2013 | OriginalPaper | Buchkapitel
Sender-Equivocable Encryption Schemes Secure against Chosen-Ciphertext Attacks Revisited
verfasst von : Zhengan Huang, Shengli Liu, Baodong Qin
Erschienen in: Public-Key Cryptography – PKC 2013
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
In Eurocrypt 2010, Fehr et al. proposed the first sender-equivocable encryption scheme secure against chosen-ciphertext attacks (NC-CCA) and proved that NC-CCA security implies security against selective opening chosen-ciphertext attacks (SO-CCA). The NC-CCA security proof of the scheme relies on security against substitution attacks of a new primitive, “cross-authentication code”. However, the security of cross-authentication code can not be guaranteed when all the keys used in the code are exposed. Our key observation is that in the NC-CCA security game, the randomness used in the generation of the challenge ciphertext is exposed to the adversary. This random information can be used to recover all the keys involved in the cross-authentication code, and forge a ciphertext (like a substitution attack of cross-authentication code) that is different from but related to the challenge ciphertext. And the response of the decryption oracle, with respect to the forged ciphertext, leaks information. This leaked information can be employed by an adversary to spoil the NC-CCA security proof of Fehr et al.’s scheme encrypting multi-bit plaintexts. We also show that Fehr et al.’s scheme encrypting single-bit plaintexts can be refined to achieve NC-CCA security, free of any cross-authentication code.