Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free Public-key encryption indistinguishable under plaintext-checkable attacks

© The Institution of Engineering and Technology
Received 05/11/2015, Accepted 22/03/2016, Revised 28/02/2016, Published 08/04/2016

Indistinguishability under chosen-ciphertext attack (IND-CCA) is now considered the de facto security notion for public-key encryption. However, this sometimes offers a stronger security guarantee than what is needed. In this study, the authors consider a weaker security notion, termed as indistinguishability under plaintext-checking attacks (IND-PCA), in which the adversary has only access to an oracle indicating whether or not a given ciphertext encrypts a given message. After formalising this notion, the authors design a new public-key encryption scheme satisfying it. The new scheme is a variant of the Cramer–Shoup encryption scheme with shorter ciphertexts. Its security is also based on the plain decisional Diffie–Hellman (DDH) assumption. Additionally, the algebraic properties of the new scheme allow proving plaintext knowledge using Groth–Sahai non-interactive zero-knowledge proofs or smooth projective hash functions. Finally, as a concrete application, the authors show that, for many password-based authenticated key exchange (PAKE) schemes in the Bellare–Pointcheval–Rogaway security model, they can safely replace the underlying IND-CCA encryption schemes with their new IND-PCA one. By doing so, they reduce the overall communication complexity of these protocols and obtain the most efficient PAKE schemes to date based on plain DDH.

Inspec keywords: message authentication; public key cryptography; cryptographic protocols

Other keywords: public-key encryption; indistinguishability under chosen-ciphertext attack; algebraic properties; Cramer–Shoup encryption scheme; Oracle; Diffie-Hellman assumption; IND-PCA; password-based authenticated key exchange scheme; Bellare-Pointcheval-Rogaway security model; PAKE schemes; ciphertext encryption; smooth projective hash functions; indistinguishability under plaintext-checking attacks; Groth-Sahai noninteractive zero-knowledge proofs; IND-CCA; DDH; IND-CCA encryption schemes; plaintext knowledge; communication complexity

