Cryptology ePrint Archive: Report 2018/023

Public-Key Encryption Resistant to Parameter Subversion and its Realization from Efficiently-Embeddable Groups

Benedikt Auerbach and Mihir Bellare and Eike Kiltz

Abstract: We initiate the study of public-key encryption (PKE) schemes and key-encapsulation mechanisms (KEMs) that retain security even when public parameters (primes, curves) they use may be untrusted and subverted. We define a strong security goal that we call ciphertext pseudo-randomness under parameter subversion attack (CPR-PSA). We also define indistinguishability (of ciphertexts for PKE, and of encapsulated keys from random ones for KEMs) and public-key hiding (also called anonymity) under parameter subversion attack, and show they are implied by CPR-PSA, for both PKE and KEMs. We show that hybrid encryption continues to work in the parameter subversion setting to reduce the design of CPR-PSA PKE to CPR-PSA KEMs and an appropriate form of symmetric encryption. To obtain efficient, elliptic-curve-based KEMs achieving CPR-PSA, we introduce efficiently-embeddable group families and give several constructions from elliptic-curves.

Category / Keywords: public-key cryptography / Public-key encryption, subversion, mass surveillance, elliptic-curve cryptography (ECC), anonymous encryption

Original Publication (with major differences): IACR-PKC-2018

Date: received 6 Jan 2018

Contact author: benedikt auerbach at rub de

Available format(s): PDF | BibTeX Citation

Version: 20180107:002820 (All versions of this report)

Short URL: ia.cr/2018/023