To tackle this problem, we propose a new primitive called targeted opening compactly committing AEAD (TOCE for short). In a TOCE, the receiver can select arbitrary subset of bits from the plaintext to reveal during opening, while keep all the rest still secure as in an authenticated encryption. We gave a careful formulation, together with a generic construction which allowing a bit level targeted opening. While the generic construction may require a substantial number of passes of symmetric key ciphers when encrypting a large message such as a picture, we thus further set forth and give a more efficient non-black-box construction allowing a block-level (e.g., 256 bit) opening. We also propose a privacy-efficiency trade off if we can relax the security of non-opened messages to be one way secure after the abusive reporting (they are still semantically secure if no opening).
Category / Keywords: message franking, commitment, encryption Date: received 16 Oct 2018, last revised 13 Dec 2018 Contact author: longchen at njit edu Available format(s): PDF | BibTeX Citation Note: Revise some typos Version: 20181214:011712 (All versions of this report) Short URL: ia.cr/2018/994