Ciphertext-auditable public key encryption

Satoshi Hada, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Loss of backup tapes containing personal information (PI) is a potential breach of privacy and encryption is the typical way to prevent the breach. This paper considers an attack scenario where an adversary who encrypts the PI for backup purpose tries to hide the plain PI in a valid-looking ciphertext without being detected. We show that the standard security notion IND-CCA2 does not capture such a scenario. For example, the Cramer-Shoup scheme is vulnerable to such an attack. To capture such a scenario, we define a new notion of "ciphertext-auditability" as a new property of public key encryption schemes (PKESs). It requires that, given a public key and a ciphertext, anyone should be able to verify whether the ciphertext was actually generated using the public key. Also, it requires that, given a public key and a plaintext, no adversary should be able to generate a valid-looking ciphertext so that the verification passes, but nevertheless the plaintext can be recovered from the ciphertext without the corresponding secret key. We propose a general construction of such PKESs based on standard cryptographic primitives in the random oracle model.

Original languageEnglish
Title of host publicationAdvances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings
PublisherSpringer Verlag
Pages308-321
Number of pages14
Volume4266 LNCS
ISBN (Print)3540476997, 9783540476993
Publication statusPublished - 2006
Event1st International Workshop on Security, IWSEC 2006 - Kyoto, Japan
Duration: Oct 23 2006Oct 24 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4266 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other1st International Workshop on Security, IWSEC 2006
CountryJapan
CityKyoto
Period10/23/0610/24/06

Fingerprint

Public Key Encryption
Public key
Cryptography
Scenarios
Attack
Valid
Random Oracle Model
Tapes
Encryption
Privacy
Verify
Standards

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Hada, S., & Sakurai, K. (2006). Ciphertext-auditable public key encryption. In Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings (Vol. 4266 LNCS, pp. 308-321). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4266 LNCS). Springer Verlag.

Ciphertext-auditable public key encryption. / Hada, Satoshi; Sakurai, Kouichi.

Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings. Vol. 4266 LNCS Springer Verlag, 2006. p. 308-321 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4266 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Hada, S & Sakurai, K 2006, Ciphertext-auditable public key encryption. in Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings. vol. 4266 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4266 LNCS, Springer Verlag, pp. 308-321, 1st International Workshop on Security, IWSEC 2006, Kyoto, Japan, 10/23/06.
Hada S, Sakurai K. Ciphertext-auditable public key encryption. In Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings. Vol. 4266 LNCS. Springer Verlag. 2006. p. 308-321. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Hada, Satoshi ; Sakurai, Kouichi. / Ciphertext-auditable public key encryption. Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings. Vol. 4266 LNCS Springer Verlag, 2006. pp. 308-321 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{010773d17ffd4f36ae9098efde680883,
title = "Ciphertext-auditable public key encryption",
abstract = "Loss of backup tapes containing personal information (PI) is a potential breach of privacy and encryption is the typical way to prevent the breach. This paper considers an attack scenario where an adversary who encrypts the PI for backup purpose tries to hide the plain PI in a valid-looking ciphertext without being detected. We show that the standard security notion IND-CCA2 does not capture such a scenario. For example, the Cramer-Shoup scheme is vulnerable to such an attack. To capture such a scenario, we define a new notion of {"}ciphertext-auditability{"} as a new property of public key encryption schemes (PKESs). It requires that, given a public key and a ciphertext, anyone should be able to verify whether the ciphertext was actually generated using the public key. Also, it requires that, given a public key and a plaintext, no adversary should be able to generate a valid-looking ciphertext so that the verification passes, but nevertheless the plaintext can be recovered from the ciphertext without the corresponding secret key. We propose a general construction of such PKESs based on standard cryptographic primitives in the random oracle model.",
author = "Satoshi Hada and Kouichi Sakurai",
year = "2006",
language = "English",
isbn = "3540476997",
volume = "4266 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "308--321",
booktitle = "Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings",
address = "Germany",

}

TY - GEN

T1 - Ciphertext-auditable public key encryption

AU - Hada, Satoshi

AU - Sakurai, Kouichi

PY - 2006

Y1 - 2006

N2 - Loss of backup tapes containing personal information (PI) is a potential breach of privacy and encryption is the typical way to prevent the breach. This paper considers an attack scenario where an adversary who encrypts the PI for backup purpose tries to hide the plain PI in a valid-looking ciphertext without being detected. We show that the standard security notion IND-CCA2 does not capture such a scenario. For example, the Cramer-Shoup scheme is vulnerable to such an attack. To capture such a scenario, we define a new notion of "ciphertext-auditability" as a new property of public key encryption schemes (PKESs). It requires that, given a public key and a ciphertext, anyone should be able to verify whether the ciphertext was actually generated using the public key. Also, it requires that, given a public key and a plaintext, no adversary should be able to generate a valid-looking ciphertext so that the verification passes, but nevertheless the plaintext can be recovered from the ciphertext without the corresponding secret key. We propose a general construction of such PKESs based on standard cryptographic primitives in the random oracle model.

AB - Loss of backup tapes containing personal information (PI) is a potential breach of privacy and encryption is the typical way to prevent the breach. This paper considers an attack scenario where an adversary who encrypts the PI for backup purpose tries to hide the plain PI in a valid-looking ciphertext without being detected. We show that the standard security notion IND-CCA2 does not capture such a scenario. For example, the Cramer-Shoup scheme is vulnerable to such an attack. To capture such a scenario, we define a new notion of "ciphertext-auditability" as a new property of public key encryption schemes (PKESs). It requires that, given a public key and a ciphertext, anyone should be able to verify whether the ciphertext was actually generated using the public key. Also, it requires that, given a public key and a plaintext, no adversary should be able to generate a valid-looking ciphertext so that the verification passes, but nevertheless the plaintext can be recovered from the ciphertext without the corresponding secret key. We propose a general construction of such PKESs based on standard cryptographic primitives in the random oracle model.

UR - http://www.scopus.com/inward/record.url?scp=33845276752&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33845276752&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:33845276752

SN - 3540476997

SN - 9783540476993

VL - 4266 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 308

EP - 321

BT - Advances in Information and Computer Security - First International Workshop on Security, IWSEC 2006, Proceedings

PB - Springer Verlag

ER -