Abuses of Ajtai-Dwork Cryptosystem

Ajtai and Dwork 2] have recently introduced a probabilistic public-key en-cryption scheme which is secure under the assumption that a certain computational problem on lattices is hard on the worst-case. Their encryption method may cause decrytion errors, though with small probability. Goldre-ich, Goldwasser, and Halevi 7] later modiied the encryption method of Ajtai and Dwork and made Ajtai-Dwork cryptosystem error-free. In this paper, we demonstrate how (improved) Ajtai-Dwork cryptosystem can be abused. Using this kind of abuses, users can communicate secrets in a key escrowed Ajtai-Dwork cryptosystem without fearing that their secrets will be revealed later by reconstructing their escrowed private-keys. However, we will also show that users have to trust their implementers because unscrupulous implementers of Ajtai-Dwork cryptosystem can leak their private-keys without their awareness. Using techniques by Desmedt 4], we will show how one can make Ajtai-Dwork cryptosystem abuse-free. At the end of the paper, we will point out that our abuses of Ajtai-Dwork cryptosystem can be applied to all probabilistic cryp-tosystems, for example, to cryptosystems by McEliece 10] and by Goldreich, Goldwasser, and Halevi 8].