Rerandomizable RCCA encryption

Manoj Prabhakaran, Mike Rosulek

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We give the first perfectly rerandomizable, Replayable-CCA (RCCA) secure encryption scheme, positively answering an open problem of Canetti et al. (CRYPTO 2003). Our encryption scheme, which we call the Double-strand Cramer-Shoup scheme, is a non-trivial extension of the popular Cramer-Shoup encryption. Its security is based on the standard DDH assumption. To justify our definitions, we define a powerful "Replayable Message Posting" functionality in the Universally Composable (UC) framework, and show that any encryption scheme that satisfies our definitions of rerandomizability and RCCA security is a UC-secure implementation of this functionality. Finally, we enhance the notion of rerandomizable RCCA security by adding a receiver-anonymity (or keyprivacy) requirement, and show that it results in a correspondingly enhanced UC functionality. We leave open the problem of constructing a scheme achieving this enhancement.

Original languageEnglish (US)
Title of host publicationAdvances in Cryptology - CRYPTO 2007 - 27th Annual International Cryptology Conference, Proceedings
PublisherSpringer
Pages517-534
Number of pages18
ISBN (Print)9783540741428
DOIs
StatePublished - 2007
Externally publishedYes
Event27th Annual International Cryptology Conference, CRYPTO 2007 - Santa Barbara, CA, United States
Duration: Aug 19 2007Aug 23 2007

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4622 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other27th Annual International Cryptology Conference, CRYPTO 2007
Country/TerritoryUnited States
CitySanta Barbara, CA
Period8/19/078/23/07

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Rerandomizable RCCA encryption'. Together they form a unique fingerprint.

Cite this