Paper 2018/023

Public-Key Encryption Resistant to Parameter Subversion and its Realization from Efficiently-Embeddable Groups

Benedikt Auerbach, Mihir Bellare, and Eike Kiltz

Abstract

We initiate the study of public-key encryption (PKE) schemes and key-encapsulation mechanisms (KEMs) that retain security even when public parameters (primes, curves) they use may be untrusted and subverted. We define a strong security goal that we call ciphertext pseudo-randomness under parameter subversion attack (CPR-PSA). We also define indistinguishability (of ciphertexts for PKE, and of encapsulated keys from random ones for KEMs) and public-key hiding (also called anonymity) under parameter subversion attack, and show they are implied by CPR-PSA, for both PKE and KEMs. We show that hybrid encryption continues to work in the parameter subversion setting to reduce the design of CPR-PSA PKE to CPR-PSA KEMs and an appropriate form of symmetric encryption. To obtain efficient, elliptic-curve-based KEMs achieving CPR-PSA, we introduce efficiently-embeddable group families and give several constructions from elliptic-curves.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in PKC 2018
Keywords
Public-key encryptionsubversionmass surveillanceelliptic-curve cryptography (ECC)anonymous encryption
Contact author(s)
benedikt auerbach @ rub de
History
2018-01-07: received
Short URL
https://ia.cr/2018/023
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/023,
      author = {Benedikt Auerbach and Mihir Bellare and Eike Kiltz},
      title = {Public-Key Encryption Resistant to Parameter Subversion and its Realization from Efficiently-Embeddable Groups},
      howpublished = {Cryptology ePrint Archive, Paper 2018/023},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/023}},
      url = {https://eprint.iacr.org/2018/023}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.