A Twist on the Naor-Yung Paradigm and Its Application to Efficient CCA-Secure Encryption from Hard Search Problems

نویسندگان

  • Ronald Cramer
  • Dennis Hofheinz
  • Eike Kiltz
چکیده

The Naor-Yung (NY) paradigm shows how to build a chosen-ciphertext secure encryption scheme from three conceptual ingredients: a weakly (i.e., IND-CPA) secure encryption scheme, a replication strategy that speci es how to use the weakly secure encryption scheme; concretely, a NY-encryption contains several weak encryptions of the same plaintext, a non-interactive zero-knowledge (NIZK) proof system to show that a given ciphertext is consistent, i.e., contains weak encryptions of the same plaintext. The NY paradigm served both as a breakthrough proof-of-concept, and as an inspiration to subsequent constructions. However, the NY construction leads to impractical encryption schemes, due to the usually prohibitively expensive NIZK proof. In this contribution, we give a variant of the NY paradigm that leads to practical, fully IND-CCA secure encryption schemes whose security can be based on a generic class of algebraic complexity assumptions. Our approach re nes NY's approach as follows: Our sole computational assumption is that of a Di e-Hellman (DH) type twomove key exchange protocol, interpreted as a weakly secure key encapsulation mechanism (KEM). Our replication strategy is as follows. Key generation consists of replicating the KEM several times, but only the rst pass. Encryption then consists of performing the second pass with respect to all of these, but with the same random coins in each instance. For proving consistency of a given ciphertext, we employ a practical universal hash proof system, case-tailored to our KEM and replication strategy. We instantiate our paradigm both from computational Di e-Hellman (CDH) and from RSA type assumptions. This way, practical IND-CCA secure encryption schemes based on search problems can be built and explained in a generic, NY-like fashion. We would like to stress that while we generalize universal hash proof systems as a proof system, we do not follow or generalize the approach of Cramer and Shoup to build INDCCA secure encryption. Their approach uses speci c hash proof systems that feature, on top of a NIZK property, a computational indistinguishability property. Hence they necessarily build upon decisional assumptions, whereas we show how to implement our approach with search assumptions. Our approach uses hash proof systems in the NY way, namely solely as a device to prove consistency. In our case, secrecy is provided by the weak encryption component, which allows us to embed search problems.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Twist on the Naor-Yung Paradigm and Its Application to E cient CCA-Secure Encryption from Hard Search Problems

The Naor-Yung (NY) paradigm shows how to build a chosen-ciphertext secure encryption scheme from three conceptual ingredients: a weakly (i.e., IND-CPA) secure encryption scheme, a replication strategy that speci es how to use the weakly secure encryption scheme; concretely, a NY-encryption contains several weak encryptions of the same plaintext, a non-interactive zero-knowledge (NIZK) proof sys...

متن کامل

A Unified Methodology For Constructing Public-Key Encryption Schemes Secure Against Adaptive Chosen-Ciphertext Attack

We introduce a new methodology for achieving security against adaptive chosen-ciphertext attack (CCA) for public-key encryption schemes, which we call the oblivious decryptors model. The oblivious decryptors model generalizes both the two-key model of Naor and Yung, as well the Cramer–Shoup encryption schemes. The key ingredient in our new paradigm is Sahai’s notion of Simulation-Sound NIZK pro...

متن کامل

Designated Verifier Nizks

Last Time: Simulation Sound NIZKS & Connection to CCA Security. Last time we introduced Simulation-Sound NIZKs, and constructed a 1-Time Simulation Sound NIZK (1-SS NIZK). We then showed how to get CCA secure encryption from CPA encryption and NIZKs in one of two ways: using standard NIZK and n copies of a CPA encryption scheme ([DDN00]) or using 1-SS NIZK and 2 copies of a CPA encryption schem...

متن کامل

Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks

Semantic security against chosen-ciphertext attacks (INDCCA) is widely believed as the correct security level for public-key encryption scheme. On the other hand, it is often dangerous to give to only one people the power of decryption. Therefore, threshold cryptosystems aimed at distributing the decryption ability. However, only two efficient such schemes have been proposed so far for achievin...

متن کامل

On the Non-malleability of the Fiat-Shamir Transform

The Fiat-Shamir transform is a well studied paradigm for removing interaction from publiccoin protocols. We investigate whether the resulting non-interactive zero-knowledge (NIZK) proof systems also exhibit non-malleability properties that have up to now only been studied for NIZK proof systems in the common reference string model: first, we formally define simulation soundness and a weak form ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2010