Journal
PUBLIC-KEY CRYPTOGRAPHY - PKC 2018, PT I
Volume 10769, Issue -, Pages 253-279Publisher
SPRINGER INTERNATIONAL PUBLISHING AG
DOI: 10.1007/978-3-319-76578-5_9
Keywords
Hedged security; Nonce-based public-key encryption; Deterministic public-key encryption; Randomness failures
Categories
Funding
- National Natural Science Foundation of China [61472091, 61702125]
- Scientific Research Foundation for Post-doctoral Researchers of Guangzhou [gdbsh2016020]
- Guangdong Natural Science Funds for Distinguished Young Scholar [2015A030306045]
- Pearl River S&T Nova Program of Guangzhou
- Program for Innovative Research Team in Education Department of Guangdong Province [2015KCXTD014, 2016KCXTD017]
- National Natural Science Foundation for Outstanding Youth Foundation [61722203]
- State Key Laboratory of Cryptology, Beijing, China
Ask authors/readers for more resources
Nowadays it is well known that randomness may fail due to bugs or deliberate randomness subversion. As a result, the security of traditional public-key encryption (PKE) cannot be guaranteed any more. Currently there are mainly three approaches dealing with the problem of randomness failures: deterministic PKE, hedged PKE, and nonce-based PKE. However, these three approaches only apply to different application scenarios respectively. Since the situations in practice are dynamic and very complex, it's almost impossible to predict the situation in which a scheme is deployed, and determine which approach should be used beforehand. In this paper, we initiate the study of hedged security for nonce-based PKE, which adaptively applies to the situations whenever randomness fails, and achieves the best-possible security. Specifically, we lift the hedged security to the setting of nonce-based PKE, and formalize the notion of chosen-ciphertext security against chosen-distribution attacks (IND-CDA2) for nonce-based PKE. By presenting two counterexamples, we show a separation between our IND-CDA2 security for nonce-based PKE and the original NBP1/NBP2 security defined by Bellare and Tackmann (EUROCRYPT 2016). We show two nonce-based PKE constructions meeting IND-CDA2, NBP1 and NBP2 security simultaneously. The first one is a concrete construction in the random oracle model, and the second one is a generic construction based on a nonce-based PKE scheme and a deterministic PKE scheme.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available