Practical public key encryption with selective opening security for receivers

Data security and privacy protection is one of the highest concerns in cloud computing. Selective opening security (SOA security) is a security notion focusing oil a multi-user setting on the Internet. In recent years, many public-key encryption (PKE) constcutions have been proposed that meet SOA security. Most of them focus on the sender corruption setting. However, less attention has been paid on the receiver corruption setting. Inspired by the work of Heuer et al. (PKC 2015), which showed a practical SOA secure PKE scheme (in the sender corruption setting) from a key encapsulation mechanism (KEM) and a message authentication code (MAC), we propose a practical generic PKE construction achieving simulation-based SOA security under chosen-ciphertext attacks for recievers (RSIM-SO-CCA security). Our construction is also based on a KEM and a MAC. We show that if the underlying KEM is one-way secure in the presence of a plaintext-checking oracle (OW-PCA) and the underlying MAC is strong unforgeable under one-time chosen message attacks (sUF-OT-CMA), then our generic construction is RSIM-SO-CCA secure in the random oracle model. (C) 2018 Elsevier Inc. All rights reserved.