How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
How to construct random functions
Journal of the ACM (JACM)
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
Soundness in the Public-Key Model
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Identity-Based Encryption from the Weil Pairing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Unique Signatures and Verifiable Random Functions from the DH-DDH Separation
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Efficient Construction of (Distributed) Verifiable Random Functions
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
SIAM Journal on Computing
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Weak Verifiable Random Functions
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Verifiable Random Functions from Identity-Based Key Encapsulation
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Breaking and Repairing Damgård et al. Public Key Encryption Scheme with Non-interactive Opening
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Compact E-Cash and Simulatable VRFs Revisited
Pairing '09 Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography
Two-tier signatures, strongly unforgeable signatures, and Fiat-Shamir without random oracles
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Public-key encryption with non-interactive opening
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Sponge-based pseudo-random number generators
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Group signature implies PKE with non-interactive opening and threshold PKE
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
On black-box separations among injective one-way functions
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Updatable zero-knowledge databases
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
A verifiable random function with short proofs and keys
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Improved efficiency for CCA-secure cryptosystems built using identity-based encryption
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Foundations of group signatures: the case of dynamic groups
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Keyword search and oblivious pseudorandom functions
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Constructing verifiable random functions with large input spaces
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Public-key encryption with non-interactive opening: new constructions and stronger definitions
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Efficient CCA-Secure PKE from identity-based techniques
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
On the security of IV dependent stream ciphers
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
| Hi-index | 0.00 |
Let a sender Alice computes a ciphertext C of a message M by using a receiver Bob's public key pkB. Damgård, Hofheinz, Kiltz, and Thorbek (CT-RSA2008) has proposed the notion public key encryption with non-interactive opening (PKENO), where Bob can make an noninteractive proof π that proves the decryption result of C under skB is M, without revealing skB itself. When Bob would like to prove the correctness of (C,M) (e.g., the information M sent to Bob is not the expected one), PKENO turns out to be an effective cryptographic primitive. A PKENO scheme for the KEM/DEM framework has also been proposed by Galindo (CT-RSA2009). Bob can make a noninteractive proof π that proves the decapsulation result of C under skB is K without revealing skB itself, where K is an encapsulation key of the DEM part. That is, no verifier can verify π without knowing K. This setting is acceptable if K is an ephemeral value. However, PKENO is not applicable if an encryption key is shared among certain users beforehand, and is used for a relatively long period before re-running the key agreement protocol, such as symmetric cryptosystems. In this paper, we define the notion secret key encryption with non-interactive opening (SKENO), and give a generic construction of SKENO from verifiable random function (VRF) and the Berbain-Gilbert IV-dependent stream cipher construction (FSE2007). Bob can make a non-interactive proof π that proves the decryption result of C under K is M, without revealing K itself.