Skip to main content

Anamorphic Encryption, Revisited

  • Conference paper
  • First Online:
Advances in Cryptology – EUROCRYPT 2024 (EUROCRYPT 2024)

Abstract

An anamorphic encryption scheme allows two parties who share a so-called double key to embed covert messages in ciphertexts of an established PKE scheme. This protects against a dictator that can force the receiver to reveal the secret keys for the PKE scheme, but who is oblivious about the existence of the double key. We identify two limitations of the original model by Persiano, Phan, and Yung (EUROCRYPT 2022). First, in their definition a double key can only be generated once, together with a key-pair. This has the drawback that a receiver who wants to use the anamorphic mode after a dictator comes to power, needs to deploy a new key-pair, a potentially suspicious act. Second, a receiver cannot distinguish whether or not a ciphertext contains a covert message.

In this work we propose a new model that overcomes these limitations. First, we allow to associate multiple double keys to a key-pair, after its deployment. This also enables deniability in case the double key only depends on the public key. Second, we propose a natural robustness notion, which guarantees that anamorphically decrypting a regularly encrypted message results in a special symbol indicating that no covert message is contained, which also eliminates certain attacks.

Finally, to instantiate our new, stronger definition of anamorphic encryption, we provide generic and concrete constructions. Concretely, we show that ElGamal and Cramer-Shoup satisfy a new condition, selective randomness recoverability, which enables robust anamorphic extensions, and we also provide a robust anamorphic extension for RSA-OAEP.

F. Banfi and G. Rito—Work done while the author was at ETH Zurich.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The original work considers a further case, the anamorphic with normal encryption or aneAME, but in our model, since the anamorphic key generation algorithm does not output a key-pair, this case is equivalent to our third case, and hence irrelevant.

  2. 2.

    We use the term distinguisher rather than adversary because the latter is more general, but our notions are all real-or-ideal.

  3. 3.

    We identify a parallel between our re-formulation and enhancement of the anamorphic model to the work of Young and Yung [37], who claimed to have done the same for universal re-encryption of Golle et al. [18].

  4. 4.

    In case of pre-computation, this is true also for the space complexity of \(\textsf{aDec}\).

  5. 5.

    In practice, the ciphertext might be a bit string, in which case we would instead have \(c=\alpha ( pk ,m,r)\Vert \beta (r)\). Moreover, note that order does not matter, so we could also have \(c=(\beta (r),\alpha ( pk ,m,r))\).

  6. 6.

    Recall that, even if we did not explicitate it here, we assume that \(\textsf{pp}\) can be obtained from both \( sk \) and \( pk \).

References

  1. Abdalla, M., Bellare, M., Neven, G.: Robust encryption. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 480–497. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11799-2_28

    Chapter  Google Scholar 

  2. Abelson, H., et al.: The risks of key recovery, key escrow, and trusted third-party encryption (1997)

    Google Scholar 

  3. Abelson, H., et al.: Keys under doormats: mandating insecurity by requiring government access to all data and communications. (July 6) 2015. Google Scholar Google Scholar Digital Library Digital Library (2015)

    Google Scholar 

  4. Banfi, F., Gegier, K., Hirt, M., Maurer, U., Rito, G.: Anamorphic encryption, revisited. Cryptology ePrint Arch. Report 2023/249 (2023), https://eprint.iacr.org/2023/249

  5. Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_33

    Chapter  Google Scholar 

  6. Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th FOCS, pp. 394–403. IEEE Computer Society Press. (1997) https://doi.org/10.1109/SFCS.1997.646128

  7. Bellare, M., Kilian, J., Rogaway, P.: The security of cipher block chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_32

    Chapter  Google Scholar 

  8. Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 1–19. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_1

    Chapter  Google Scholar 

  9. Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053428

    Chapter  Google Scholar 

  10. Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_25

    Chapter  Google Scholar 

  11. Blaze, M.: Protocol failure in the escrowed encryption standard. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S. (eds.) ACM CCS 94, pp. 59–67. ACM Press. (1994) https://doi.org/10.1145/191177.191193

  12. Canetti, R., Dwork, C., Naor, M., Ostrovsky, R.: Deniable encryption. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 90–104. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052229

    Chapter  Google Scholar 

  13. Checkoway, S., et al.: On the practical exploitability of dual EC in TLS implementations. In: Fu, K., Jung, J. (eds.) USENIX Security 2014, pp. 319–335. USENIX Association (2014)

    Google Scholar 

  14. Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055717

    Chapter  Google Scholar 

  15. Dakoff, H.S.: The clipper chip proposal: deciphering the unfounded fears that are wrongfully derailing its implementation. J. Marshall L. Rev. UIC Law Review 29(2), 475 8 (1996)

    Google Scholar 

  16. ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985). https://doi.org/10.1109/TIT.1985.1057074

    Article  MathSciNet  Google Scholar 

  17. Frankel, Y., Yung, M.: Escrow encryption systems visited: attacks, analysis and designs. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 222–235. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_18

