Selective Opening Secure Functional Encryption
نویسندگان
چکیده
Functional encryption (FE) has more fine-grained control to encrypted data than traditional encryption schemes. The well-accepted security of FE is indistinguishability-based security (IND-FE) and simulation-based security (SIMFE), but the security is not sufficient. For example, if an adversary has the ability to access a vector of ciphertexts and can ask to open some information of the messages, such as coins used in the encryption or secret key in multikey setting, whether the privacy of the unopened messages is guaranteed. This is called selective opening attack (SOA). In this paper, we propose a stronger security of FE which is secure against SOA (we call SOFE) and propose a concrete construction of SO-FE scheme in the standard model. Our scheme is a non-adaptive IND-FE which satisfies selective opening secure in the simulation sense. In addition, the scheme can encrypt messages of any bit length other than bitwise and it is secure against SOA-C and SOAK simultaneously while the two attacks were appeared in different model before. According to the different functionality f, our scheme can specialize as IBE, ABE and even PE schemes secure against SOA.
منابع مشابه
Lossy Encryption: Constructions from General Assumptions and Efficient Selective Opening Chosen Ciphertext Security
Lossy encryption was originally studied as a means of achieving efficient and composable oblivious transfer. Bellare, Hofheinz and Yilek showed that lossy encryption is also selective opening secure. We present new and general constructions of lossy encryption schemes and of cryptosystems secure against selective opening adversaries. We show that every re-randomizable encryption scheme gives ri...
متن کاملOn Definitions of Selective Opening Security
Assume that an adversary observes many ciphertexts, and may then ask for openings, i.e. the plaintext and the randomness used for encryption, of some of them. Do the unopened ciphertexts remain secure? There are several ways to formalize this question, and the ensuing security notions are not known to be implied by standard notions of encryption security. In this work, we relate the two existin...
متن کاملPossibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening
The existence of encryption and commitment schemes secure under selective opening attack (SOA) has remained open despite considerable interest and attention. We provide the rst public key encryption schemes secure against sender corruptions in this setting. The underlying tool is lossy encryption. We then show that no non-interactive or perfectly binding commitment schemes can be proven secure ...
متن کاملKey Dependent Message Security and Receiver Selective Opening Security for Identity-Based Encryption
We construct two identity-based encryption (IBE) schemes. The first one is IBE satisfying key dependent message (KDM) security for user secret keys. The second one is IBE satisfying simulation-based receiver selective opening (RSO) security. Both schemes are secure against adaptive-ID attacks and do not have any a-priori bound on the number of challenge identities queried by adversaries in the ...
متن کاملOn the Selective Opening Security of Practical Public-Key Encryption Schemes
We show that two well-known and widely employed public-key encryption schemes – RSA Optimal Asymmetric Encryption Padding (RSA-OAEP) and Diffie-Hellman Integrated Encryption Standard (DHIES), the latter one instantiated with a one-time pad, – are secure under (the strong, simulation-based security notion of) selective opening security against chosen-ciphertext attacks in the random oracle model...
متن کامل