Fehr et al. (2010) proposed the first sender-equivocable encryption scheme secure against chosen-ciphertext attacks (NCCCA) and proved that NC-CCA security implies security against selective opening chosen-ciphertext attacks (SO-CCA). The NC-CCA security proof of the scheme relies on security against substitution attacks of a new primitive, the “crossauthentication code”. However, the security of the cross-authentication code cannot be guaranteed when all the keys used in the code are exposed. Our key observation is that, in the NC-CCA security game, the randomness used in the generation of the challenge ciphertext is exposed to the adversary. Based on this observation, we provide a security analysis of Fehr et al.'s scheme, showing that its NC-CCA security proof is flawed. We also point out that the scheme of Fehr et al. encrypting a single-bit plaintext can be refined to achieve NC-CCA security, free of the cross-authentication code. Furthermore, we propose the notion of “strong cross-authentication code”, apply it to Fehr et al.'s scheme, and show that the new version of the latter achieves NC-CCA security for multi-bit plaintexts.
@article{bwmeta1.element.bwnjournal-article-amcv25i2p415bwm, author = {Zhengan Huang and Shengli Liu and Baodong Qin and Kefei Chen}, title = {Sender-equivocable encryption schemes secure against chosen-ciphertext attacks revisited}, journal = {International Journal of Applied Mathematics and Computer Science}, volume = {25}, year = {2015}, pages = {415-430}, zbl = {1322.68069}, language = {en}, url = {http://dml.mathdoc.fr/item/bwmeta1.element.bwnjournal-article-amcv25i2p415bwm} }
Zhengan Huang; Shengli Liu; Baodong Qin; Kefei Chen. Sender-equivocable encryption schemes secure against chosen-ciphertext attacks revisited. International Journal of Applied Mathematics and Computer Science, Tome 25 (2015) pp. 415-430. http://gdmltest.u-ga.fr/item/bwmeta1.element.bwnjournal-article-amcv25i2p415bwm/
[000] Bellare, M., Dowsley, R., Waters, B. and Yilek, S. (2012). Standard security does not imply security against selective-opening, in D. Pointcheval and T. Johansson (Eds.), Advances in Cryptology-EUROCRYPT 2012, Springer, Berlin/Heidelberg, pp. 645-662. | Zbl 1297.94046
[001] Bellare, M., Hofheinz, D. and Yilek, S. (2009). Possibility and impossibility results for encryption and commitment secure under selective opening, in A. Joux (Ed.), Advances in Cryptology-EUROCRYPT 2009, Springer, Berlin/Heidelberg, pp. 1-35. | Zbl 1239.94033
[002] Bellare, M., Waters, B. and Yilek, S. (2011). Identity-based encryption secure against selective opening attack, in Y. Ishai (Ed.), Theory of Cryptography, Springer, Berlin/Heidelberg, pp. 235-252. | Zbl 1295.94020
[003] Böhl, F., Hofheinz, D. and Kraschewski, D. (2012). On definitions of selective opening security, in M. Fischlin, J. Buchmann and M. Manulis (Eds.), Public Key Cryptography-PKC 2012, Springer, Berlin/Heidelberg, pp. 522-539. | Zbl 1300.94041
[004] Canetti, R., Friege, U., Goldreich, O. and Naor, M. (1996). Adaptively secure multi-party computation, Technical report, Massachusetts Institute of Technology, Cambridge, MA. | Zbl 0922.68048
[005] Cramer, R. and Shoup, V. (2002). Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption, in L.R. Knudsen (Ed.), Advances in Cryptology-EUROCRYPT 2002, Springer, Berlin/Heidelberg, pp. 45-64. | Zbl 1055.94011
[006] Fehr, S., Hofheinz, D., Kiltz, E. and Wee, H. (2010). Encryption schemes secure against chosen-ciphertext selective opening attacks, in H. Gilbert (Ed.), Advances in Cryptology-EUROCRYPT 2010, Berlin/Heidelberg, Springer, pp. 381-402. | Zbl 1280.94052
[007] Gao, C.-z., Xie, D. and Wei, B. (2012). Deniable encryptions secure against adaptive chosen ciphertext attack, in M.D. Ryan, B. Smyth and G. Wang (Eds.), Information Security Practice and Experience, Springer, Berlin/Heidelberg, pp. 46-62. | Zbl 1291.94087
[008] Hemenway, B., Libert, B., Ostrovsky, R. and Vergnaud, D. (2011). Lossy encryption: Constructions from general assumptions and efficient selective opening chosen ciphertext security, in D.H. Lee and X. Wang (Eds.), Advances in Cryptology-ASIACRYPT 2011, Springer, Berlin/Heidelberg, pp. 70-88. | Zbl 1227.94048
[009] Hofheinz, D. (2012). All-but-many lossy trapdoor functions, in D. Pointcheval and T. Johansson (Eds.), Advances in Cryptology-EUROCRYPT 2012, Springer, Berlin/Heidelberg, pp. 209-227. | Zbl 1279.94086
[010] Myers, S. and Shelat, A. (2009). Bit encryption is complete, 50th Annual IEEE Symposium on Foundations of Computer Science, FOCS'09, Atlanta, GA, USA, pp. 607-616. | Zbl 1292.94119
[011] Peikert, C. and Waters, B. (2011). Lossy trapdoor functions and their applications, SIAM Journal on Computing 40(6): 1803-1844. | Zbl 1236.94063