Abstract
In this work, we put forth the notion of compatibility of any key generation or setup algorithm. We focus on the specific case of encryption, and say that a key generation algorithm \(\mathsf {KeyGen}\) is \(\mathsf {X}\text {-compatible}\) (for \(\mathsf {X} \in \{\mathsf {CPA},\mathsf {CCA1},\mathsf {CCA2}\}\)) if there exist encryption and decryption algorithms that together with \(\mathsf {KeyGen}\), result in an \(\mathsf {X}\)-secure public-key encryption scheme.
We study the following question: Is every \(\mathsf {CPA}\text {-compatible}\) key generation algorithm also \(\mathsf {CCA}\text {-compatible}\)? We obtain the following answers:
-
Every sub-exponentially \(\mathsf {CPA}\text {-compatible}\) \(\mathsf {KeyGen}\) algorithm is \(\mathsf {CCA1}\text {-compatible}\), assuming the existence of hinting PRGs and sub-exponentially secure keyless collision resistant hash functions.
-
Every sub-exponentially \(\mathsf {CPA}\text {-compatible}\) \(\mathsf {KeyGen}\) algorithm is also \(\mathsf {CCA2}\text {-compatible}\), assuming the existence of non-interactive CCA2 secure commitments, in addition to sub-exponential security of the assumptions listed in the previous bullet.
Here, sub-exponentially \(\mathsf {CPA}\text {-compatible}\) \(\mathsf {KeyGen}\) refers to any key generation algorithm for which there exist encryption and decryption algorithms that result in a \(\mathsf {CPA}\)-secure public-key encryption scheme against sub-exponential adversaries.
This gives a way to perform CCA secure encryption given any public key infrastructure that has been established with only (sub-exponential) CPA security in mind. The resulting CCA encryption makes black-box use of the CPA scheme and all other underlying primitives.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The choice of \(2^{2^{{\kappa }}}\) is somewhat arbitrary as the condition is in place so that the game is well defined on all P.
- 2.
For ease of exposition we assume that \(\ell \) coins are both used for encryption with security parameter \({\kappa }\) as well as a commitment with security parameter \({\kappa '}\). In practice if one is less than then other the extraneous bits can be truncated.
References
Berman, I., Degwekar, A., Rothblum, R.D., Vasudevan, P.N.: Multi-collision resistant hash functions and their applications. In: Nielsen and Rijmen [27], pp. 133–161, https://doi.org/10.1007/978-3-319-78375-8_5
Bitansky, N., Kalai, Y.T., Paneth, O.: Multi-collision resistance: a paradigm for keyless hash functions. In: Diakonikolas, I., Kempe, D., Henzinger, M. (eds.) Proceedings of the 50th Annual ACM SIGACT STOC 2018, Los Angeles, CA, USA, June 25–29, 2018, pp. 671–684. ACM (2018). https://doi.org/10.1145/3188745.3188870
Bitansky, N., Lin, H.: One-message zero knowledge and non-malleable commitments. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11239, pp. 209–234. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03807-6_8
Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk [23], pp. 1–12. https://doi.org/10.1007/BFb0055716
Boldyreva, A., Micciancio, D. (eds.): CRYPTO 2019. LNCS, vol. 11694. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8
Canetti, R., Lin, H., Pass, R.: Adaptive hardness and composable security in the plain model from standard assumptions. In: Proceedings of the 51th Annual IEEE Symposium on Foundations of Computer Science. FOCS 2010, pp. 541–550 (2010)
Castryck, W., Sotáková, J., Vercauteren, F.: Breaking the decisional diffie-hellman problem for class group actions using genus theory. Cryptology ePrint Archive, Report 2020/151 (2020). https://eprint.iacr.org/2020/151
Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk [23], pp. 13–25. https://doi.org/10.1007/BFb0055717
Crescenzo, G.D., Ishai, Y., Ostrovsky, R.: Non-interactive and non-malleable commitment. In: Proceedings of the Thirtieth Annual ACM STOC, Dallas, Texas, USA, 23–26 May 1998, pp. 141–150 (1998). https://doi.org/10.1145/276698.276722, http://doi.acm.org/10.1145/276698.276722
