TY - GEN

T1 - Chosen ciphertext security on hard membership decision groups

T2 - 9th International Conference on Security and Cryptography for Networks, SCN 2014

AU - Yamakawa, Takashi

AU - Yamada, Shota

AU - Nuida, Koji

AU - Hanaoka, Goichiro

AU - Kunihiro, Noboru

N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2014.

PY - 2014

Y1 - 2014

N2 - Nowadays, the chosen ciphertext (CCA) security is considered as the de facto standard security notion for public key encryption (PKE). CCA secure PKE schemes are often constructed on efficiently recognizable groups i.e., groups where the corresponding membership decision problem is easy. On the other hand, when we prove the CCA security of PKE schemes on not efficiently recognizable groups, much care are required. For example, even if a decryption query involves an unexpected element out of the group which causes a problem, the challenger cannot detect it due to the hardness of the membership decision for the group. However, such a possibility is often overlooked. As an example of such a group, in this paper, we consider the semi-smooth subgroup which was proposed by Groth (TCC 2005) for enhancing efficiency of factoring-based cryptographic primitives. Specifically, we propose a general technique to guarantee the CCA security of PKE schemes on the semi-smooth subgroup. Roughly speaking, we prove that for almost all natural “verification equations,” it is impossible to generate a query which does not consist of elements in the group and satisfies the equation if the factoring problem is hard. Hence, queries whose components are not in the group will be automatically rejected even though the simulator cannot recognize whether these components are in the group or not. By the same technique, we also prove that the strong Diffie-Hellman assumption holds on the “signed” semi-smooth subgroup under the factoring assumption, and improve the efficiency of a factoring-based noninteractive key exchange scheme by instantiating it on the semi-smooth subgroup.

AB - Nowadays, the chosen ciphertext (CCA) security is considered as the de facto standard security notion for public key encryption (PKE). CCA secure PKE schemes are often constructed on efficiently recognizable groups i.e., groups where the corresponding membership decision problem is easy. On the other hand, when we prove the CCA security of PKE schemes on not efficiently recognizable groups, much care are required. For example, even if a decryption query involves an unexpected element out of the group which causes a problem, the challenger cannot detect it due to the hardness of the membership decision for the group. However, such a possibility is often overlooked. As an example of such a group, in this paper, we consider the semi-smooth subgroup which was proposed by Groth (TCC 2005) for enhancing efficiency of factoring-based cryptographic primitives. Specifically, we propose a general technique to guarantee the CCA security of PKE schemes on the semi-smooth subgroup. Roughly speaking, we prove that for almost all natural “verification equations,” it is impossible to generate a query which does not consist of elements in the group and satisfies the equation if the factoring problem is hard. Hence, queries whose components are not in the group will be automatically rejected even though the simulator cannot recognize whether these components are in the group or not. By the same technique, we also prove that the strong Diffie-Hellman assumption holds on the “signed” semi-smooth subgroup under the factoring assumption, and improve the efficiency of a factoring-based noninteractive key exchange scheme by instantiating it on the semi-smooth subgroup.

UR - http://www.scopus.com/inward/record.url?scp=84927646822&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84927646822&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-10879-7_32

DO - 10.1007/978-3-319-10879-7_32

M3 - Conference contribution

AN - SCOPUS:84927646822

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 558

EP - 577

BT - Security and Cryptography for Networks - 9th International Conference, SCN 2014, Proceedings

A2 - Abdalla, Michel

A2 - de Prisco, Roberto

PB - Springer Verlag

Y2 - 3 September 2014 through 5 September 2014

ER -