Paper 2018/025

Hedged Nonce-Based Public-Key Encryption: Adaptive Security under Randomness Failures

Zhengan Huang, Junzuo Lai, Wenbin Chen, Man Ho Au, Zhen Peng, and Jin Li


Nowadays it is well known that randomness may fail due to bugs or deliberate randomness subversion. As a result, the security of traditional public-key encryption (PKE) cannot be guaranteed any more. Currently there are mainly three approaches dealing with the problem of randomness failures: deterministic PKE, hedged PKE, and nonce-based PKE. However, these three approaches only apply to different application scenarios respectively. Since the situations in practice are dynamic and very complex, it's almost impossible to predict the situation in which a scheme is deployed, and determine which approach should be used beforehand. In this paper, we initiate the study of hedged security for nonce-based PKE, which adaptively applies to the situations whenever randomness fails, and achieves the best-possible security. Specifically, we lift the hedged security to the setting of nonce-based PKE, and formalize the notion of chosen-ciphertext security against chosen-distribution attacks (IND-CDA2) for nonce-based PKE. By presenting two counterexamples, we show a separation between our IND-CDA2 security for nonce-based PKE and the original NBP1/NBP2 security defined by Bellare and Tackmann (EUROCRYPT 2016). We show two nonce-based PKE constructions meeting IND-CDA2, NBP1 and NBP2 security simultaneously. The first one is a concrete construction in the random oracle model, and the second one is a generic construction based on a nonce-based PKE scheme and a deterministic PKE scheme.

Available format(s)
Publication info
Published by the IACR in PKC 2018
hedged securitynonce-based public-key encryptiondeterministic public-key encryptionrandomness failures
Contact author(s)
zhahuang sjtu @ gmail com
laijunzuo @ gmail com
2018-01-07: received
Short URL
Creative Commons Attribution


      author = {Zhengan Huang and Junzuo Lai and Wenbin Chen and Man Ho Au and Zhen Peng and Jin Li},
      title = {Hedged Nonce-Based Public-Key Encryption: Adaptive Security under Randomness Failures},
      howpublished = {Cryptology ePrint Archive, Paper 2018/025},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.