Damgård, I.B., Pedersen, T.P., Pfitzmann, B.: On the existence of statistically hiding bit commitment schemes and fail-stop signatures. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 250–265. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_22
Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000). https://doi.org/10.1137/S0097539795291562
Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptology 26(1), 80–101 (2013). https://doi.org/10.1007/s00145-011-9114-1
Garg, R., Khurana, D., Lu, G., Waters, B.: Black-box non-interactive non-malleable commitments. Manuscript (2020)
Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) Symposium on Theory of Computing Conference, STOC 2013, Palo Alto, CA, USA, 1–4 June 2013.,pp. 467–476. ACM (2013). https://doi.org/10.1145/2488608.2488667
Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984). https://doi.org/10.1016/0022-0000(84)90070-9
Halevi, S., Micali, S.: Practical and provably-secure commitment schemes from collision-free hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 201–215. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_16
Jakobsen, J., Orlandi, C.: On the CCA (in)security of mtproto. In: Proc. of the 6th Workshop on Security and Privacy in Smartphones Mobile Devices, SPSM@CCS 2016, pp. 113–116 (2016). http://dl.acm.org/citation.cfm?id=2994468
Kalai, Y.T., Khurana, D.: Non-interactive non-malleability from quantum supremacy. In: Boldyreva and Micciancio [5], pp. 552–582. https://doi.org/10.1007/978-3-030-26954-8_18
Khurana, D., Sahai, A.: How to achieve non-malleability in one or two rounds. In: Umans [30], pp. 564–575. https://doi.org/10.1109/FOCS.2017.58
Kitagawa, F., Matsuda, T., Tanaka, K.: CCA security and trapdoor functions via key-dependent-message security. In: Boldyreva and Micciancio [5], pp. 33–64. https://doi.org/10.1007/978-3-030-26954-8_2
Komargodski, I., Naor, M., Yogev, E.: Collision resistant hashing for paranoids: dealing with multiple collisions. In: Nielsen and Rijmen [27], pp. 162–194. https://doi.org/10.1007/978-3-319-78375-8_6
Koppula, V., Waters, B.: Realizing chosen ciphertext security generically in attribute-based encryption and predicate encryption. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 671–700. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_23
Krawczyk, H. (ed.): CRYPTO 1998. LNCS, vol. 1462. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055715
Lin, H., Pass, R., Soni, P.: Two-round and non-interactive concurrent non-malleable commitments from time-lock puzzles. In: Umans [3], pp. 576–587. https://doi.org/10.1109/FOCS.2017.59, https://ieeexplore.ieee.org/xpl/conhome/8100284/proceeding
Lombardi, A., Schaeffer, L.: A note on key agreement and non-interactive commitments. Cryptology ePrint Archive, Report 2019/279 (2019). https://eprint.iacr.org/2019/279
Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Ortiz, H. (ed.) Proceedings of the 22nd Annual ACM STOC, 1990, pp. 427–437. ACM (1990). https://doi.org/10.1145/100216.100273
Nielsen, J.B., Rijmen, V. (eds.): EUROCRYPT 2018. LNCS, vol. 10821. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8
Pass, R.: Unprovable security of perfect NIZK and non-interactive non-malleable commitments. Comput. Complex. 25(3), 607–666 (2016). https://doi.org/10.1007/s00037-016-0122-2
Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_35
Umans, C. (ed.): 58th IEEE annual symposium on foundations of computer science, FOCS 2017, Berkeley, CA, USA, 15–17 October 2017. IEEE Computer Society (2017). https://ieeexplore.ieee.org/xpl/conhome/8100284/proceeding
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Khurana, D., Waters, B. (2021). On the CCA Compatibility of Public-Key Infrastructure. In: Garay, J.A. (eds) Public-Key Cryptography – PKC 2021. PKC 2021. Lecture Notes in Computer Science(), vol 12711. Springer, Cham. https://doi.org/10.1007/978-3-030-75248-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-75248-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-75247-7
Online ISBN: 978-3-030-75248-4
eBook Packages: Computer ScienceComputer Science (R0)