Plaintext awareness in identity-based key encapsulation

Manulis, Mark, Poettering, Bertram, & Stebila, Douglas (2013) Plaintext awareness in identity-based key encapsulation. International Journal of Information Security.

View at publisher

Abstract

The notion of plaintext awareness ( PA ) has many applications in public key cryptography: it offers unique, stand-alone security guarantees for public key encryption schemes, has been used as a sufficient condition for proving indistinguishability against adaptive chosen-ciphertext attacks ( IND-CCA ), and can be used to construct privacy-preserving protocols such as deniable authentication. Unlike many other security notions, plaintext awareness is very fragile when it comes to differences between the random oracle and standard models; for example, many implications involving PA in the random oracle model are not valid in the standard model and vice versa. Similarly, strategies for proving PA of schemes in one model cannot be adapted to the other model. Existing research addresses PA in detail only in the public key setting. This paper gives the first formal exploration of plaintext awareness in the identity-based setting and, as initial work, proceeds in the random oracle model. The focus is laid mainly on identity-based key encapsulation mechanisms (IB-KEMs), for which the paper presents the first definitions of plaintext awareness, highlights the role of PA in proof strategies of IND-CCA security, and explores relationships between PA and other security properties. On the practical side, our work offers the first, highly efficient, general approach for building IB-KEMs that are simultaneously plaintext-aware and IND-CCA -secure. Our construction is inspired by the Fujisaki-Okamoto (FO) transform, but demands weaker and more natural properties of its building blocks. This result comes from a new look at the notion of γ -uniformity that was inherent in the original FO transform. We show that for IB-KEMs (and PK-KEMs), this assumption can be replaced with a weaker computational notion, which is in fact implied by one-wayness. Finally, we give the first concrete IB-KEM scheme that is PA and IND-CCA -secure by applying our construction to a popular IB-KEM and optimizing it for better performance.

Impact and interest:

1 citations in Scopus
Search Google Scholar™
1 citations in Web of Science®

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 65167
Item Type: Journal Article
Refereed: Yes
Additional Information: • This research work is part of the bilateral research project between Germany and Australia, funded jointly by the German Academic Exchange Service (DAAD) through Grant No. 53361649 and by Australia’s Department of Innovation, Industry, Science and Research (DIISR). Mark Manulis was also supported by the German Research Foundation (DFG) through Grant MA 4096. He and Bertram Poettering wish further to acknowledge support from the Center of Advanced Security Research Darmstadt (CASED) and the European Center for Security and Privacy by Design (EC SPRIDE).
Keywords: Plaintext awareness, Identity-based encryption, Key encapsulation mechanism, Generic transformation
DOI: 10.1007/s10207-013-0218-5
ISSN: 1615-5262
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Copyright Owner: © 2013 Springer-Verlag Berlin Heidelberg.
Deposited On: 09 Dec 2013 00:39
Last Modified: 09 Dec 2013 23:33

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page