Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Key-Privacy in Public-Key Encryption
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Receiver anonymity via incomparable public keys
Proceedings of the 10th ACM conference on Computer and communications security
Secure public-key encryption scheme without random oracles
Information Sciences: an International Journal
Cryptographic primitives enforcing communication and storage complexity
FC'02 Proceedings of the 6th international conference on Financial cryptography
One-time encryption-key technique for the traditional DL-based encryption scheme with anonymity
Information Sciences: an International Journal
A new security proof for damgård’s elgamal
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Hi-index | 0.07 |
Public keys are closely related to the identity of recipients in public key encryption setting. In privacy-sensitive applications of public key encryption, it is desirable to hide the relation between the public key and the identity of the recipient. The main functional approach in the privacy enhanced public key encryption scheme is to give anonymity of the public keys of recipients. In this case, all the users in the system are potential recipients of every ciphertext. Waters, Felten, and Sahai proposed an incomparable public key encryption scheme which guarantees the anonymity of recipients against both eavesdroppers and senders. In their scheme, all the recipients must complete the same amount of computations to identify the ciphertexts which direct to them. In this paper, we focus on reducing the number of computations for the recipients while preserving the security level of Waters et al.'s scheme. Our method is to separate the decryption process into two steps, first the recipient determines whether a ciphertext is directed to him or her, and only if the direction is correct, the recipient recovers the corresponding plaintext. This improves the efficiency of the system.