Skip to main content
SpringerLink
Log in

On the CCA Compatibility of Public-Key Infrastructure

  • Conference paper
  • First Online:
Public-Key Cryptography – PKC 2021 (PKC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12711))

Included in the following conference series:

Abstract

In this work, we put forth the notion of compatibility of any key generation or setup algorithm. We focus on the specific case of encryption, and say that a key generation algorithm \(\mathsf {KeyGen}\) is \(\mathsf {X}\text {-compatible}\) (for \(\mathsf {X} \in \{\mathsf {CPA},\mathsf {CCA1},\mathsf {CCA2}\}\)) if there exist encryption and decryption algorithms that together with \(\mathsf {KeyGen}\), result in an \(\mathsf {X}\)-secure public-key encryption scheme.

We study the following question: Is every \(\mathsf {CPA}\text {-compatible}\) key generation algorithm also \(\mathsf {CCA}\text {-compatible}\)? We obtain the following answers:

  • Every sub-exponentially \(\mathsf {CPA}\text {-compatible}\) \(\mathsf {KeyGen}\) algorithm is \(\mathsf {CCA1}\text {-compatible}\), assuming the existence of hinting PRGs and sub-exponentially secure keyless collision resistant hash functions.

  • Every sub-exponentially \(\mathsf {CPA}\text {-compatible}\) \(\mathsf {KeyGen}\) algorithm is also \(\mathsf {CCA2}\text {-compatible}\), assuming the existence of non-interactive CCA2 secure commitments, in addition to sub-exponential security of the assumptions listed in the previous bullet.

Here, sub-exponentially \(\mathsf {CPA}\text {-compatible}\) \(\mathsf {KeyGen}\) refers to any key generation algorithm for which there exist encryption and decryption algorithms that result in a \(\mathsf {CPA}\)-secure public-key encryption scheme against sub-exponential adversaries.

This gives a way to perform CCA secure encryption given any public key infrastructure that has been established with only (sub-exponential) CPA security in mind. The resulting CCA encryption makes black-box use of the CPA scheme and all other underlying primitives.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The choice of \(2^{2^{{\kappa }}}\) is somewhat arbitrary as the condition is in place so that the game is well defined on all P.

  2. 2.

    For ease of exposition we assume that \(\ell \) coins are both used for encryption with security parameter \({\kappa }\) as well as a commitment with security parameter \({\kappa '}\). In practice if one is less than then other the extraneous bits can be truncated.

References

  1. Berman, I., Degwekar, A., Rothblum, R.D., Vasudevan, P.N.: Multi-collision resistant hash functions and their applications. In: Nielsen and Rijmen [27], pp. 133–161, https://doi.org/10.1007/978-3-319-78375-8_5

  2. Bitansky, N., Kalai, Y.T., Paneth, O.: Multi-collision resistance: a paradigm for keyless hash functions. In: Diakonikolas, I., Kempe, D., Henzinger, M. (eds.) Proceedings of the 50th Annual ACM SIGACT STOC 2018, Los Angeles, CA, USA, June 25–29, 2018, pp. 671–684. ACM (2018). https://doi.org/10.1145/3188745.3188870

  3. Bitansky, N., Lin, H.: One-message zero knowledge and non-malleable commitments. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11239, pp. 209–234. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03807-6_8

    Chapter  Google Scholar 

  4. Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk [23], pp. 1–12. https://doi.org/10.1007/BFb0055716

  5. Boldyreva, A., Micciancio, D. (eds.): CRYPTO 2019. LNCS, vol. 11694. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8

    Book  MATH  Google Scholar 

  6. Canetti, R., Lin, H., Pass, R.: Adaptive hardness and composable security in the plain model from standard assumptions. In: Proceedings of the 51th Annual IEEE Symposium on Foundations of Computer Science. FOCS 2010, pp. 541–550 (2010)

    Google Scholar 

  7. Castryck, W., Sotáková, J., Vercauteren, F.: Breaking the decisional diffie-hellman problem for class group actions using genus theory. Cryptology ePrint Archive, Report 2020/151 (2020). https://eprint.iacr.org/2020/151

  8. Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk [23], pp. 13–25. https://doi.org/10.1007/BFb0055717

  9. Crescenzo, G.D., Ishai, Y., Ostrovsky, R.: Non-interactive and non-malleable commitment. In: Proceedings of the Thirtieth Annual ACM STOC, Dallas, Texas, USA, 23–26 May 1998, pp. 141–150 (1998). https://doi.org/10.1145/276698.276722, http://doi.acm.org/10.1145/276698.276722

  10. Damgård, I.B., Pedersen, T.P., Pfitzmann, B.: On the existence of statistically hiding bit commitment schemes and fail-stop signatures. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 250–265. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_22

    Chapter  Google Scholar 

  11. Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000). https://doi.org/10.1137/S0097539795291562

