Token-controlled Public-key Encryption in the Multi-user Setting Token-controlled Public-key Encryption in the Multi-user Setting

In this paper, we formalize the security notions for token-controlled public-key encryption in the multi-user setting, by not simply modifying the previous security notions in the single-user setting proposed by Baek, Safavi-Naini, and Susilo [1], and Galindo and Herranz [4], but employing the idea to formalize the attacks in the multi-user setting proposed by Bellare, Boldyreva, and Micali [2]. We formalize four security notions, called M-T1-CCA, M-T2-CCA, M-IS-CPA, and M-SETUF. Our security notions capture the possibility that the adversary sees the encryptions of the related messages under the same token and different keys when the choice of the relation is made by the adversary. We then show the relationships between the previous and our proposed security notions. We also prove that the Galindo–Herranz scheme, which was proved to be secure in the single-user setting, also meets our proposed four security notions in the multi-user setting. that is, we show that the Galindo–Herranz scheme meets M-T1-CCA, M-T2-CCA, M-IS-CPA, and M-SETUF.