Paper 2023/864

Compact Selective Opening Security From LWE

Dennis Hofheinz, ETH Zurich
Kristina Hostáková, ETH Zurich
Julia Kastner, ETH Zurich
Karen Klein, ETH Zurich
Akin Ünal, ETH Zurich

Selective opening (SO) security is a security notion for public-key encryption schemes that captures security against adaptive corruptions of senders. SO security comes in chosen-plaintext (SO-CPA) and chosen-ciphertext (SO-CCA) variants, neither of which is implied by standard security notions like IND-CPA or IND-CCA security. In this paper, we present the first SO-CCA secure encryption scheme that combines the following two properties: (1) it has a constant ciphertext expansion (i.e., ciphertexts are only larger than plaintexts by a constant factor), and (2) its security can be proven from a standard assumption. Previously, the only known SO-CCA secure encryption scheme achieving (1) was built from an ad-hoc assumption in the RSA regime. Our construction builds upon LWE, and in particular on a new and surprisingly simple construction of compact lossy trapdoor functions (LTFs). Our LTF can be converted into an “all-but-many LTF” (or ABM-LTF), which is known to be sufficient to obtain SO-CCA security. Along the way, we fix a technical problem in that previous ABM-LTF-based construction of SO-CCA security.

Available format(s)
Public-key cryptography
Publication info
A minor revision of an IACR publication in PKC 2024
selective opening securitylossy trapdoor function
Contact author(s)
hofheinz @ inf ethz ch
kristina hostakova @ inf ethz ch
julia kastner @ inf ethz ch
karen klein @ inf ethz ch
akin uenal @ inf ethz ch
2024-01-19: revised
2023-06-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Dennis Hofheinz and Kristina Hostáková and Julia Kastner and Karen Klein and Akin Ünal},
      title = {Compact Selective Opening Security From {LWE}},
      howpublished = {Cryptology ePrint Archive, Paper 2023/864},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.