Plaintext-aware encryption

About: Plaintext-aware encryption is a research topic. Over the lifetime, 1980 publications have been published within this topic receiving 101775 citations. The topic is also known as: Plaintext awareness.

Deterministic public key encryption and identity-based encryption from lattices in the auxiliary-input setting

Abstract: Deterministic public key encryption (D-PKE) provides an alternative to randomized public key encryption in various scenarios (e.g. search on encrypted data) where the latter exhibits inherent drawbacks. In CRYPTO'11, Brakerski and Segev formalized a framework for studying the security of deterministic public key encryption schemes with respect to auxiliary inputs. A trivial requirement is that the plaintext should not be efficiently recoverable from the auxiliary inputs. In this paper, we present an efficient deterministic public key encryption scheme in the auxiliary-input setting from lattices. The public key size, ciphertext size and ciphertext expansion factor are improved compared with the scheme proposed by Brakerski and Segev. Our scheme is also secure even in the multi-user setting where related messages may be encrypted under multiple public keys. In addition, the security of our scheme is based on the hardness of the learning with errors (LWE) problem which remains hard even for quantum algorithms. Furthermore, we consider deterministic identity-based public key encryption (D-IBE) in the auxiliary-input setting. The only known D-IBE scheme (without considering auxiliary inputs) in the standard model was proposed by Bellare et al. in EUROCRYPT'12. However, this scheme is only secure in the selective security setting, and Bellare et al. identified it as an open problem to construct adaptively secure D-IBE schemes. The second contribution of this work is to propose a D-IBE scheme from lattices that is adaptively secure.

Lattice Ciphertext Policy Attribute-based Encryption in the Standard Model

Abstract: A lattice ciphertext policy attribute based encryption (CP-ABE) scheme is presented, in which the ciphertext policy achieved is the AND-gates on multi-valued attributes. The previous construction with AND-gates on multi-valued attributes as ciphertext policy is based on bilinear paring technology. In this paper, inspired by the recent progress of lattice identity based encryption scheme, we achieve this access structure from lattice technology. There are two constructions given, and both of them can be viewed as an extension and generalization of the lattice identity based encryption schemes proposed by Agrawal et al., respectively. In addition, our constructions are shown to be secure under the learning with errors assumption in the standard model.

Threshold and revocation cryptosystems via extractable hash proofs

Abstract: We present a new unifying framework for constructing noninteractive threshold encryption and signature schemes, as well as broadcast encryption schemes, and in particular, derive several new cryptosystems based on hardness of factoring, including: - a threshold signature scheme (in the random oracle model) that supports ad-hoc groups (i.e., exponential number of identities and the set-up is independent of the total number of parties) and implements the standard Rabin signature; - a threshold encryption scheme that supports ad-hoc groups, where encryption is the same as that in the Blum-Goldwasser cryptosystem and therefore more efficient than RSA-based implementations; - a CCA-secure threshold encryption scheme in the random oracle model; - a broadcast encryption scheme (more precisely, a revocation cryptosystem) that supports ad-hoc groups, whose complexity is comparable to that of the Naor-Pinkas scheme; moreover, we provide a variant of the construction that is CCA-secure in the random oracle model. Our framework rests on a new notion of threshold extractable hash proofs. The latter can be viewed as a generalization of the extractable hash proofs, which are a special kind of non-interactive zero-knowledge proof of knowledge.

Proof of plaintext knowledge for the ajtai-dwork cryptosystem

Abstract: Ajtai and Dwork proposed a public-key encryption scheme in 1996 which they proved secure under the assumption that the unique shortest vector problem is hard in the worst case. This cryptosystem and its extension by Regev are the only one known for which security can be proved under a worst case assumption, and as such present a particularly interesting case to study. In this paper, we show statistical zero-knowledge protocols for statements of the form “plaintext m corresponds to ciphertext c” and “ciphertext c and c' decrypt to the same value” for the Ajtai-Dwork cryptosystem. We then show a interactive zero-knowledge proof of plaintext knowledge (PPK) for the Ajtai-Dwork cryptosystem, based directly on the security of the cryptosystem rather than resorting to general interactive zero-knowledge constructions. The witness for these proofs is the randomness used in the encryption.