Paper 2023/1337

SoK: Public Key Encryption with Openings

Carlo Brunetta, Simula UiB
Hans Heum, NTNU - Norwegian University of Science and Technology
Martijn Stam, Simula UiB
Abstract

When modelling how public key encryption can enable secure communication, we should acknowledge that secret information, such as private keys or the randomness used for encryption, could become compromised. Intuitively, one would expect unrelated communication to remain secure, yet formalizing this intuition has proven challenging. Several security notions have appeared that aim to capture said scenario, ranging from the multi-user setting with corruptions, via selective opening attacks (SOA), to non-committing encryption (NCE). Remarkably, how the different approaches compare has not yet been systematically explored. We provide a novel framework that maps each approach to an underlying philosophy of confidentiality: indistinguishability versus simulatability based, each with an a priori versus an a posteriori variant, leading to four distinct philosophies. In the absence of corruptions, these notions are largely equivalent; yet, in the presence of corruptions, they fall into a hierarchy of relative strengths, from IND-CPA and IND-CCA at the bottom, via indistinguishability SOA and simulatability SOA, to NCE at the top. We provide a concrete treatment for the four notions, discuss subtleties in their definitions and asymptotic interpretations and identify limitations of each. Furthermore, we re-cast the main implications of the hierarchy in a concrete security framework, summarize and contextualize other known relations, identify open problems, and close a few gaps. We end on a survey of constructions known to achieve the various notions. We identify and name a generic random-oracle construction that has appeared in various guises to prove security in seemingly different contexts. It hails back to Bellare and Rogaway's seminal work on random oracles (CCS'93) and, as previously shown, suffices to meet one of the strongest notions of our hierarchy (single-user NCE with bi-openings).

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
Selective Opening AttacksMulti-User SecurityNon-Committing EncryptionCorruptions
Contact author(s)
carlob @ simula no
hans heum @ ntnu no
martijn @ simula no
History
2023-09-08: approved
2023-09-07: received
See all versions
Short URL
https://ia.cr/2023/1337
License
Creative Commons Attribution-NonCommercial-NoDerivs
CC BY-NC-ND

BibTeX

@misc{cryptoeprint:2023/1337,
      author = {Carlo Brunetta and Hans Heum and Martijn Stam},
      title = {{SoK}: Public Key Encryption with Openings},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1337},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1337}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.