Randomness reuse: extensions and improvements (original) (raw)

Randomness re-use in multi-recipient encryption schemes

Lecture Notes in Computer Science, 2002

Kurosawa showed how one could design multi-receiver encryption schemes achieving savings in bandwidth and computation relative to the naive methods. We broaden the investigation. We identify new types of attacks possible in multi-recipient settings, which were overlooked by the previously suggested models, and specify an appropriate model to incorporate these types of attacks. We then identify a general paradigm that underlies his schemes and also others, namely the re-use of randomness: ciphertexts sent to different receivers by a single sender are computed using the same underlying coins. In order to avoid case by case analysis of encryption schemes to see whether they permit secure randomness re-use, we provide a condition, or test, that when applied to an encryption scheme shows whether or not the associated randomness re-using version of the scheme is secure. As a consequence, our test shows that randomness re-use is secure in the strong sense for asymmetric encryption schemes such as El Gamal, Cramer-Shoup, DHIES, and Boneh and Franklin's escrow El Gamal.

Randomness Re-use in Multi-recipient Encryption Schemeas

Lecture Notes in Computer Science, 2002

Multi-recipient encryption schemes: Security notions and randomness re-use

2003

This paper begins by refining Kurosawa's [Ku] definitions of security for multi-recipient encryption schemes (MRESs). It then considers a subclass of MRESs, that are formed by transforming standard encryption schemes via a natural technique called randomness re-use, and that offer important performance benefits. The main result is a way to avoid ad-hoc analyses of such schemes: we provide a general test that can be applied to a standard encryption scheme to determine whether the associated randomness re-using MRES is secure. This is applied to identify numerous specific secure and efficient randomness re-using MRESs. The results and applications cover both asymmetric and symmetric encryption.

Multi-recipient encryption schemes: Efficient constructions and their security

2007

This paper proposes several new schemes which allow a sender to send encrypted messages to multiple recipients more efficiently (in terms of bandwidth and computation) than by using a standard encryption scheme. Most of the proposed schemes explore a new natural technique called randomness re-use. In order to analyze security of our constructions we introduce a new notion of multi-recipient encryption schemes (MRESs) and provide definitions of security for them. We finally show a way to avoid ad-hoc analyses by providing a general test that can be applied to a standard encryption scheme to determine whether the associated randomness re-using MRES is secure. The results and applications cover both asymmetric and symmetric encryption.

Public Randomness in Cryptography

Advances in Cryptology — CRYPTO’ 92, 1993

The main contribution of this paper is the introduction of a formal notion of public randomness in the context of cryptography. We show how this notion a ects the de nition of the security of a cryptographic primitive and the de nition of how much security is preserved when one cryptographic primitive is reduced to another. Previous works considered the public random bits as a part of the input, and security was parameterized in terms of the total length of the input. We parameterize security solely in terms of the length of the private input, and treat the public random bits as a separate resource. This separation allows us to independently address the important issues of how much security is preserved by a reduction and how many public random bits are used in the reduction.

Non-interactive distributed encryption: A new primitive for revocable privacy

Proceedings of the ACM Conference on Computer and Communications Security, 2011

In this paper we introduce and instantiate a new cryptographic primitive, called non-interactive distributed encryption, that allows a receiver to decrypt a ciphertext only if a minimum number of different senders encrypt the same plaintext. The new functionality can be seen as the dual of the functionality provided by threshold cryptosystems. It is shown that this primitive can be used to solve real-world problems balancing security and privacy needs. In particular it is used to solve the canvas cutters problem (introduced below), that might be of independent interest.

On Generic Constructions of Circularly-Secure, Leakage-Resilient Public-Key Encryption Schemes

Public-Key Cryptography – PKC 2016, 2016

We propose generic constructions of public-key encryption schemes, satisfying key-dependent message (KDM) security for projections and different forms of key-leakage resilience, from CPA-secure private-key encryption schemes with two main abstract properties: (1) a form of (additive) homomorphism with respect to both plaintexts and randomness, and (2) reproducibility, providing a means for reusing encryption randomness across independent secret keys. More precisely, our construction transforms a private-key scheme with the stated properties (and one more mild condition) into a public-key one, providing:

Randomness in Multi-Secret Sharing Schemes

J. Univers. Comput. Sci., 1999

A m ultiisecret sharing scheme is a protocol to share a number of arbitrarily related secrets among a set of participants in such a w ay that only qualiied sets of participants can recover the secrets, whereas non-qualiied sets of participants might h a ve partial information about them. In this paper we analyze the amount o f randomness needed by m ultiisecret sharing schemes. Given an m-tuple of access structures, we give a l o wer bound on the number of random bits needed by m ultiisecret sharing schemes; the lower bound is expressed in terms of a combinatorial parameter that depends only upon the access structures and not on the particular multiisecret sharing scheme used.

Improved Non-committing Encryption Schemes Based on a General Complexity Assumption

2000

Non-committing encryption enables the construction of multiparty computation protocols secure against an adaptive adversary in the computational setting where private channels between players are not assumed. While any non-committing encryption scheme must be secure in the ordinary semantic sense, the converse is not necessarily true. We propose a construction of non-committing encryption that can be based on any public-key system which is secure in the ordinary sense and which has an extra property we call simulatability. This generalises an earlier scheme proposed by Beaver based on the Diffie-Hellman problem, and we propose another implementation based on RSA. In a more general setting, our construction can be based on any collection of trapdoor permutations with a certain simulatability property. This offers a considerable efficiency improvement over the first non-committing encryption scheme proposed by Canetti et al. Finally, at some loss of efficiency, our scheme can be based on general collections of trapdoor permutations without the simulatability assumption, and without the common-domain assumption of Canetti et al. In showing this last result, we identify and correct a bug in a key generation protocol from Canetti et al.

Randomness reuse: extensions and improvements (original) (raw)

Related papers