### Robust Encryption, Extended

Rémi Géraud, David Naccache, and Răzvan Roşie

##### Abstract

Robustness is a notion often tacitly assumed while working with encrypted data. Roughly speaking, it states that a ciphertext cannot be decrypted under different keys. Initially formalized in a public-key context, it has been further extended to key-encapsulation mechanisms, and more recently to pseudorandom functions, message authentication codes and authenticated encryption. In this work, we motivate the importance of establishing similar guarantees for functional encryption schemes, even under adversarially generated keys. Our main security notion is intended to capture the scenario where a ciphertext obtained under a master key (corresponding to Authority 1) is decrypted by functional keys issued under a different master key (Authority 2). Furthermore, we show there exist simple functional encryption schemes where robustness under adversarial key-generation is not achieved. As a secondary and independent result, we formalize robustness for digital signatures – a signature should not verify under multiple keys – and point out that certain signature schemes are not robust when the keys are adversarially generated. We present simple, generic transforms that turn a scheme into a robust one, while maintaining the original scheme’s security. For the case of public-key functional encryption, we look into ciphertext anonymity and provide a transform achieving it.

Available format(s)
Category
Public-key cryptography
Publication info
Published elsewhere. MINOR revision.CT-RSA 2019
DOI
10.1007/978-3-030-12612-4_8
Contact author(s)
razvan rosie @ ens fr
History
Short URL
https://ia.cr/2019/238

CC BY

BibTeX

@misc{cryptoeprint:2019/238,
author = {Rémi Géraud and David Naccache and Răzvan Roşie},
title = {Robust Encryption, Extended},
howpublished = {Cryptology ePrint Archive, Paper 2019/238},
year = {2019},
doi = {10.1007/978-3-030-12612-4_8},
note = {\url{https://eprint.iacr.org/2019/238}},
url = {https://eprint.iacr.org/2019/238}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.