Paper 2020/1080

Possibility and Impossibility Results for Receiver Selective Opening Secure PKE in the Multi-Challenge Setting

Rupeng Yang, Junzuo Lai, Zhengan Huang, Man Ho Au, Qiuliang Xu, and Willy Susilo

Abstract

Public key encryption (PKE) schemes are usually deployed in an open system with numerous users. In practice, it is common that some users are corrupted. A PKE scheme is said to be receiver selective opening (RSO) secure if it can still protect messages transmitted to uncorrupted receivers after the adversary corrupts some receivers and learns their secret keys. This is usually defined by requiring the existence of a simulator that can simulate the view of the adversary given only the opened messages. Existing works construct RSO secure PKE schemes in a single-challenge setting, where the adversary can only obtain one challenge ciphertext for each public key. However, in practice, it is preferable to have a PKE scheme with RSO security in the multi-challenge setting, where public keys can be used to encrypt multiple messages. In this work, we explore the possibility of achieving PKE schemes with receiver selective opening security in the multi-challenge setting. Our contributions are threefold. First, we demonstrate that PKE schemes with RSO security in the single-challenge setting are not necessarily RSO secure in the multi-challenge setting. Then, we show that it is impossible to achieve RSO security for PKE schemes if the number of challenge ciphertexts under each public key is a priori unbounded. In particular, we prove that no PKE scheme can be RSO secure in the k-challenge setting (i.e., the adversary can obtain k challenge ciphertexts for each public key) if its secret key contains less than k bits. On the positive side, we give a concrete construction of PKE scheme with RSO security in the k-challenge setting, where the ratio of the secret key length to k approaches the lower bound 1.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2020
Keywords
Public Key EncryptionSelective Opening SecurityReceiver Selective Opening
Contact author(s)
orbbyrp @ gmail com
History
2020-09-09: received
Short URL
https://ia.cr/2020/1080
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1080,
      author = {Rupeng Yang and Junzuo Lai and Zhengan Huang and Man Ho Au and Qiuliang Xu and Willy Susilo},
      title = {Possibility and Impossibility Results for Receiver Selective Opening Secure {PKE} in the Multi-Challenge Setting},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1080},
      year = {2020},
      url = {https://eprint.iacr.org/2020/1080}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.