Skip to main content
Springer Nature Link
Log in

Chosen-Ciphertext Secure Dual-Receiver Encryption in the Standard Model Based on Post-quantum Assumptions

  • Conference paper
  • First Online:
Public-Key Cryptography – PKC 2024 (PKC 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14604))

Included in the following conference series:

  • 482 Accesses

Abstract

Dual-receiver encryption (DRE) is a special form of public key encryption (PKE) that allows a sender to encrypt a message for two recipients. Without further properties, the difference between DRE and PKE is only syntactical. One such important property is soundness, which requires that no ciphertext can be constructed such that the recipients decrypt to different plaintexts. Many applications rely on this property in order to realize more complex protocols or primitives. In addition, many of these applications explicitly avoid the usage of the random oracle, which poses an additional requirement on a DRE construction. We show that all of the IND-CCA2 secure standard model DRE constructions based on post-quantum assumptions fall short of augmenting the constructions with soundness and describe attacks thereon.

We then give an overview over all applications of IND-CCA2 secure DRE, group them into generic (i. e., applications using DRE as black-box) and non-generic applications and demonstrate that all generic ones require either soundness or public verifiability.

Conclusively, we identify the gap of sound and IND-CCA2 secure DRE constructions based on post-quantum assumptions in the standard model. In order to fill this gap we provide two IND-CCA2 secure DRE constructions based on the standard post-quantum assumptions, Normal Form Learning With Errors (NLWE) and Learning Parity with Noise (LPN).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    A \(\texttt {FRD}\) is a function \(\texttt {FRD}: \mathbb {Z}_q^n \rightarrow \mathbb {Z}_q^{n \times n}\) such that for any \(x,y \in \mathbb {Z}_q^n, x \ne y\) we have \(\texttt {FRD}(x) - \texttt {FRD}(y)\) is invertible over \(\mathbb {Z}_q^{n \times n}\). See the work of Agrawal, Boneh, and Boyen [2] for an example of such functions.

  2. 2.

    Notice that \(Q_2\) in [11, Lemma 4] is not needed: The reduction algorithm \(\mathcal {B}_1\) always wins if a collision occurs.

  3. 3.

    See for example [54, Lemma 6].

  4. 4.

    See for example [25, Lemma 3.2].

  5. 5.

    As \(\textbf{c}_0^*\) is calculated after \(\textbf{A}^i\) is generated but before \(\textbf{A}_1^i\) is generated, it can be used to calculate \(\textbf{A}_1^i\).

  6. 6.

    Notice that this is actually an \(\text {LPN}_{n,2m,p}\) sample.

References

  1. Abe, M., Gennaro, R., Kurosawa, K.: Tag-KEM/DEM: A New Framework for Hybrid Encryption, Cryptology ePrint Archive, Report 2005/027 (2017). https://eprint.iacr.org/2005/027

  2. Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 553–572. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_28

    Chapter  Google Scholar 

  3. Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595–618. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_35

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053428

    Chapter  Google Scholar 

  5. Benz, L., Beskorovajnov, W., Eilebrecht, S., Müller-Quade, J., Ottenhues, A., Schwerdt, R.: Sender-binding Key Encapsulation. In: Boldyreva, A., Kolesnikov, V. (eds.) PKC 2023, Part I. LNCS, vol. 13940, pp. 744–773. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-31368-4_26

    Chapter  Google Scholar 

  6. Bert, P., Eberhart, G., Prabel, L., Roux-Langlois, A., Sabt, M.: Implementation of lattice trapdoors on modules and applications. In: Cheon, J.H., Tillich, J.-P. (eds.) PQCrypto 2021 2021. LNCS, vol. 12841, pp. 195–214. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81293-5_11

    Chapter  Google Scholar 

  7. Bert, P., Fouque, P.-A., Roux-Langlois, A., Sabt, M.: Practical implementation of ring-SIS/LWE based signature and IBE. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 271–291. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-79063-3_13

