext-awarenesscombined encryptionpublic plaintext equality testoff-the-record messaging.
Contact author(s)
hbzhang @ ucdavis edu
2013-12-29: received
Short URL
Creative Commons Attribution


      author = {Sherman S. M.  Chow and Matthew Franklin and Haibin Zhang},
      title = {Practical Dual-Receiver Encryption---Soundness, Complete Non-Malleability, and Applications},
      howpublished = {Cryptology ePrint Archive, Paper 2013/858},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.