On the security of public key cryptosystems with a double decryption mechanism

Authors:
David Galindo;Javier Herranz
Affiliations:
Computer Science Department, University of Malaga, Spain;IIIA---Artificial Intelligence Research Institute, CSIC---Spanish National Research Council, Bellaterra, Spain
Venue:
Information Processing Letters
Year:
2008

Citing 8
Cited 1

Identity-based cryptosystems and signature schemes

Proceedings of CRYPTO 84 on Advances in cryptology
Public-key cryptosystems provably secure against chosen ciphertext attacks

STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Identity-Based Encryption from the Weil Pairing

SIAM Journal on Computing
On the Power of Misbehaving Adversaries and Security Analysis of the Original EPOC

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
An efficient public key cryptosystem with a privacy enhanced double decryption mechanism

SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography

Additively homomorphic encryption with a double decryption mechanism, revisited

ISC'12 Proceedings of the 15th international conference on Information Security

Quantified Score

Hi-index	0.89

Visualization

Abstract

In public key encryption schemes with a double decryption mechanism (DD-PKE), decryption can be done in either of two ways: by the user owning the secret/public key pair corresponding to the ciphertext, or by a trusted party holding a sort of master secret-key. In this note we argue that the classical security notion for standard public key encryption schemes does not suffice for DD-PKE schemes, and propose a new natural definition. Additionally, we illustrate the usefulness of the new security definition by showing that a DD-PKE scheme presented in the workshop Selected Areas in Cryptography 2005 is insecure under this augmented security notion.