    Chapter  Google Scholar 

  18. Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal re-encryption for mixnets. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 163–178. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24660-2_14

    Chapter  Google Scholar 

  19. Green, M., Kaptchuk, G., Van Laer, G.: Abuse resistant law enforcement access systems. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12698, pp. 553–583. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77883-5_19

    Chapter  Google Scholar 

  20. Horel, T., Park, S., Richelson, S., Vaikuntanathan, V.: How to subvert backdoored encryption: security against adversaries that decrypt all ciphertexts. In: Blum, A. (ed.) ITCS 2019, vol. 124, pp. 42:1–42:20. LIPIcs (2019) https://doi.org/10.4230/LIPIcs.ITCS.2019.42

  21. Kohlweiss, M., Maurer, U., Onete, C., Tackmann, B., Venturi, D.: Anonymity-preserving public-key encryption: a constructive approach. In: De Cristofaro, E., Wright, M. (eds.) PETS 2013. LNCS, vol. 7981, pp. 19–39. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39077-7_2

    Chapter  Google Scholar 

  22. Kutylowski, M., Persiano, G., Phan, D.H., Yung, M., Zawada, M.: The self-anti-censorship nature of encryption: on the prevalence of anamorphic cryptography. PoPETs 2023(4), 170–183 (2023)https://doi.org/10.56553/popets-2023-0104

  23. Kutylowski, M., Persiano, G., Phan, D.H., Yung, M., Zawada, M.: Anamorphic signatures: secrecy from a dictator who only permits authentication! In: CRYPTO 2023, Part II, pp. 759–790. LNCS, Springer, Heidelberg (2023).https://doi.org/10.1007/978-3-031-38545-2_25

  24. Li, C.K., Wong, D.S.: Signcryption from randomness recoverable public key encryption. Inf. Sci. 180(4), 549–559 (2010)

    Google Scholar 

  25. Micali, S.: Fair public-key cryptosystems. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 113–138. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_9

    Chapter  Google Scholar 

  26. Persiano, G., Phan, D.H., Yung, M.: Anamorphic encryption: private communication against a dictator. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022, Part II. LNCS, vol. 13276, pp. 34–63. Springer, Heidelberg (2022)https://doi.org/10.1007/978-3-031-07085-3_2

  27. Rivest, R.L., et al.: Chaffing and winnowing: confidentiality without encryption. CryptoBytes (RSA laboratories) 4(1), 12–17 (1998)

    MathSciNet  Google Scholar 

  28. Russell, A., Tang, Q., Yung, M., Zhou, H.-S.: Cliptography: clipping the power of kleptographic attacks. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 34–64. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_2

    Chapter  Google Scholar 

  29. Russell, A., Tang, Q., Yung, M., Zhou, H.S.: Generic semantic security against a kleptographic adversary. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 907–922. ACM Press (2017)https://doi.org/10.1145/3133956.3133993

  30. Simmons, G.J.: The prisoners problem and the subliminal channel. In: Chaum, D. (ed.) CRYPTO’83, pp. 51–67. Plenum Press, New York, USA (1983)

    Google Scholar 

  31. von Ahn, L., Hopper, N.J.: Public-key steganography. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 323–341. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_20

    Chapter  Google Scholar 

  32. Wang, Y., Chen, R., Huang, X., Yung, M.: Sender-anamorphic encryption reformulated: achieving robust and generic constructions. In: Guo, J., Steinfeld, R. (eds.) Advances in Cryptology – ASIACRYPT 2023, pp. 135–167. Springer Nature Singapore, Singapore (2023)https://doi.org/10.1007/978-981-99-8736-8_5

  33. Young, A., Yung, M.: The dark side of “black-box’’ cryptography or: should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_8

    Chapter  Google Scholar 

  34. Young, A., Yung, M.: The prevalence of kleptographic attacks on discrete-log based cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 264–276. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052241

    Chapter  Google Scholar 

  35. Young, A., Yung, M.: Auto-recoverable auto-certifiable cryptosystems. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 17–31. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054114

    Chapter  Google Scholar 

  36. Young, A., Yung, M.: Kleptography from standard assumptions and applications. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 271–290. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15317-4_18

    Chapter  Google Scholar 

  37. Young, A.L., Yung, M.: Semantically secure anonymity: foundations of re-encryption. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 255–273. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_14

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Fabio Banfi .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Banfi, F., Gegier, K., Hirt, M., Maurer, U., Rito, G. (2024). Anamorphic Encryption, Revisited. In: Joye, M., Leander, G. (eds) Advances in Cryptology – EUROCRYPT 2024. EUROCRYPT 2024. Lecture Notes in Computer Science, vol 14652. Springer, Cham. https://doi.org/10.1007/978-3-031-58723-8_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-58723-8_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-58722-1

  • Online ISBN: 978-3-031-58723-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics