Relations between robustness and RKA security under public-key encryption

Hui Cui, Yi Mu, Man Ho Allen Au

Research output: Journal article publicationJournal articleAcademic researchpeer-review

2 Citations (Scopus)


We revisit the notions of robustness introduced by Abdalla, Bellare and Neven (TCC 2010), and related-key attack (RKA) security raised by Bellare, Cash and Miller (ASIACRYPT 2011). In the setting of public-key encryption (PKE), robustness means that it is hard to produce a ciphertext that is valid for two different users, while RKA security means that a PKE scheme is still secure even when an attacker can induce modifications in a decryption key, and subsequently observe the outcome of this PKE scheme under this modified key. In this paper, we explore the relationship between RKA security and various notions of robustness (weak, strong, complete, and so so). We show, there is no implication between weak (strong) robustness and RKA security while complete robustness implies RKA security but is not implied by RKA security; besides complete robustness, there exist other ROB definitions that can imply RKA security if they meet some security requirements. This result provides a different framework enabling the construction of PKE schemes that are secure under the restricted related key attacks. Also, we instantiate how a robust PKE scheme achieves RKA security, and compare it with other existing ways of achieving RKA security in public-key setting.
Original languageEnglish
Pages (from-to)78-91
Number of pages14
JournalTheoretical Computer Science
Publication statusPublished - 16 May 2016
Externally publishedYes


  • Public-key encryption
  • Related-key attack
  • Robustness

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this