International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 23 February 2014

Hui Cui, Yi Mu, Man Ho Au
ePrint Report ePrint Report
Wee (PKC\'12) proposed a generic public-key encryption scheme in the setting of related-key attacks. Bellare, Paterson and Thomson (Asiacrypt\'12) provided a framework enabling related-key attack (RKA) secure cryptographic primitives for a class of non-linear related-key derivation functions. However, in both of their constructions, the instantiations to achieve the full (strong) RKA security are given under the scenario regarding the private key composed of single element. In other words, each element of the private key shares the same modification. However, this is impractical in real world. In this paper, we concentrate on the security of public-key encryption schemes under linear related-key attacks in the setting of multi-element private keys (that is, the private key is composed of more than one element), where an adversary is allowed to tamper any part of this private key stored in a hardware device, and subsequently observe the outcome of a public-key encryption system under this targeted modified private key.We define the security model for RKA secure public-key encryption schemes as chosen-ciphertext and related-key attack (CC-RKA) security, which means that a public-key encryption scheme remains secure even when an adversary is allowed to issue the decryption oracle on linear shifts of any component of the private key. After that, we present a detailed public-key encryption schemes with the private key formed of several elements, of which the CC-RKA security is under the decisional BDH assumption in the standard model.

Expand

Additional news items may be found on the IACR news page.