TY - GEN
T1 - On the CCA Compatibility of Public-Key Infrastructure
AU - Khurana, Dakshita
AU - Waters, Brent
N1 - Publisher Copyright:
© 2021, International Association for Cryptologic Research.
PY - 2021
Y1 - 2021
N2 - In this work, we put forth the notion of compatibility of any key generation or setup algorithm. We focus on the specific case of encryption, and say that a key generation algorithm KeyGen is X-compatible (for X∈ { CPA, CCA1, CCA2} ) if there exist encryption and decryption algorithms that together with KeyGen, result in an X -secure public-key encryption scheme. We study the following question: Is every CPA-compatible key generation algorithm also CCA-compatible? We obtain the following answers: Every sub-exponentially CPA-compatible KeyGen algorithm is CCA1-compatible, assuming the existence of hinting PRGs and sub-exponentially secure keyless collision resistant hash functions.Every sub-exponentially CPA-compatible KeyGen algorithm is also CCA2-compatible, assuming the existence of non-interactive CCA2 secure commitments, in addition to sub-exponential security of the assumptions listed in the previous bullet. Here, sub-exponentially CPA-compatible KeyGen refers to any key generation algorithm for which there exist encryption and decryption algorithms that result in a CPA -secure public-key encryption scheme against sub-exponential adversaries. This gives a way to perform CCA secure encryption given any public key infrastructure that has been established with only (sub-exponential) CPA security in mind. The resulting CCA encryption makes black-box use of the CPA scheme and all other underlying primitives.
AB - In this work, we put forth the notion of compatibility of any key generation or setup algorithm. We focus on the specific case of encryption, and say that a key generation algorithm KeyGen is X-compatible (for X∈ { CPA, CCA1, CCA2} ) if there exist encryption and decryption algorithms that together with KeyGen, result in an X -secure public-key encryption scheme. We study the following question: Is every CPA-compatible key generation algorithm also CCA-compatible? We obtain the following answers: Every sub-exponentially CPA-compatible KeyGen algorithm is CCA1-compatible, assuming the existence of hinting PRGs and sub-exponentially secure keyless collision resistant hash functions.Every sub-exponentially CPA-compatible KeyGen algorithm is also CCA2-compatible, assuming the existence of non-interactive CCA2 secure commitments, in addition to sub-exponential security of the assumptions listed in the previous bullet. Here, sub-exponentially CPA-compatible KeyGen refers to any key generation algorithm for which there exist encryption and decryption algorithms that result in a CPA -secure public-key encryption scheme against sub-exponential adversaries. This gives a way to perform CCA secure encryption given any public key infrastructure that has been established with only (sub-exponential) CPA security in mind. The resulting CCA encryption makes black-box use of the CPA scheme and all other underlying primitives.
UR - http://www.scopus.com/inward/record.url?scp=85106400231&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85106400231&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-75248-4_9
DO - 10.1007/978-3-030-75248-4_9
M3 - Conference contribution
AN - SCOPUS:85106400231
SN - 9783030752477
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 235
EP - 260
BT - Public-Key Cryptography – PKC 2021 - 24th IACR International Conference on Practice and Theory of Public Key Cryptography, 2021, Proceedings
A2 - Garay, Juan A.
PB - Springer
T2 - 24th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC 2021
Y2 - 10 May 2021 through 13 May 2021
ER -