STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
On the Security of Joint Signature and Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
A simpler construction of CCA2-secure public-key encryption under general assumptions
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Rerandomizable RCCA encryption
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Breaking four mix-related schemes based on universal re-encryption
ISC'06 Proceedings of the 9th international conference on Information Security
Computationally Sound Formalization of Rerandomizable RCCA Secure Encryption
Formal to Practical Security
| Hi-index | 0.00 |
Replayable adaptively chosen ciphertext attack (RCCA) security is a relaxation of popular adaptively chosen ciphertext attack (CCA) security for public key encryption system. Unlike CCA security, RCCA security allows modifying a ciphertext into a new ciphertext of the same message. One of the open questions is that if there exists a perfectly rerandomizable RCCA secure encryption [4]. Prabhakaran and Rosulek recently answered this question affirmatively [14]. The scheme they proposed (PR scheme for short) is composed of a double-strands Cramer-Shoup schemes that involves as many as 56 exponents in encryption and 65 exponents in decryption, and 55 exponents operations during rerandomization. We present a practical perfectly rerandomizable RCCA secure encryption system in this paper. The system constitutes of two layers of encryptions. One layer carries message, the other layer carries a random quantity used to hiding the message in previous layer. This random quantity in the encryption also works as correlation between the two parts of encryption such that they are formed in a prescribed way. The proposed construction dramatically reduces the complexities, compared with PR scheme, to 15 exponents in encryption, 6 exponents decryption as well as 16 exponents operations in rerandomization. Besides the practical feature, our scheme is also the first receiver anonymous, perfectly rerandomizable RCCA secure encryption, which settles an open question in [14]. The scheme is secure under DDH assumption.