TY - GEN
T1 - Hedged Nonce-Based Public-Key Encryption: Adaptive Security Under Randomness Failures
AU - Huang, Zhengan
AU - Lai, Junzuo
AU - Chen, Wenbin
AU - Au, Man Ho
AU - Peng, Zhen
AU - Li, Jin
N1 - Funding Information:
Acknowledgment. We thank the anonymous reviewers for their helpful comments. The first author was supported by National Natural Science Foundation of China (No. 61702125), and Scientific Research Foundation for Post-doctoral Researchers of Guangzhou (No. gdbsh2016020). The second author was National Natural Science Foundation of China (No. 61572235), Guangdong Natural Science Funds for Distinguished Young Scholar (No. 2015A030306045), and Pearl River S&T Nova Program of Guangzhou. The third author was partly supported by the Program for Innovative Research Team in Education Department of Guangdong Province Under Grant No. 2015KCXTD014. and No. 2016KCXTD017. The sixth author was supported by National Natural Science Foundation of China (No. 61472091), National Natural Science Foundation for Outstanding Youth Foundation (No. 61722203), and the State Key Laboratory of Cryptology, Beijing, China.
Publisher Copyright:
© International Association for Cryptologic Research 2018.
PY - 2018
Y1 - 2018
N2 - Nowadays it is well known that randomness may fail due to bugs or deliberate randomness subversion. As a result, the security of traditional public-key encryption (PKE) cannot be guaranteed any more. Currently there are mainly three approaches dealing with the problem of randomness failures: Deterministic PKE, hedged PKE, and nonce-based PKE. However, these three approaches only apply to different application scenarios respectively. Since the situations in practice are dynamic and very complex, it's almost impossible to predict the situation in which a scheme is deployed, and determine which approach should be used beforehand. In this paper, we initiate the study of hedged security for nonce-based PKE, which adaptively applies to the situations whenever randomness fails, and achieves the best-possible security. Specifically, we lift the hedged security to the setting of nonce-based PKE, and formalize the notion of chosen-ciphertext security against chosen-distribution attacks (IND-CDA2) for nonce-based PKE. By presenting two counterexamples, we show a separation between our IND-CDA2 security for nonce-based PKE and the original NBP1/NBP2 security defined by Bellare and Tackmann (EUROCRYPT 2016). We show two nonce-based PKE constructions meeting IND-CDA2, NBP1 and NBP2 security simultaneously. The first one is a concrete construction in the random oracle model, and the second one is a generic construction based on a nonce-based PKE scheme and a deterministic PKE scheme.
AB - Nowadays it is well known that randomness may fail due to bugs or deliberate randomness subversion. As a result, the security of traditional public-key encryption (PKE) cannot be guaranteed any more. Currently there are mainly three approaches dealing with the problem of randomness failures: Deterministic PKE, hedged PKE, and nonce-based PKE. However, these three approaches only apply to different application scenarios respectively. Since the situations in practice are dynamic and very complex, it's almost impossible to predict the situation in which a scheme is deployed, and determine which approach should be used beforehand. In this paper, we initiate the study of hedged security for nonce-based PKE, which adaptively applies to the situations whenever randomness fails, and achieves the best-possible security. Specifically, we lift the hedged security to the setting of nonce-based PKE, and formalize the notion of chosen-ciphertext security against chosen-distribution attacks (IND-CDA2) for nonce-based PKE. By presenting two counterexamples, we show a separation between our IND-CDA2 security for nonce-based PKE and the original NBP1/NBP2 security defined by Bellare and Tackmann (EUROCRYPT 2016). We show two nonce-based PKE constructions meeting IND-CDA2, NBP1 and NBP2 security simultaneously. The first one is a concrete construction in the random oracle model, and the second one is a generic construction based on a nonce-based PKE scheme and a deterministic PKE scheme.
KW - Deterministic public-key encryption
KW - Hedged security
KW - Nonce-based public-key encryption
KW - Randomness failures
UR - http://www.scopus.com/inward/record.url?scp=85068351056&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-76578-5_9
DO - 10.1007/978-3-319-76578-5_9
M3 - Conference article published in proceeding or book
AN - SCOPUS:85068351056
SN - 9783319765778
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 253
EP - 279
BT - Public-Key Cryptography - PKC 2018 - 21st IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings
A2 - Abdalla, Michel
A2 - Dahab, Ricardo
PB - Springer Science and Business Media Deutschland GmbH
T2 - 21st IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2018
Y2 - 25 March 2018 through 29 March 2018
ER -