    Chapter  Google Scholar 

  8. Beskorovajnov, W., Gröll, R., Müller-Quade, J., Ottenhues, A., Schwerdt, R.: A new security notion for PKC in the standard model: weaker, simpler, and still realizing secure channels. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) PKC 2022. LNCS, vol. 13178, pp. 316–344. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-030-97131-1_11

    Chapter  Google Scholar 

  9. Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054122

    Chapter  Google Scholar 

  10. Boneh, D., Kim, S., Nikolaenko, V.: Lattice-based DAPS and generalizations: self-enforcement in signature schemes. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 457–477. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_23

    Chapter  Google Scholar 

  11. Boyen, X., Izabachène, M., Li, Q.: Secure hybrid encryption in the standard model from hard learning problems. In: Cheon, J.H., Tillich, J.-P. (eds.) PQCrypto 2021 2021. LNCS, vol. 12841, pp. 399–418. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81293-5_21

    Chapter  Google Scholar 

  12. Purushothama, B.R., Amberker, B.: Secure group key management scheme based on dual receiver cryptosystem. In: AsiaPKC 2013, pp. 45-50. ACM Press (2013). https://doi.org/10.1145/2484389.2484399

  13. Brakerski, Z., Vaikuntanathan, V.: Lattice-Inspired Broadcast Encryption and Succinct Ciphertext-Policy ABE, Cryptology ePrint Archive, Report 2020/191 (2020). https://eprint.iacr.org/2020/191

  14. Brendel, J., Fiedler, R., Günther, F., Janson, C., Stebila, D.: Post-quantum asynchronous deniable key exchange and the signal handshake. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) PKC 2022, Part II. LNCS, vol. 13178, pp. 3–34. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-97131-1_1

    Chapter  Google Scholar 

  15. Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_4

    Chapter  Google Scholar 

  16. Canetti, R., Feige, R., Goldreich, O., Naor, M.: Adaptively secure multi-party computation. In: 28th ACM STOC, pp. 639–648. ACM Press (1996). https://doi.org/10.1145/237814.238015

  17. Canetti, R., Krawczyk, H., Nielsen, J.B.: Relaxing chosen-ciphertext security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 565–582. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_33

    Chapter  Google Scholar 

  18. Chow, S.S.M., Franklin, M., Zhang, H.: Practical dual-receiver encryption. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 85–105. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-04852-9_5

    Chapter  Google Scholar 

  19. Crescenzo, G.D., Ishai, Y., Ostrovsky, R.: Non-interactive and non-malleable commitment. In: 30th ACM STOC, pp. 141–150. ACM Press (1998). https://doi.org/10.1145/276698.276722

  20. Damgård, I., Hofheinz, D., Kiltz, E., Thorbek, R.: Public-key encryption with non-interactive opening. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 239–255. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79263-5_15

    Chapter  Google Scholar 

  21. Diament, T., Lee, H.K., Keromytis, A.D., Yung, M.: The efficient dual receiver cryptosystem and its applications. Int. J. Network Secur. 13(3), 135–151 (2011). https://doi.org/10.7916/D81R7100

    Article  Google Scholar 

  22. Diament, T., Lee, H.K., Keromytis, A.D., Yung, M.: The dual receiver cryptosystem and its applications. In: Atluri, V., Pfitzmann, B., McDaniel, P. (eds.) ACM CCS 2004, pp. 330–343. ACM Press (2004). https://doi.org/10.1145/1030083.1030128

  23. Dodis, Y., Katz, J., Smith, A., Walfish, S.: Composability and on-line deniability of authentication. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 146–162. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_10

    Chapter  Google Scholar 

  24. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983). https://doi.org/10.1109/TIT.1983.1056650

    Article  MathSciNet  Google Scholar 

  25. Döttling, N.: Cryptography based on the Hardness of Decoding. Ph.D. thesis, Karlsruhe, Karlsruher Institut für Technologie (KIT), Diss., 2014 (2014)

