2010 | OriginalPaper | Chapter
A Closer Look at Anonymity and Robustness in Encryption Schemes
Author : Payman Mohassel
Published in: Advances in Cryptology - ASIACRYPT 2010
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
In this work, we take a closer look at
anonymity
and
robustness
in encryption schemes. Roughly speaking, an anonymous encryption scheme hides the identity of the secret-key holder, while a robust encryption scheme guarantees that every ciphertext can only be decrypted to a valid plaintext under the intended recipient’s secret key.
In case of anonymous encryption, we show that if an anonymous PKE or IBE scheme (in presence of CCA attacks) is used in a hybrid encryption, all bets regarding the anonymity of the resulting encryption are off. We show that this is the case even if the symmetric-key component is anonymous. On the positive side, however, we prove that if the key-encapsulation method is, additionally
weakly robust
the resulting hybrid encryption remains anonymous. Some of the existing anonymous encryption schemes are known to be weakly robust which makes them more desirable in practice.
In case of robust encryption, we design several
efficient
constructions for transforming any PKE/IBE scheme into weakly and strongly robust ones. Our constructions only add a minor computational overhead to the original schemes, while achieving better ciphertext sizes compared to the previous constructions. An important property of our transformations is that they are non-keyed and do not require any modifications to the public parameters of the original schemes.
We also introduce a relaxation of the notion of robustness we call
collision-freeness
. We primarily use collision-freeness as an
intermediate notion
by showing a more efficient construction for transforming any collision-free encryption scheme into a strongly robust one. We believe that this simple notion can be a plausible replacement for robustness in some scenarios in practice. The advantage is that most existing schemes seem to satisfy collision-freeness without any modifications.