A Public-Key Encryption Scheme with Pseudo-random Ciphertexts
نویسنده
چکیده
This work presents a practical public-key encryption scheme that offers security under adaptive chosen-ciphertext attack (CCA) and has pseudo-random ciphertexts, i.e. ciphertexts indistinguishable from random bit strings. Ciphertext pseudo-randomness has applications in steganography. The new scheme features short ciphertexts due to the use of elliptic curve cryptography, with ciphertext pseudo-randomness achieved through a new key encapsulation mechanism (KEM) based on elliptic curve Diffie-Hellman with a pair of elliptic curves where each curve is a twist of the other. The public-key encryption scheme resembles the hybrid DHIES construction; besides by using the new KEM, it differs from DHIES in that it uses an authenticate-then-encrypt (AtE) rather than encrypt-then-authenticate (EtA) approach for symmetric cryptography.
منابع مشابه
Fast Keyword Search Using Public-Key Ciphertexts With Hidden Structures
Searchable Public-Key Ciphertexts with Hidden Structures for keyword search is as fast as possible without sacrificing semantic security of the encrypted keywords. In SPCHS, all keyword-searchable ciphertexts are structured by hidden relations, and with the search trapdoor corresponding to a keyword, the minimum information of the relations is disclosed to a search algorithm as the guidance to ...
متن کاملAdaptively Anonymous Public-Key Broadcast Encryption Scheme without Random Oracle
Anonymous is one of the most important security properties for kinds of Internet applications. In this paper, we consider the privacy-preserving problem in the context of public key broadcast encryption. We provide a new security definition for anonymous public key broadcast encryption, and construct a new scheme. To achieve anonymous, we blind the ciphertexts using the random factors. Moreover...
متن کاملPlaintext Simulatability
We propose a new security class, called plaintext-simulatability, defined over the public-key encryption schemes. The notion of plaintext simulatability (denoted PS) is similar to the notion of plaintext awareness (denoted PA) [2], but it is, “properly”, a weaker security class for public-key encryption. It is known that PA implies the class of CCA2-secure encryption (denoted IND-CCA2) but not ...
متن کاملImperfect Decryption and an Attack on the NTRU Encryption Scheme
A property of the NTRU public-key cryptosystem is that it does not provide perfect decryption. That is, given an instance of the cryptosystem, there exist ciphertexts which can be validly created using the public key but which can’t be decrypted using the private key. The valid ciphertexts which an NTRU secret key will not correctly decipher determine, up to a cyclic shift, the secret key. In t...
متن کاملHomomorphic Encryption: From Private-Key to Public-Key
We show how to transform any additively homomorphic privatekey encryption scheme that is compact, into a public-key encryption scheme. By compact we mean that the length of a homomorphically generated encryption is independent of the number of ciphertexts from which it was created. We do not require anything else on the distribution of homomorphically generated encryptions (in particular, we do...
متن کامل