Cryptology ePrint Archive: Report 2018/1091

Simulation-based Receiver Selective Opening CCA Secure PKE from Standard Computational Assumptions

Keisuke Hara and Fuyuki Kitagawa and Takahiro Matsuda and Goichiro Hanaoka and Keisuke Tanaka

Abstract: In the situation where there are one sender and multiple receivers, a receiver selective opening (RSO) attack for a public key encryption (PKE) scheme considers adversaries that can corrupt some of the receivers and get their secret keys and plaintexts. Security against RSO attacks for a PKE scheme ensures confidentiality of ciphertexts of uncorrupted receivers. Simulation-based RSO security against chosen ciphertext attacks (SIM-RSO-CCA) is the strongest security notion in all RSO attack scenarios. Jia, Lu, and Li (INDOCRYPT 2016) proposed the first SIM-RSO-CCA secure PKE scheme. However, their scheme used indistinguishablility obfuscation, which is not known to be constructed from any standard computational assumption. In this paper, we give two contributions for constructing SIM-RSO-CCA secure PKE from standard computational assumptions. Firstly, we propose a generic construction of SIM-RSO-CCA secure PKE using an IND-CPA secure PKE scheme and a non-interactive zero-knowledge proof system satisfying one-time simulation soundness. Secondly, we propose an efficient and concrete construction of SIM-RSO-CCA secure PKE based on the decisional Diffie-Hellman (DDH) assumption. Moreover, we give a method for efficiently expanding the plaintext space of the DDH-based construction. By applying this method to the construction, we obtain the first DDH-based SIM-RSO-CCA secure PKE scheme supporting a super-polynomially large plaintext space with compact ciphertexts.

Category / Keywords: public-key cryptography / public key encryption, receiver selective opening security, chosen ciphertext security

Original Publication (with major differences): SCN2018

Date: received 11 Nov 2018

Contact author: hara k am at m titech ac jp

Available format(s): PDF | BibTeX Citation

Version: 20181112:021828 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]