17 Hits in 6.1 sec

Simulation-Based Selective Opening CCA Security for PKE from Key Encapsulation Mechanisms [chapter]

Shengli Liu, Kenneth G. Paterson
2015 Lecture Notes in Computer Science  
We investigate what properties are needed from the KEM to achieve SIM-SO-CCA security. We also give three instantiations of our construction.  ...  Building on techniques used to achieve weak deniable encryption and non-committing encryption, Fehr et al.  ...  including deniable encryption with IND-CPA security, PKE with IND-CPA and IND-CCA security, KEM with IND-CCA security, injective trapdoor functions, etc.  ... 
doi:10.1007/978-3-662-46447-2_1 fatcat:euo62mqgbzaezj3xbnfrgi52ri

A Twist on the Naor-Yung Paradigm and Its Application to Efficient CCA-Secure Encryption from Hard Search Problems [chapter]

Ronald Cramer, Dennis Hofheinz, Eike Kiltz
2010 Lecture Notes in Computer Science  
that specifies how to use the weakly secure encryption scheme; concretely, a NY-encryption contains several weak encryptions of the same plaintext, a non-interactive zero-knowledge (NIZK) proof system  ...  The Naor-Yung (NY) paradigm shows how to build a chosenciphertext secure encryption scheme from three conceptual ingredients: a weakly (i.e., IND-CPA) secure encryption scheme, a "replication strategy"  ...  IND-CCA security from identity-based encryption.  ... 
doi:10.1007/978-3-642-11799-2_10 fatcat:nelncad76fhinfsddxvcmunm5i

Constructing and Understanding Chosen Ciphertext Security via Puncturable Key Encapsulation Mechanisms [chapter]

Takahiro Matsuda, Goichiro Hanaoka
2015 Lecture Notes in Computer Science  
EURO-CRYPT'12), and (3) a new security proof for a KEM-analogue of the DDN construction from a set of assumptions: sender non-committing encryption (SNCE) and non-interactive witness indistinguishable  ...  Then, as our main technical result, we show how to construct a PKEM satisfying our requirements (and thus a CCA secure KEM) from a new set of general cryptographic primitives: SNCE and symmetric key encryption  ...  that error-less decryption is guaranteed, which cannot be achieved by sender-equivocable encryption.  ... 
doi:10.1007/978-3-662-46494-6_23 fatcat:s5e6hndncvgtdjszdcwdequxsa

T0RTT: Non-Interactive Immediate Forward-Secret Single-Pass Circuit Construction

Sebastian Lauer, Kai Gellert, Robert Merget, Tobias Handirk, Jörg Schwenk
2020 Proceedings on Privacy Enhancing Technologies  
Using modern cryptographic primitives such as puncturable encryption allow to achieve immediate forward secrecy using only 𝒪(n) messages.  ...  The current circuit construction protocol provides strong security guarantees such as forward secrecy by exchanging 𝒪(n2) messages.For several years it has been an open question if the same strong security  ...  Only puncturable KEMs with non-negligible correctness error [17, 18] need to utilize the dummy onion technique to prevent failure detection.  ... 
doi:10.2478/popets-2020-0030 fatcat:q3rlcpz37ffqxok2v3wxrndjke

Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange

David Derler, Kai Gellert, Tibor Jager, Daniel Slamanig, Christoph Striecks
2021 Journal of Cryptology  
We describe different constructions of BFE schemes and show how these yield new puncturable encryption mechanisms with extremely efficient puncturing.  ...  It is based on puncturable encryption.  ...  From IND-CCA-secure KEMs to IND-CCA-secure encryption.  ... 
doi:10.1007/s00145-021-09374-3 fatcat:ietc5dqgobc2jnkwb7gxhytvo4

Practical Chosen Ciphertext Secure Encryption from Factoring [chapter]

Dennis Hofheinz, Eike Kiltz
2009 Lecture Notes in Computer Science  
We propose a practical public-key encryption scheme whose security against chosen-ciphertext attacks can be reduced in the standard model to the assumption that factoring is intractable.  ...  Acknowledgements We are grateful to Victor Shoup, who generously allowed us to use his observations on how to compress the public key from O( T ) down to two group elements, and on how to get rid of the  ...  It is well-known that an IND-CCA secure KEM combined with a (one-time-)IND-CCA secure symmetric cipher (DEM) yields a IND-CCA secure public-key encryption scheme [15] .  ... 
doi:10.1007/978-3-642-01001-9_18 fatcat:c2rpjmufsfgktinucqrcym42y4

Post-Quantum Cryptography: Computational-Hardness Assumptions and Beyond [article]

Thomas Attema, Nicole Gervasoni, Michiel Marcus, Gabriele Spini
2021 IACR Cryptology ePrint Archive  
by a quantum computer, it does raises questions on the exact security guarantees that they can provide.  ...  proofs that are affected by quantum-attackers, detailing what is the current status of research on the topic and what the expected effects on security are.  ...  If the original non-deterministic asymmetric encryption scheme has an encryption function EN C pk (m, r), and a decryption function DEC sk (c), then we can construct a new encryption scheme with encryption  ... 
dblp:journals/iacr/AttemaGMS21 fatcat:emo4s6mhcfaq3g3pk255dyp5fq

Trading Plaintext-Awareness for Simulatability to Achieve Chosen Ciphertext Security [chapter]