    Google Scholar 

  26. Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. J. ACM 51(6), 851–898 (2004). https://doi.org/10.1145/1039488.1039489

    Article  MathSciNet  Google Scholar 

  27. Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_40

    Chapter  Google Scholar 

  28. Fischlin, M.: Completely non-malleable schemes. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 779–790. Springer, Heidelberg (2005). https://doi.org/10.1007/11523468_63

    Chapter  Google Scholar 

  29. Ge, A., Wei, P.: Identity-based broadcast encryption with efficient revocation. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11442, pp. 405–435. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17253-4_14

    Chapter  Google Scholar 

  30. Gegier, K.: On Novel Constructions of Dual Receiver Key Encapsulation Mechanisms Based on Deterministic Encryption. M.A. thesis, Karlsruhe Institute of Technology (KIT) (2020)

    Google Scholar 

  31. Herzog, J., Liskov, M., Micali, S.: Plaintext awareness via key registration. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 548–564. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_32

    Chapter  Google Scholar 

  32. Jinman, Z., Qin, C.: Hierarchical identity-based broadcast encryption scheme on lattices. In: 2011 Seventh International Conference on Computational Intelligence and Security, pp. 944–948. IEEE (2011). https://doi.org/10.1109/CIS.2011.212

  33. Justesen, J.: Class of constructive asymptotically good algebraic codes. IEEE Trans. Inf. Theory 18(5), 652–656 (1972). https://doi.org/10.1109/TIT.1972.1054893

    Article  MathSciNet  Google Scholar 

  34. Kiltz, E., Masny, D., Pietrzak, K.: Simple chosen-ciphertext security from low-noise LPN. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 1–18. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54631-0_1

    Chapter  Google Scholar 

  35. Libert, B., Paterson, K.G., Quaglia, E.A.: Anonymous broadcast encryption: adaptive security and efficient constructions in the standard model. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 206–224. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30057-8_13

    Chapter  Google Scholar 

  36. Liu, Y., Zhang, D., Deng, Y., Li, B.: (Identity-based) dual receiver encryption from lattice-based programmable hash functions with high min-entropy. Cybersecurity 2(1), 1–15 (2019). https://doi.org/10.1186/s42400-019-0034-y

    Article  Google Scholar 

  37. Liu, Y., Wang, L., Shen, X., Li, L.: New constructions of identity-based dual receiver encryption from lattices. Entropy 22(6) (2020). https://doi.org/10.3390/e22060599

  38. Ma, F., Zhandry, M.: Encryptor Combiners: A Unified Approach to Multiparty NIKE, (H)IBE, and Broadcast Encryption, Cryptology ePrint Archive, Report 2017/152 (2017). https://eprint.iacr.org/2017/152

  39. Mambo, M., Okamoto, E.: Proxy cryptosystems: delegation of the power to decrypt ciphertexts. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 80(1), 54–63 (1997)

    Google Scholar 

  40. Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48

    Chapter  Google Scholar 

  41. Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_41

    Chapter  Google Scholar 

  42. Müller, M.: On the Applicability of Dual-Receiver Encryption in a Post-Quantum World. M.A. thesis, Karlsruhe Institute of Technology (KIT) (2021)

    Google Scholar 

  43. Noh, G., Hong, D., Kwon, J.O., Jeong, I.R.: A strong binding encryption scheme from lattices for secret broadcast. IEEE Commun. Lett. 16(6), 781–784 (2012). https://doi.org/10.1109/LCOMM.2012.041112.112495

    Article  Google Scholar 

  44. Patil, S.M., BR, P.: DR-PRE: dual receiver proxy re-encryption scheme. Inf. Secur. J. Global Perspective 29(2), 62–72 (2020). https://doi.org/10.1080/19393555.2020.1715515

