Paper 2022/1339

CCA-1 Secure Updatable Encryption with Adaptive Security

Huanhuan Chen, Delft University of Technology
Yao Jiang Galteland, Qredo
Kaitai Liang, Delft University of Technology
Abstract

Updatable encryption (UE) enables a cloud server to update ciphertexts using client-generated tokens. There are two types of UE: ciphertext-independent (c-i) and ciphertext-dependent (c-d). In terms of construction and efficiency, c-i UE utilizes a single token to update all ciphertexts. The update mechanism relies mainly on the homomorphic properties of exponentiation, which limits the efficiency of encryption and updating. Although c-d UE may seem inconvenient as it requires downloading parts of the ciphertexts during token generation, it allows for easy implementation of the Dec-then-Enc structure. This methodology significantly simplifies the construction of the update mechanism. Notably, the c-d UE scheme proposed by Boneh et al. (ASIACRYPT’20) has been reported to be 200 times faster than prior UE schemes based on DDH hardness, which is the case for most existing c-i UE schemes. Furthermore, c-d UE ensures a high level of security as the token does not reveal any information about the key, which is difficult for c-i UE to achieve. However, previous security studies on c-d UE only addressed selective security; the studies for adaptive security remain an open problem. In this study, we make three significant contributions to ciphertextdependent updatable encryption (c-d UE). Firstly, we provide stronger security notions compared to previous work, which capture adaptive security and also consider the adversary’s decryption capabilities under the adaptive corruption setting. Secondly, we propose a new c-d UE scheme that achieves the proposed security notions. The token generation technique significantly differs from the previous Dec-then-Enc structure, while still preventing key leakages. At last, we introduce a packing technique that enables the simultaneous encryption and updating of multiple messages within a single ciphertext. This technique helps alleviate the cost of c-d UE by reducing the need to download partial ciphertexts during token generation.

Note: A full version with security proof.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in ASIACRYPT 2023
Keywords
updatable encryptionadaptive securitytrapdoor for latticesLWE
Contact author(s)
h chen-2 @ tudelft nl
yao jiang @ qredo com
kaitai liang @ tudelft nl
History
2023-11-21: last of 6 revisions
2022-10-07: received
See all versions
Short URL
https://ia.cr/2022/1339
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/1339,
      author = {Huanhuan Chen and Yao Jiang Galteland and Kaitai Liang},
      title = {CCA-1 Secure Updatable Encryption with Adaptive Security},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1339},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1339}},
      url = {https://eprint.iacr.org/2022/1339}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.