Subjects: Cryptography; Protocols; Data security

References

    1. 1)
      • 27. Bellovin, S.M., Merritt, M.: ‘Encrypted key exchange: Password-based protocols secure against dictionary attacks’. 1992 IEEE Symp. on Security and Privacy, 1992, pp. 7284.
    2. 2)
      • 43. Bellare, M., Boldyreva, A., Palacio, A.: ‘An uninstantiable random-oracle-model scheme for a hybrid-encryption problem’. EUROCRYPT 2004, Heidelberg, 2004 (LNCS, 3027), pp. 171188.
    3. 3)
      • 8. Okamoto, T., Pointcheval, D.: ‘REACT: rapid enhanced-security asymmetric cryptosystem transform’. CT-RSA 2001, Heidelberg, 2001 (LNCS, 2020), pp. 159175.
    4. 4)
      • 49. ElGamal, T.: ‘A public key cryptosystem and a signature scheme based on discrete logarithms’. CRYPTO'84, Heidelberg, 1984 (LNCS, 196), pp. 1018.
    5. 5)
      • 22. Katz, J., Ostrovsky, R., Yung, M.: ‘Efficient and secure authenticated key exchange using weak passwords’, J. ACM, 2009, 57, (1), pp. 78116.
    6. 6)
      • 42. Goldwasser, S., Kalai, Y.T.: ‘On the (in)security of the Fiat-Shamir paradigm’. 44th FOCS, 2003, pp. 102115.
    7. 7)
      • 28. Bellovin, S.M., Merritt, M.: ‘Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise’. ACM CCS 93, 1993, pp. 244250.
    8. 8)
      • 38. Bresson, E., Chevassut, O., Pointcheval, D.: ‘New security results on encrypted key exchange’. PKC 2004, Heidelberg, 2004 (LNCS, 2947), ( pp. 145158.
    9. 9)
      • 3. Naor, M., Yung, M.: ‘Public-key cryptosystems provably secure against chosen ciphertext attacks’. 22nd ACM STOC, 1990, pp. 427437.
    10. 10)
      • 5. Dolev, D., Dwork, C., Naor, M.: ‘Non-malleable cryptography (extended abstract)’. 23rd ACM STOC, 1991, pp. 542552.
    11. 11)
      • 13. Abdalla, M., Chevalier, C., Pointcheval, D.: ‘Smooth projective hashing for conditionally extractable commitments’. CRYPTO 2009, Heidelberg, 2009 (LNCS, 5677), pp. 671689.
    12. 12)
      • 32. Diffie, W., Hellman, M.E.: ‘New directions in cryptography’, IEEE Trans. Inf. Theory, 1976, 22, (6), pp. 644654.
    13. 13)
      • 10. Naor, M., Reingold, O.: ‘Number-theoretic constructions of efficient pseudo-random functions’. 38th FOCS, 1997, pp. 458467.
    14. 14)
      • 11. Groth, J., Sahai, A.: ‘Efficient non-interactive proof systems for bilinear groups’. EUROCRYPT 2008, Heidelberg, 2008 (LNCS, 4965), pp. 415432.
    15. 15)
      • 4. Rackoff, C., Simon, D.R.: ‘Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack’. CRYPTO'91, Heidelberg, 1992 (LNCS, 576), pp. 433444.
    16. 16)
      • 20. Katz, J., Ostrovsky, R., Yung, M.: ‘Forward secrecy in password-only key exchange protocols’. SCN 02, Heidelberg, 2003 (LNCS, 2576), pp. 2944.
    17. 17)
      • 21. Gennaro, R.: ‘Faster and shorter password-authenticated key exchange’. TCC 2008, Heidelberg, 2008 (LNCS, 4948), pp. 589606.
    18. 18)
      • 17. Katz, J., Vaikuntanathan, V.: ‘Round-optimal password-based authenticated key exchange’. TCC 2011, Heidelberg, 2011 (LNCS, 6597), pp. 293310.
    19. 19)
      • 14. Bellare, M., Pointcheval, D., Rogaway, P.: ‘Authenticated key exchange secure against dictionary attacks’. EUROCRYPT 2000, Heidelberg, 2000 (LNCS, 1807), pp. 139155.
    20. 20)
      • 15. Gennaro, R., Lindell, Y.: ‘A framework for password-based authenticated key exchange’. EUROCRYPT 2003, Heidelberg, 2003 (LNCS, 2656), pp. 524543, http://eprint.iacr.org/2003/032.ps.gz.
    21. 21)
      • 47. Abdalla, M., Benhamouda, F., Blazy, O., et al: ‘SPHF-friendly non-interactive commitments’. ASIACRYPT 2013, Heidelberg, 2013 (LNCS Part I, 8269), pp. 214234.
    22. 22)
      • 1. Goldwasser, S., Micali, S.: ‘Probabilistic encryption’, J. Comput. Syst. Sci., 1984, 28, (2), pp. 270299.
    23. 23)
      • 2. Bleichenbacher, D.: ‘Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1’. CRYPTO'98, Heidelberg, 1998 (LNCS, 1462), pp. 112.
    24. 24)
      • 44. Goldreich, O., Lindell, Y.: ‘Session-key generation using human passwords only’. CRYPTO 2001, Heidelberg, 2001 (LNCS, 2139), pp. 408432.
    25. 25)
      • 50. Kurosawa, K., Desmedt, Y.: ‘A new paradigm of hybrid encryption scheme’. CRYPTO 2004, Heidelberg, 2004 (LNCS, 3152), pp. 426442.
    26. 26)
      • 37. Bresson, E., Chevassut, O., Pointcheval, D.: ‘Security proofs for an efficient password-based key exchange’. ACM CCS 03, 2003, pp. 241250.
    27. 27)
      • 45. Bohli, J.-M., Gonzalez Vasco, M.I., Steinwandt, R.: ‘Password-authenticated constant-round group key establishment with a common reference string’. Cryptology ePrint Archive, Report 2006/214, 2006, http://eprint.iacr.org/2006/214.
    28. 28)
      • 24. Abdalla, M., Pointcheval, D.: ‘A scalable password-based group key exchange protocol in the standard model’. ASIACRYPT 2006, Heidelberg, 2006 (LNCS, 4284), pp. 332347.
    29. 29)
