Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

On Selective-Opening Attacks against Encryption Schemes

  • Conference paper
Security and Cryptography for Networks (SCN 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8642))

Included in the following conference series:

Abstract

At FOCS’99, Dwork et al put forth the notion of ‘selective–opening attacks’ (SOAs, for short). In the literature, security against such attacks has been formalized via indistinguishability-based and simulation-based notions, respectively called IND-SO-CPA security and SIM-SO-CPA security. Furthermore, the IND-SO-CPA notion has been studied under two flavors – weak-IND-SO-CPA and full-IND-SO-CPA security. At Eurocrypt’09, Bellare et al showed the first positive results on SOA security of encryption schemes: 1) any lossy encryption scheme is weak-IND-SO-CPA secure; 2) any lossy encryption scheme with efficient openability is SIM-SO–CPA secure.

Despite rich further work on SOA security, the (un)feasibility of full–IND-SO-CPA remains a major open problem in the area of SOA security. The elusive nature of the full-IND-SO-CPA notion of security is attributed to a specific aspect of the security game, namely, the challenger requiring to perform a super-polynomial time task. Not only do we not know whether there exists a scheme that is full-IND-SO-CPA secure, but we also do not know concrete attacks against popular schemes such as the ElGamal and Cramer-Shoup schemes in the full-IND-SO-CPA model.

The contribution of our work is three-fold.

  1. 1

    Motivated by the difficulty in understanding (un)feasibility of the full-IND-SO-CPA notion, we study a variant of this notion that is closer in spirit to the IND-CPA notion but still embodies the security captured by the full-IND-SO-CPA notion. We observe that the weak form of our variation does not introduce any significant change to the weak-IND-SO-CPA notion; that is, the weak form of our notion is equivalent to the weak-IND-SO-CPA notion.

  2. 2

    Interestingly, we can show that a large class of encryption schemes can be proven insecure for the full form of our notion. The large class includes most known constructions of weak-IND-SO-CPA secure schemes and SIM-SO-CPA secure schemes and also popular schemes like the ElGamal and Cramer-Shoup schemes.

  3. 3

    Our third contribution studies the complexity of SIM-SO-CPA security. Complementing the result of Bellare et al, we show that lossiness is not necessary to achieve SIM-SO-CPA security. More specifically, we present a SIM-SO-CPA scheme that is not a lossy encryption scheme (regardless of efficient openability). Since SIM-SO-CPA security implies weak-IND-SO-CPA security, it follows as a corollary that the converses of both the implications proved by Bellare et al do not hold. Furthermore, as a corollary of our techniques, on a slightly unrelated but useful note, we obtain that lossiness is not required to obtain non-committing encryption. Previously, at Eurocrypt’09, Fehr et al showed a construction of a non-committing encryption scheme from trapdoor permutations and this scheme was, as noted by the authors, possibly not lossy. Our scheme amounts to the first construction of a non-committing encryption scheme that is provably not lossy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Backes, M., Cachin, C.: Public-key steganography with active attacks. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 210–226. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Bellare, M., Dowsley, R., Waters, B., Yilek, S.: Standard security does not imply security against selective-opening. In: Pointcheval, Johansson (eds.) [PJ12], pp. 645–662

    Google Scholar 

  3. Böhl, F., Hofheinz, D., Kraschewski, D.: On definitions of selective opening security. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 522–539. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Bellare, M., Hofheinz, D., Yilek, S.: Possibility and impossibility results for encryption and commitment secure under selective opening. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 1–35. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Bellare, M., Waters, B., Yilek, S.: Identity-based encryption secure against selective opening attack. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 235–252. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  6. Bellare, M., Yung, M.: Certifying permutations: Noninteractive zero-knowledge based on any trapdoor permutation. J. Cryptology 9(3), 149–166 (1996)

    Article  MATH  MathSciNet  Google Scholar 

  7. Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: Reif, J.H. (ed.) STOC, pp. 494–503. ACM (2002)

    Google Scholar 

  8. Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  9. Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.: Magic functions. In: Foundations of Computer Science (FOCS 1999), pp. 523–534 (1999)

    Google Scholar 

  10. Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.: Magic functions. J. ACM 50(6), 852–921 (2003)

    Article  MathSciNet  Google Scholar 

  11. Fehr, S., Hofheinz, D., Kiltz, E., Wee, H.: Encryption schemes secure against chosen-ciphertext selective opening attacks. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 381–402. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  12. El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)

    Chapter  Google Scholar 

  13. Hemenway, B., Libert, B., Ostrovsky, R., Vergnaud, D.: Lossy encryption: Constructions from general assumptions and efficient selective opening chosen ciphertext security. Cryptology ePrint Archive, Report 2009/088 (2009), http://eprint.iacr.org/

  14. Hofheinz, D.: All-but-many lossy trapdoor functions. In: Pointcheval, Johansson (eds.) [PJ12], pp. 209–227

    Google Scholar 

  15. Hofheinz, D., Rupp, A.: Standard versus selective opening security: Separation and equivalence results. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 591–615. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  16. Ostrovsky, R., Rao, V., Scafuro, A., Visconti, I.: Revisiting lower and upper bounds for selective decommitments. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 559–578. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  17. Pointcheval, D., Johansson, T. (eds.): EUROCRYPT 2012. LNCS, vol. 7237. Springer, Heidelberg (2012)

    MATH  Google Scholar 

  18. Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  19. Xiao, D. (Nearly) round-optimal black-box constructions of commitments secure against selective opening attacks. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 541–558. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, UCLA, USA

    Rafail Ostrovsky & Vanishree Rao

  2. Department of Mathematics, UCLA, USA

    Rafail Ostrovsky

  3. Dipartimento di Informatica, University of Salerno, Italy

    Ivan Visconti

Authors
  1. Rafail Ostrovsky
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vanishree Rao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ivan Visconti
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. École Normale Supérieure & CNRS, 45 rue d’Ulm, 75005, Paris, France

    Michel Abdalla

  2. Dipartimento di Informatica, Università di Salerno, via Ponte don Melillo, 84084, Fisciano, Italy

    Roberto De Prisco

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Ostrovsky, R., Rao, V., Visconti, I. (2014). On Selective-Opening Attacks against Encryption Schemes. In: Abdalla, M., De Prisco, R. (eds) Security and Cryptography for Networks. SCN 2014. Lecture Notes in Computer Science, vol 8642. Springer, Cham. https://doi.org/10.1007/978-3-319-10879-7_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10879-7_33

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10878-0

  • Online ISBN: 978-3-319-10879-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation