Paper 2024/1327

Public-Key Anamorphism in (CCA-secure) Public-Key Encryption and Beyond

Giuseppe Persiano, University of Salerno, Google (United States)
Duong Hieu Phan, Télécom ParisTech
Moti Yung, Google (United States), Columbia University
Abstract

The notion of (Receiver-) Anamorphic Encryption was put forth recently to show that a dictator (i.e., an overreaching government), which demands to get the receiver’s private key and even dictates messages to the sender, cannot prevent the receiver from getting an additional covert anamorphic message from a sender. The model required an initial private collaboration to share some secret. There may be settings though where an initial collaboration may be impossible or performance-wise prohibitive, or cases when we need an immediate message to be sent without private key generation (e.g., by any casual sender in need). This situation, to date, somewhat limits the applicability of anamorphic encryption. To overcome this, in this work, we put forth the new notion of “public-key anamorphic encryption,” where, without any initialization, any sender that has not coordinated in any shape or form with the receiver, can nevertheless, under the dictator control of the receiver’s private key, send the receiver an additional anamorphic secret message hidden from the dictator. We define the new notion with its unique new properties, and then prove that, quite interestingly, the known CCA-secure Koppula-Waters (KW) system is, in fact, public-key anamorphic. We then describe how a public-key anamorphic scheme can support a new hybrid anamorphic encapsulation mode (KDEM) where the public-key anamorphic part serves a bootstrapping mechanism to activate regular anamorphic messages in the same ciphertext, thus together increasing the anamorphic channel capacity. Looking at the state of research thus far, we observe that the initial system (Eurocrypt’22) that was shown to have regular anamorphic properties is the CCA-secure Naor-Yung (and other related schemes). Here we identify that the KW CCA-secure scheme also provides a new type of anamorphism. Thus, this situation is hinting that there may be a connection between some types of CCA-secure schemes and some type of anamorphic schemes (in spite of the fact that the goals of the two primitives are fundamentally different); this question is foundational in nature. Given this, we identify a sufficient condition for a “CCA-secure scheme which is black-box reduced from a CPA secure scheme” to directly give rise to an “anamorphic encryption scheme!” Furthermore, we identify one extra property of the reduction, that yields a public-key anamorphic scheme as defined here.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published by the IACR in CRYPTO 2024
DOI
10.1007/978-3-031-68379-4_13
Keywords
Anamorphic encryptionCCA security
Contact author(s)
giuper @ gmail com
hieu phan @ telecom-paris fr
motiyung @ gmail com
History
2024-08-26: approved
2024-08-24: received
See all versions
Short URL
https://ia.cr/2024/1327
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1327,
      author = {Giuseppe Persiano and Duong Hieu Phan and Moti Yung},
      title = {Public-Key Anamorphism in ({CCA}-secure) Public-Key Encryption and Beyond},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1327},
      year = {2024},
      doi = {10.1007/978-3-031-68379-4_13},
      url = {https://eprint.iacr.org/2024/1327}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.