Resisting Randomness Subversion: Fast Deterministic and Hedged Public-Key Encryption in the Standard Model

This paper provides the first efficient, standard-model, fully-secure schemes for some related andchallenging forms of public-key encryption (PKE), namely deterministic and hedged PKE. These formsof PKE defend against subversion of random number generators, an end given new urgency by recentrevelations on the nature and extent of such subversion. We resolve the (recognized) technical chal-lenges in reaching these goals via a new paradigm that combines UCEs (universal computationalextractors) with LTDFs (lossy trapdoor functions). Crucially, we rely only on a weak form of UCE,namely security for statistically (rather than computationally) unpredictable sources. We then de-fine and achieve unique-ciphertext PKE as a way to defend against implementation subversion viaalgorithm-substitution attacks. 1 Department of Computer Science & Engineering, University of California San Diego, 9500 Gilman Drive, La Jolla,California 92093, USA. Email: [email protected]. URL: http://cseweb.ucsd.edu/~mihir/. Supported in part by NSFgrants CNS-1116800 and CNS-1228890.2 Department of Computer Science, University of Maryland, College Park, and Department of Computer Science,Georgetown University, 37th and O Streets, NW, Washington, DC 20057, USA. Email: [email protected]. URL:http://csiflabs.cs.ucdavis.edu/~tvhoang/. Supported in part by NSF award CNS-1223623. Part of the work wasdone while Hoang was working at UCSD and supported in part by NSF grants CNS-1116800, and CNS-1228890.