TY - JOUR
T1 - Relations between robustness and RKA security under public-key encryption
AU - Cui, Hui
AU - Mu, Yi
AU - Au, Man Ho Allen
N1 - Publisher Copyright:
© 2016 Elsevier B.V.
PY - 2016/5/16
Y1 - 2016/5/16
N2 - We revisit the notions of robustness introduced by Abdalla, Bellare and Neven (TCC 2010), and related-key attack (RKA) security raised by Bellare, Cash and Miller (ASIACRYPT 2011). In the setting of public-key encryption (PKE), robustness means that it is hard to produce a ciphertext that is valid for two different users, while RKA security means that a PKE scheme is still secure even when an attacker can induce modifications in a decryption key, and subsequently observe the outcome of this PKE scheme under this modified key. In this paper, we explore the relationship between RKA security and various notions of robustness (weak, strong, complete, and so so). We show, there is no implication between weak (strong) robustness and RKA security while complete robustness implies RKA security but is not implied by RKA security; besides complete robustness, there exist other ROB definitions that can imply RKA security if they meet some security requirements. This result provides a different framework enabling the construction of PKE schemes that are secure under the restricted related key attacks. Also, we instantiate how a robust PKE scheme achieves RKA security, and compare it with other existing ways of achieving RKA security in public-key setting.
AB - We revisit the notions of robustness introduced by Abdalla, Bellare and Neven (TCC 2010), and related-key attack (RKA) security raised by Bellare, Cash and Miller (ASIACRYPT 2011). In the setting of public-key encryption (PKE), robustness means that it is hard to produce a ciphertext that is valid for two different users, while RKA security means that a PKE scheme is still secure even when an attacker can induce modifications in a decryption key, and subsequently observe the outcome of this PKE scheme under this modified key. In this paper, we explore the relationship between RKA security and various notions of robustness (weak, strong, complete, and so so). We show, there is no implication between weak (strong) robustness and RKA security while complete robustness implies RKA security but is not implied by RKA security; besides complete robustness, there exist other ROB definitions that can imply RKA security if they meet some security requirements. This result provides a different framework enabling the construction of PKE schemes that are secure under the restricted related key attacks. Also, we instantiate how a robust PKE scheme achieves RKA security, and compare it with other existing ways of achieving RKA security in public-key setting.
KW - Public-key encryption
KW - Related-key attack
KW - Robustness
UR - http://www.scopus.com/inward/record.url?scp=84977931698&partnerID=8YFLogxK
U2 - 10.1016/j.tcs.2016.03.015
DO - 10.1016/j.tcs.2016.03.015
M3 - Article
AN - SCOPUS:84977931698
SN - 0304-3975
VL - 628
SP - 78
EP - 91
JO - Theoretical Computer Science
JF - Theoretical Computer Science
ER -