      • 18. Katz, J., Ostrovsky, R., Yung, M.: ‘Efficient password-authenticated key exchange using human-memorable passwords’. EUROCRYPT 2001, Heidelberg, 2001 (LNCS, 2045), pp. 475494.
    30. 30)
      • 40. Canetti, R., Goldreich, O., Halevi, S.: ‘The random oracle methodology, revisited (preliminary version)’. 30th ACM STOC, 1998, pp. 209218.
    31. 31)
      • 54. Abdalla, M., Fouque, P.-A., Pointcheval, D.: ‘Password-based authenticated key exchange in the three-party setting’. PKC 2005, Heidelberg, 2005 (LNCS, 3386), pp. 6584.
    32. 32)
      • 26. Benhamouda, F., Blazy, O., Chevalier, C., et al: ‘New techniques for SPHFs and efficient one-round PAKE protocols’. CRYPTO 2013, Heidelberg, 2013 (LNCS Part I, 8042), pp. 449475.
    33. 33)
      • 41. Nielsen, J.B.: ‘Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case’. CRYPTO 2002, Heidelberg, 2002 (LNCS, 2442), pp. 111126.
    34. 34)
      • 36. MacKenzie, P.D.: ‘The PAK suite: protocols for password-authenticated key exchange’. Contributions to IEEE P1363.2, 2002.
    35. 35)
      • 34. Bellare, M., Rogaway, P.: ‘Provably secure session key distribution: the three party case’. 27th ACM STOC, 1995, pp. 5766.
    36. 36)
      • 29. Lucks, S.: ‘Open key exchange: how to defeat dictionary attacks without encrypting public keys’. Workshop on Security Protocols, 1997.
    37. 37)
      • 52. Bellare, M., Rogaway, P.: ‘Code-based game-playing proofs and the security of triple encryption’. Cryptology ePrint Archive, Report 2004/331, 2004, http://eprint.iacr.org/2004/331.
    38. 38)
      • 33. Boyko, V., MacKenzie, P.D., Patel, S.: ‘Provably secure password-authenticated key exchange using Diffie-Hellman’. EUROCRYPT 2000, Springer, Heidelberg, 2000 (LNCS, 1807), pp. 156171.
    39. 39)
      • 25. Jiang, S., Gong, G.: ‘Password based key exchange with mutual authentication’. SAC 2004, Heidelberg, 2004 (LNCS, 3357), pp. 267279.
    40. 40)
      • 39. Abdalla, M., Pointcheval, D.: ‘Simple password-based encrypted key exchange protocols’. CT-RSA 2005, Heidelberg, 2005 (LNCS, 3376), pp. 191208.
    41. 41)
      • 7. Bellare, M., Desai, A., Pointcheval, D., et al: ‘Relations among notions of security for public-key encryption schemes’. CRYPTO'98, Heidelberg, 1998 (LNCS, 1462), pp. 2645.
    42. 42)
      • 31. Steiner, M., Tsudik, G., Waidner, M.: ‘Refinement and extension of encrypted key exchange’, ACM SIGOPS Oper. Syst. Rev., 1995, 29, (3), pp. 2230.
    43. 43)
      • 51. Gennaro, R., Shoup, V.: ‘A note on an encryption scheme of kurosawa and desmedt’. Cryptology ePrint Archive, Report 2004/194, 2004, http://eprint.iacr.org/2004/194.
    44. 44)
      • 9. Cramer, R., Shoup, V.: ‘A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack’. CRYPTO'98, Heidelberg, 1998 (LNCS, 1462), pp. 1325.
    45. 45)
      • 19. Katz, J., MacKenzie, P.D., Taban, G., et al: ‘Two-server password-only authenticated key exchange’. ACNS 05, Heidelberg, 2005 (LNCS, 3531), pp. 116.
    46. 46)
      • 23. Canetti, R., Halevi, S., Katz, J., et al: ‘Universally composable password-based key exchange’. EUROCRYPT 2005, Heidelberg, 2005 (LNCS, 3494), pp. 404421.
    47. 47)
      • 53. Shoup, V.: ‘Sequences of games: a tool for taming complexity in security proofs’. Cryptology ePrint Archive, Report 2004/332, 2004, http://eprint.iacr.org/2004/332.
    48. 48)
      • 48. Abdalla, M., Benhamouda, F., Pointcheval, D.: ‘Public-key encryption indistinguishable under plaintext-checkable attacks’. PKC 2015, Heidelberg, 2015 (LNCS, 9020), pp. 332352.
    49. 49)
      • 16. Groce, A., Katz, J.: ‘A new framework for efficient password-based authenticated key exchange’. ACM CCS 10, 2010, pp. 516525.
    50. 50)
      • 46. Canetti, R.: ‘Universally composable security: a new paradigm for cryptographic protocols’. 42nd FOCS, 2001, pp. 136145.
    51. 51)
      • 35. Shoup, V.: ‘On formal models for secure key exchange’. Technical Report RZ 3120, IBM, 1999.
    52. 52)
      • 6. Dolev, D., Dwork, C., Naor, M.: ‘Nonmalleable cryptography’, SIAM J. Comput., 2000, 30, (2), pp. 391437.
    53. 53)
      • 12. Cramer, R., Shoup, V.: ‘Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption’. EUROCRYPT 2002Heidelberg, 2002 (LNCS, 2332), pp. 4564.
    54. 54)
      • 30. Jablon, D.P.: ‘Extended password key exchange protocols immune to dictionary attacks’. 6th IEEE Int. Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 1997), Cambridge, MA, USA, 1997, pp. 248255.
    55. 55)
      • 55. Benhamouda, F., Blazy, O., Chevalier, C., et al: ‘New smooth projective hash functions and one-round authenticated key exchange’. Cryptology ePrint Archive, Report 2013/034, 2013, http://eprint.iacr.org/2013/034.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2015.0500
Loading

Related content

content/journals/10.1049/iet-ifs.2015.0500
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address