Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Secure Integration of Asymmetric and Symmetric Encryption Schemes
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Time-lock Puzzles and Timed-release Crypto
Time-lock Puzzles and Timed-release Crypto
Fujisaki–Okamoto hybrid encryption revisited
International Journal of Information Security - Special issue on SC 2003
Conditional oblivious transfer and timed-release encryption
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Public-key encryption in a multi-user setting: security proofs and improvements
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Timed release of standard digital signatures
FC'02 Proceedings of the 6th international conference on Financial cryptography
Token-controlled public key encryption
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Timed-Release Encryption Revisited
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Token-controlled public key encryption in the standard model
ISC'07 Proceedings of the 10th international conference on Information Security
Hi-index | 0.00 |
Token-controlled public key encryption (TCPKE) schemes, introduced in [1], offer many possibilities of application in financial or legal scenarios. Roughly speaking, in a TCPKE scheme messages are encrypted by using a public key together with a secret token, in such a way that the receiver is not able to decrypt this ciphertext until the token is published or released. The communication overhead for releasing the token is small in comparison with the ciphertext size. However, the fact that the same ciphertext could decrypt to different messages under different tokens was not addressed in the original work. In our opinion this is an essential security property that limits the use of this primitive in practice. In this work, we formalize this natural security goal and show that the schemes in [1]are insecure under this notion. In the second place, we propose a very simple and efficient generic construction of TCPKE schemes, starting from any trapdoor partial one-way function. This construction is obtained from a slight but powerful modification of the celebrated Fujisaki-Okamoto transformation [7]. We prove that the resulting schemes satisfy all the required security properties, in the random oracle model. Previous to this work, only particular instantiations of TCPKE schemes were proposed.