Cryptology ePrint Archive: Report 2018/030

Tightly SIM-SO-CCA Secure Public Key Encryption from Standard Assumptions

Lin Lyu and Shengli Liu and Shuai Han and Dawu Gu

Abstract: Selective opening security (SO security) is desirable for public key encryption (PKE) in a multi-user setting. {In a selective opening attack, an adversary receives a number of ciphertexts for possibly correlated messages, then it opens a subset of them and gets the corresponding messages together with the randomnesses used in the encryptions. SO security aims at providing security for the unopened ciphertexts.} Among the existing simulation-based, selective opening, chosen ciphertext secure (SIM-SO-CCA secure) PKEs, only one (Libert et al. Crypto'17) enjoys tight security, which is reduced to the Non-Uniform LWE assumption. However, their public key and ciphertext are not compact.

In this work, we focus on constructing PKE with tight SIM-SO-CCA security based on standard assumptions. We formalize security notions needed for key encapsulation mechanism (KEM) and show how to transform these securities into SIM-SO-CCA security of PKE through a tight security reduction, while the construction of PKE from KEM follows the general framework proposed by Liu and Paterson (PKC'15). We present two KEM constructions with tight securities based on the Matrix Decision Diffie-Hellman assumption. These KEMs in turn lead to two tightly SIM-SO-CCA secure PKE schemes. One of them enjoys not only tight security but also compact public key.

Category / Keywords: selective opening, public-key cryptography, SIM-SO-CCA, tight reduction

Original Publication (with major differences): IACR-PKC-2018

Date: received 7 Jan 2018, last revised 8 Jan 2018

Contact author: lvlin at sjtu edu cn

Available format(s): PDF | BibTeX Citation

Note: This is the full version of a paper that appeared in PKC 2018. Small changes are made in this revision.

Version: 20180109:033004 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]