    Article  MathSciNet  MATH  Google Scholar 

  12. Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptology 26(1), 80–101 (2013). https://doi.org/10.1007/s00145-011-9114-1

    Article  MathSciNet  MATH  Google Scholar 

  13. Garg, R., Khurana, D., Lu, G., Waters, B.: Black-box non-interactive non-malleable commitments. Manuscript (2020)

    Google Scholar 

  14. Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) Symposium on Theory of Computing Conference, STOC 2013, Palo Alto, CA, USA, 1–4 June 2013.,pp. 467–476. ACM (2013). https://doi.org/10.1145/2488608.2488667

  15. Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984). https://doi.org/10.1016/0022-0000(84)90070-9

    Article  MathSciNet  MATH  Google Scholar 

  16. Halevi, S., Micali, S.: Practical and provably-secure commitment schemes from collision-free hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 201–215. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_16

    Chapter  Google Scholar 

  17. Jakobsen, J., Orlandi, C.: On the CCA (in)security of mtproto. In: Proc. of the 6th Workshop on Security and Privacy in Smartphones Mobile Devices, SPSM@CCS 2016, pp. 113–116 (2016). http://dl.acm.org/citation.cfm?id=2994468

  18. Kalai, Y.T., Khurana, D.: Non-interactive non-malleability from quantum supremacy. In: Boldyreva and Micciancio [5], pp. 552–582. https://doi.org/10.1007/978-3-030-26954-8_18

  19. Khurana, D., Sahai, A.: How to achieve non-malleability in one or two rounds. In: Umans [30], pp. 564–575. https://doi.org/10.1109/FOCS.2017.58

  20. Kitagawa, F., Matsuda, T., Tanaka, K.: CCA security and trapdoor functions via key-dependent-message security. In: Boldyreva and Micciancio [5], pp. 33–64. https://doi.org/10.1007/978-3-030-26954-8_2

  21. Komargodski, I., Naor, M., Yogev, E.: Collision resistant hashing for paranoids: dealing with multiple collisions. In: Nielsen and Rijmen [27], pp. 162–194. https://doi.org/10.1007/978-3-319-78375-8_6

  22. Koppula, V., Waters, B.: Realizing chosen ciphertext security generically in attribute-based encryption and predicate encryption. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 671–700. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_23

    Chapter  MATH  Google Scholar 

  23. Krawczyk, H. (ed.): CRYPTO 1998. LNCS, vol. 1462. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055715

    Book  MATH  Google Scholar 

  24. Lin, H., Pass, R., Soni, P.: Two-round and non-interactive concurrent non-malleable commitments from time-lock puzzles. In: Umans [3], pp. 576–587. https://doi.org/10.1109/FOCS.2017.59, https://ieeexplore.ieee.org/xpl/conhome/8100284/proceeding

  25. Lombardi, A., Schaeffer, L.: A note on key agreement and non-interactive commitments. Cryptology ePrint Archive, Report 2019/279 (2019). https://eprint.iacr.org/2019/279

  26. Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Ortiz, H. (ed.) Proceedings of the 22nd Annual ACM STOC, 1990, pp. 427–437. ACM (1990). https://doi.org/10.1145/100216.100273

  27. Nielsen, J.B., Rijmen, V. (eds.): EUROCRYPT 2018. LNCS, vol. 10821. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8

    Book  MATH  Google Scholar 

  28. Pass, R.: Unprovable security of perfect NIZK and non-interactive non-malleable commitments. Comput. Complex. 25(3), 607–666 (2016). https://doi.org/10.1007/s00037-016-0122-2

    Article  MathSciNet  MATH  Google Scholar 

  29. Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_35

    Chapter  Google Scholar 

  30. Umans, C. (ed.): 58th IEEE annual symposium on foundations of computer science, FOCS 2017, Berkeley, CA, USA, 15–17 October 2017. IEEE Computer Society (2017). https://ieeexplore.ieee.org/xpl/conhome/8100284/proceeding

Download references

Author information

Authors and Affiliations

  1. University of Illinois Urbana-Champaign, Champaign, USA

    Dakshita Khurana

  2. University of Texas at Austin and NTT Research, Austin, USA

    Brent Waters

Authors
  1. Dakshita Khurana
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Brent Waters
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dakshita Khurana .

Editor information

Editors and Affiliations

  1. Texas A&M University, College Station, TX, USA

    Juan A. Garay

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Khurana, D., Waters, B. (2021). On the CCA Compatibility of Public-Key Infrastructure. In: Garay, J.A. (eds) Public-Key Cryptography – PKC 2021. PKC 2021. Lecture Notes in Computer Science(), vol 12711. Springer, Cham. https://doi.org/10.1007/978-3-030-75248-4_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-75248-4_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-75247-7

  • Online ISBN: 978-3-030-75248-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation