Key-dependent message (KDM) security means that the encryption scheme remains secure even encrypting
is an efficient computable function chosen by the adversary and
, ⋯ ,
are private keys. We concentrate on a special case that the function
is a division function. Namely, the messages of the form
are encrypted. We prove that if a public key encryption (PKE) scheme is IND-CPA (chosen plaintext attacks) secure and has the properties of public-key blinding and secret-key homomorphism, then it is KDM secure for division function (KDM-div secure). For concrete scheme, we show that the hybrid ElGamal scheme is KDM-div secure based on the decisional Diffie-Hellman (DDH) assumption in the standard model. We show that KDM-div secure scheme is useful in the design of anonymous credential systems.
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten