Cryptology ePrint Archive: Report 2018/016

New Techniques for Public Key Encryption with Sender Recovery

Murali Godi and Roopa Vishwanathan

Abstract: In this paper, we consider a scenario where a sender transmits ciphertexts to multiple receivers using a public-key encryption scheme, and at a later point of time, wants to retrieve the plaintexts, without having to request the receivers' help in decrypting the ciphertexts, and without having to locally store a separate recovery key for every receiver the sender interacts with. This problem, known as public key encryption with sender recovery has intuitive solutions based on hybrid encryption-based key encapsulation mechanism and data encapsulation mechanism (KEM/DEM) schemes. We propose a KEM/DEM-based solution that is CCA2-secure, allows for multiple receivers, only requires the receivers to be equipped with public/secret keypairs (the sender needs only a single symmetric recovery key), and uses an analysis technique called plaintext randomization that results in greatly simplified, clean, and intuitive proofs compared to prior work in this area. We instantiate our protocol for public key encryption with sender recovery with the Cramer-Shoup hybrid encryption scheme.

Category / Keywords: public key encryption

Date: received 3 Jan 2018, last revised 4 Jan 2018

Contact author: roopav at nmsu edu

Available format(s): PDF | BibTeX Citation

Version: 20180104:180939 (All versions of this report)

Short URL: ia.cr/2018/016

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]