Takahiro Matsuda, Goichiro Hanaoka
2016 Lecture Notes in Computer Science  
Our results add new recipes for constructing CCA secure PKE/KEM from general assumptions (that are incomparable to those used by Dachman-Soled), and in particular show interesting trade-offs among building  ...  In PKC 2014, Dachman-Soled showed a construction of a chosen ciphertext (CCA) secure public key encryption (PKE) scheme based on a PKE scheme which simultaneously satisfies a security property called weak  ...  weaker non-adaptive CCA (CCA1) security.  ... 
doi:10.1007/978-3-662-49384-7_1 fatcat:6wan7c2hjfcfrh2kupzphsmx44

Practical Chosen Ciphertext Secure Encryption from Factoring

Dennis Hofheinz, Eike Kiltz, Victor Shoup
2011 Journal of Cryptology  
We propose a practical public-key encryption scheme whose security against chosen-ciphertext attacks can be reduced in the standard model to the assumption that factoring is intractable.  ...  It is wellknown that an IND-CCA secure KEM combined with a (one-time-)IND-CCA secure symmetric cipher (DEM) yields a IND-CCA secure public-key encryption scheme [17] .  ...  Their generic construction is based on non-interactive zero-knowledge proofs, and therefore, (using the proof systems from [21] ) yields a scheme CCA secure under the factoring assumption.  ... 
doi:10.1007/s00145-011-9115-0 fatcat:jzia33nwwjdktdrgsxgmym7fni

How to use indistinguishability obfuscation

Amit Sahai, Brent Waters
2014 Proceedings of the 46th Annual ACM Symposium on Theory of Computing - STOC '14  
In addition, we show the generality of our punctured programs technique by also constructing a variety of core cryptographic objects from indistinguishability obfuscation and one-way functions (or close  ...  We introduce a new technique, that we call punctured programs, to apply indistinguishability obfuscation towards cryptographic problems.  ...  Note that any deniable encryption scheme must incur at least some negligible decryption error.  ... 
doi:10.1145/2591796.2591825 dblp:conf/stoc/SahaiW14 fatcat:ugf3zionw5ailnca7fc3lxprfq

0-RTT Key Exchange with Full Forward Secrecy [chapter]

Felix Günther, Britta Hale, Tibor Jager, Sebastian Lauer
2017 Lecture Notes in Computer Science  
Our construction can be seen as an application of the puncturable encryption idea of Green and Miers (S&P 2015).  ...  In our construction we leverage a puncturable key encapsulation scheme which permits each ciphertext to only be decrypted once.  ...  This work was also partially supported by a STSM Grant from COST Action IC1306.  ... 
doi:10.1007/978-3-319-56617-7_18 fatcat:3xair5657vdwhls75m2ak4aqca

All-But-Many Lossy Trapdoor Functions and Selective Opening Chosen-Ciphertext Security from LWE [chapter]

Benoît Libert, Amin Sakzad, Damien Stehlé, Ron Steinfeld
2017 Lecture Notes in Computer Science  
In this paper, we describe the first all-but-many lossy trapdoor function with security relying on the presumed hardness of the Learning-With-Errors problem (LWE) with standard parameters.  ...  So far, very few public-key encryption schemes are known to provide simulation-based selective opening (SIM-SO-CCA2) security under chosen-ciphertext attacks and most of them encrypt messages bit-wise.  ...  (KEM) using a CCA2-secure KEM.  ... 
doi:10.1007/978-3-319-63697-9_12 fatcat:hplojwismvbptpcnbjfgyov4ma

Compact Authenticated Key Exchange in the Quantum Random Oracle Model [article]

Haiyang Xue, Man Ho Au, Rupeng Yang, Bei Liang, Haodong Jiang
2020 IACR Cryptology ePrint Archive  
First of all, it supports PKEs with non-perfect correctness. Secondly, the basic building block is compact and only requires one-wayness.  ...  We prove that, with some modification, the QROM security of X3LH can be reduced to the one-way security of double-key PKE.  ...  Assume 2PKE is [OW-CPA, OW-CPA] secure with decryption error δ 2 and PKE is OW-CPA secure with decryption error δ 1 . N users are involved and there are at most l sessions between two users.  ... 
dblp:journals/iacr/XueAYLJ20 fatcat:pwktcv6oxncnxlzl2v2w2pknde

A Survey on Code-Based Cryptography [article]

Violetta Weger, Niklas Gassner, Joachim Rosenthal
2022 arXiv   pre-print
(KEM) and digital signature schemes.  ...  We cover the main frameworks introduced in code-based cryptography and analyze their security assumptions.  ...  Encrypt the message c = P(m) c ←− − DECRYPTION Decrypt the cipher m = S(c) 2 . 2 Encryption: Bob chooses a message m and encrypts it by computing c = m e mod n. 3 . 3 Decryption: Alice can decrypt  ... 
arXiv:2201.07119v3 fatcat:oo53emg22jdxtmsevemlit7hlm

Primary-Secondary-Resolver Membership Proof Systems [chapter]

Moni Naor, Asaf Ziv
2015 Lecture Notes in Computer Science  
The second construction uses cuckoo hashing with a stash, where in order to prove non-membership, a secondary must prove that a search for it will fail, i.e. that it is not in the tables or the stash of  ...  The motivation for such systems is for constructing a secure Domain Name System (DNSSEC) that does not reveal any unnecessary information to its clients.  ...  Acknowledgments We thank our co-authors from [36] , Sharon Goldberg, Dimitrios Papadopoulos, Leonid Reyzin and Sachin Vasant for many helpful discussions and Yevgeniy Dodis for suggesting the question  ... 
doi:10.1007/978-3-662-46497-7_8 fatcat:oashvavwhff7fasmxcz6vx6l3e
« Previous Showing results 1 — 15 out of 17 results