Non-interactive Opening for Ciphertexts Encrypted by Shared Keys
スポンサーリンク
概要
- 論文の詳細を見る
Let a sender Alice computes a ciphertext C of a message M by using a receiver Bob’s public key pk B . Damgård, Hofheinz, Kiltz, and Thorbek (CT-RSA2008) has proposed the notion public key encryption with non-interactive opening (PKENO), where Bob can make an non-interactive proof π that proves the decryption result of C under sk B is M, without revealing sk B itself. When Bob would like to prove the correctness of (C, M) (e.g., the information M sent to Bob is not the expected one), PKENO turns out to be an effective cryptographic primitive. A PKENO scheme for the KEM/DEM framework has also been proposed by Galindo (CT-RSA2009). Bob can make a non-interactive proof π that proves the decapsulation result of C under sk B is K without revealing sk B itself, where K is an encapsulation key of the DEM part. That is, no verifier can verify π without knowing K. This setting is acceptable if K is an ephemeral value. However, PKENO is not applicable if an encryption key is shared among certain users beforehand, and is used for a relatively long period before re-running the key agreement protocol, such as symmetric cryptosystems. In this paper, we define the notion secret key encryption with non-interactive opening (SKENO), and give a generic construction of SKENO from verifiable random function (VRF) and the Berbain-Gilbert IV-dependent stream cipher construction (FSE2007). Bob can make a non-interactive proof π that proves the decryption result of C under K is M, without revealing K itself.
- 2011-11-01
論文 | ランダム
- 選ばれし 友はきぼうと 大空へ(2)スペースシャトル ディスカバリー号(STS-124)打ち上げ見学
- 出会いから生まれた人間の絆 (特集 『にんげん』をひきつぐ出逢いとひろがりと……--にんげんセミナー2008 報告) -- (分科会A 人間の絆--中学生用「ひと きぼう」所収教材を小学校で実践--二〇〇八年にんげんセミナー実行委員会より)
- 分科会A 人間の絆--中学生用「ひと きぼう」所収教材を小学校で実践--二〇〇八年にんげんセミナー実行委員会より (特集 『にんげん』をひきつぐ出逢いとひろがりと……--にんげんセミナー2008 報告)
- 特集 動きはじめた「きぼう」
- 慢性呼吸器疾患の温泉療法 ―1988年度入院症例を対象に―