A Framework for Achieving KDM-CCA Secure Public-Key Encryption

Fuyuki Kitagawa and Keisuke Tanaka

Abstract

We propose a framework for achieving a public-key encryption (PKE) scheme that satisfies key dependent message security against chosen ciphertext attacks (KDM-CCA security) based on projective hash function. Our framework can be instantiated under the decisional diffie-hellman (DDH), quadratic residuosity (QR), and decisional composite residuosity (DCR) assumptions. The constructed schemes are KDM-CCA secure with respect to affine functions and compatible with the amplification method shown by Applebaum (EUROCRYPT 2011). Thus, they lead to PKE schemes satisfying KDM-CCA security for all functions computable by a-priori bounded size circuits. They are the first PKE schemes satisfying such a security notion in the standard model using neither non-interactive zero knowledge proof nor bilinear pairing. The above framework based on projective hash function captures only KDM-CCA security in the single user setting. However, we can prove the KDM-CCA security in the multi user setting of our concrete instantiations by using their algebraic structures explicitly. Especially, we prove that our DDH based scheme satisfies KDM-CCA security in the multi user setting with the same parameter setting as in the single user setting.

Available format(s)
Category
Public-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2018
Keywords
key dependent message securitychosen ciphertext securityprojective hash function.
Contact author(s)
kitagaw1 @ is titech ac jp
History
Short URL
https://ia.cr/2018/845

CC BY

BibTeX

@misc{cryptoeprint:2018/845,
author = {Fuyuki Kitagawa and Keisuke Tanaka},
title = {A Framework for Achieving KDM-CCA Secure Public-Key Encryption},
howpublished = {Cryptology ePrint Archive, Paper 2018/845},
year = {2018},
note = {\url{https://eprint.iacr.org/2018/845}},
url = {https://eprint.iacr.org/2018/845}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.