  45. Rosen, A., Segev, G.: Chosen-ciphertext security via correlated products. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 419–436. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00457-5_25

    Chapter  Google Scholar 

  46. Suzuki, K., Yoneyama, K.: Exposure-resilient one-round tripartite key exchange without random oracles. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 458–474. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38980-1_29

    Chapter  Google Scholar 

  47. Unger, N., Goldberg, I.: Improved strongly deniable authenticated key exchanges for secure messaging. PoPETs 2018(1), 21–66 (2018). https://doi.org/10.1515/popets-2018-0003

    Article  Google Scholar 

  48. Wang, J., Bi, J.: Lattice-Based Identity-Based Broadcast Encryption, IACR ePrint Archive, Report 2010/288 (2010). https://eprint.iacr.org/2010/288

  49. Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. IEEE/ACM Trans. Networking 8(1), 16–30 (2000). https://doi.org/10.1109/90.836475

    Article  Google Scholar 

  50. Yamada, S.: Adaptively secure identity-based encryption from lattices with asymptotically shorter public parameters. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 32–62. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_2

    Chapter  Google Scholar 

  51. Yang, C., Zheng, S., Wang, L., Lu, X., Yang, Y.: Hierarchical identity-based broadcast encryption scheme from LWE. J. Commun. Networks 16(3), 258–263 (2014). https://doi.org/10.1109/JCN.2014.000045

    Article  Google Scholar 

  52. Yang, G., Tan, C.H., Huang, Q., Wong, D.S.: Probabilistic public key encryption with equality test. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 119–131. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11925-5_9

    Chapter  Google Scholar 

  53. Zhang, D., Zhang, K., Li, B., Lu, X., Xue, H., Li, J.: Lattice-based dual receiver encryption and more. In: Susilo, W., Yang, G. (eds.) ACISP 2018. LNCS, vol. 10946, pp. 520–538. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93638-3_30

    Chapter  Google Scholar 

  54. Zhang, J., Yu, Y., Fan, S., Zhang, Z.: Improved lattice-based CCA2-secure PKE in the standard model. Sci. Chin. Inf. Sci. 63(182101), 1–22 (2020). https://doi.org/10.1007/s11432-019-9861-3

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgements

We thank the PKC 2024 anonymous reviewers for their valuable feedback. The work presented in this paper has been supported by Helmholtz Information, Program “Engineering Digital Futures”, Topic “Engineering secure Systems”.

Author information

Authors and Affiliations

  1. FZI Research Center for Information Technology, Karlsruhe, Germany

    Wasilij Beskorovajnov, Sarai Eilebrecht, Roland Gröll & Maximilian Müller

  2. Karlsruhe Institute of Technology, Karlsruhe, Germany

    Laurin Benz & Jörn Müller-Quade

  3. KASTEL Security Research Labs, Karlsruhe, Germany

    Laurin Benz & Jörn Müller-Quade

Authors
  1. Laurin Benz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wasilij Beskorovajnov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sarai Eilebrecht
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Roland Gröll
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Maximilian Müller
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jörn Müller-Quade
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Laurin Benz .

Editor information

Editors and Affiliations

  1. The University of Sydney, Sydney, NSW, Australia

    Qiang Tang

  2. The Australian National University, Acton, ACT, Australia

    Vanessa Teague

Rights and permissions

Reprints and permissions

Copyright information

© 2024 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Benz, L., Beskorovajnov, W., Eilebrecht, S., Gröll, R., Müller, M., Müller-Quade, J. (2024). Chosen-Ciphertext Secure Dual-Receiver Encryption in the Standard Model Based on Post-quantum Assumptions. In: Tang, Q., Teague, V. (eds) Public-Key Cryptography – PKC 2024. PKC 2024. Lecture Notes in Computer Science, vol 14604. Springer, Cham. https://doi.org/10.1007/978-3-031-57728-4_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-57728-4_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-57727-7

  • Online ISBN: 978-3-031-57728-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships