Some General Consequences on Chosen-ciphertext Anonymity in Public-Key Encryption
نویسنده
چکیده
In applications of public-key encryption schemes, anonymity(key-privacy) as well as security(data-privacy) is useful and widely desired. In this paper some new and general concepts in public-key encryption, i.e., “master-key anonymity”, “relevant master-key anonymity” and “key-integrity”, are introduced(the former two are defined for IBE schemes and the latter one is for any public-key encryption scheme). By the concept of master-key anonymity, we prove that chosen-plaintext master-key anonymity is a sufficient condition for chosen-ciphertext anonymity in the recent elegant Canetti-Halevi-Katz and Boneh-Katz construction. By the concept of key-integrity, we prove it is(together with chosen-plaintext anonymity)a sufficient/necessary condition for chosen-ciphertext anonymity. In addition to these general consequences, some practical examples are also investigated to show such concepts’ easy-to-use in practice..
منابع مشابه
Some Results on Anonymity in Hybrid Encryption
Anonymity(key-privacy) as well as security(data-privacy) are all important features in public-key encryption applications. In this paper two new and general concepts, named “relevant anonymity” and “relevant security”, are defined. Based-upon these concepts some general results on anonymity in public-key encryption are proved, which fall in three categories. The first results are two general re...
متن کاملRelations among Privacy Notions for Signcryption and Key Invisible "Sign-then-Encrypt"
Signcryption simultaneously offers authentication through unforgeability and confidentiality through indistinguishability against chosen ciphertext attacks by combining the functionality of digital signatures and public-key encryption into a single operation. Libert and Quisquater (PKC 2004) extended this set of basic requirements with the notions of ciphertext anonymity (or key privacy) and ke...
متن کاملKey-Privacy in Public-Key Encryption
We consider a novel security requirement of encryption schemes that we call “key-privacy” or “anonymity”. It asks that an eavesdropper in possession of a ciphertext not be able to tell which specific key, out of a set of known public keys, is the one under which the ciphertext was created, meaning the receiver is anonymous from the point of view of the adversary. We investigate the anonymity of...
متن کاملPA in the Two-Key Setting and a Generic Conversion for Encryption with Anonymity
Bellare, Boldyreva, Desai, and Pointcheval [2] proposed a new security requirement of encryption schemes called “key-privacy” or “anonymity.” It asks that an encryption scheme provides privacy of the key under which the encryption was performed. That is, if an encryption scheme provides the key-privacy, then the receiver is anonymous from the point of view of the adversary. They formalized the ...
متن کاملFlaws in Robust Optimistic Mix-Nets and Stronger Security Notions
Contribution of this paper is twofold: First we introduce weaknesses of two Mix-nets claimed to be robust in the literature. Since such flaws are due to their weak security definitions, we then present a stronger security definition by regarding a Mix-net as a batch decryption algorithm of a CCA secure public-key encryption scheme. We show two concrete attacks on the schemes proposed in [1] and...
متن کامل