Data security against receiver corruptions: SOA security for receivers from simulatable DEMs

Data security and privacy protection issues are the primary network security threats. The notion of selective opening security (SOA) for receivers focuses on such a scenario of multiuser setting: there are one sender and multiple receivers. Upon receiving the multiple challenge ciphertexts, even if the adversary is allowed to corrupt some of the receivers (e.g. the Heartbleed attack) by obtaining the decryption keys corresponding to some of the challenge ciphertexts, the SOA security for receivers requires that the ciphertexts of the uncorrupted receivers remain secure. The setting of receiver corruptions is much less studied than that of sender corruptions, where the corrupted senders expose their messages and the random coins employed during the encryption. In this paper, we propose an approach to achieve simulation-based selective opening security for receivers under chosen-ciphertext attacks (RSIM-SO-CCA), with the help of the technique proposed by Heuer and Poettering in Asiacrypt 2016. Specifically, for a hybrid public-key encryption (PKE) scheme consisting of a blockcipher-based data encapsulation mechanism (DEM) and a key encapsulation mechanism (KEM), if the DEM and KEM meet some special properties, then the hybrid PKE scheme is RSIM-SO-CCA secure in the ideal cipher model. (C) 2018 Elsevier Inc. All rights reserved.