Paper 2018/016

New Techniques for Public Key Encryption with Sender Recovery

Murali Godi and Roopa Vishwanathan


In this paper, we consider a scenario where a sender transmits ciphertexts to multiple receivers using a public-key encryption scheme, and at a later point of time, wants to retrieve the plaintexts, without having to request the receivers' help in decrypting the ciphertexts, and without having to locally store a separate recovery key for every receiver the sender interacts with. This problem, known as public key encryption with sender recovery has intuitive solutions based on hybrid encryption-based key encapsulation mechanism and data encapsulation mechanism (KEM/DEM) schemes. We propose a KEM/DEM-based solution that is CCA2-secure, allows for multiple receivers, only requires the receivers to be equipped with public/secret keypairs (the sender needs only a single symmetric recovery key), and uses an analysis technique called plaintext randomization that results in greatly simplified, clean, and intuitive proofs compared to prior work in this area. We instantiate our protocol for public key encryption with sender recovery with the Cramer-Shoup hybrid encryption scheme.

Available format(s)
Publication info
Preprint. MINOR revision.
public key encryption
Contact author(s)
roopav @ nmsu edu
2018-01-04: received
Short URL
Creative Commons Attribution


      author = {Murali Godi and Roopa Vishwanathan},
      title = {New Techniques for Public Key Encryption with Sender Recovery},
      howpublished = {Cryptology ePrint Archive, Paper 2018/016},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.