Cryptology ePrint Archive: Report 2018/025

Hedged Nonce-Based Public-Key Encryption: Adaptive Security under Randomness Failures

Zhengan Huang and Junzuo Lai and Wenbin Chen and Man Ho Au and Zhen Peng and Jin Li

Abstract: Nowadays it is well known that randomness may fail due to bugs or deliberate randomness subversion. As a result, the security of traditional public-key encryption (PKE) cannot be guaranteed any more. Currently there are mainly three approaches dealing with the problem of randomness failures: deterministic PKE, hedged PKE, and nonce-based PKE. However, these three approaches only apply to different application scenarios respectively. Since the situations in practice are dynamic and very complex, it's almost impossible to predict the situation in which a scheme is deployed, and determine which approach should be used beforehand. In this paper, we initiate the study of hedged security for nonce-based PKE, which adaptively applies to the situations whenever randomness fails, and achieves the best-possible security. Specifically, we lift the hedged security to the setting of nonce-based PKE, and formalize the notion of chosen-ciphertext security against chosen-distribution attacks (IND-CDA2) for nonce-based PKE. By presenting two counterexamples, we show a separation between our IND-CDA2 security for nonce-based PKE and the original NBP1/NBP2 security defined by Bellare and Tackmann (EUROCRYPT 2016). We show two nonce-based PKE constructions meeting IND-CDA2, NBP1 and NBP2 security simultaneously. The first one is a concrete construction in the random oracle model, and the second one is a generic construction based on a nonce-based PKE scheme and a deterministic PKE scheme.

Category / Keywords: hedged security, nonce-based public-key encryption, deterministic public-key encryption, randomness failures

Original Publication (in the same form): IACR-PKC-2018

Date: received 7 Jan 2018

Contact author: zhahuang sjtu at gmail com, laijunzuo@gmail com

Available format(s): PDF | BibTeX Citation

Version: 20180107:143719 (All versions of this report)

Short URL: ia.cr/2018/025


[ Cryptology ePrint archive ]