Disavowable Public Key Encryption with Non-Interactive Opening

DOI Web Site
  • ISHIDA Ai
    Department of Mathematical and Computing Sciences, Tokyo Instutitute of Technology National Institute of Advanced Industrial Science and Technology
  • EMURA Keita
    National Institute of Information and Communications Technology
  • HANAOKA Goichiro
    National Institute of Advanced Industrial Science and Technology
  • SAKAI Yusuke
    National Institute of Advanced Industrial Science and Technology
  • TANAKA Keisuke
    Department of Mathematical and Computing Sciences, Tokyo Instutitute of Technology CREST, JST

Abstract

The primitive called public key encryption with non-interactive opening (PKENO) is a class of public key encryption (PKE) with additional functionality. By using this, a receiver of a ciphertext can prove that the ciphertext is an encryption of a specified message in a publicly verifiable manner. In some situation that a receiver needs to claim that a ciphertext is NOT decrypted to a specified message, if he/she proves the fact by using PKENO straightforwardly, the real message of the ciphertext is revealed and a verifier checks that it is different from the specified message about which the receiver wants to prove. However, this naive solution is problematic in terms of privacy. Inspired by this problem, we propose the notion of disavowable public key encryption with non-interactive opening (disavowable PKENO) where, with respect to a ciphertext and a message, the receiver of the ciphertext can issue a proof that the plaintext of the ciphertext is NOT the message. Also, we give a concrete construction. Specifically, a disavowal proof in our scheme consists of 61 group elements. The proposed disavowable PKENO scheme is provably secure in the standard model under the decisional linear assumption and strong unforgeability of the underlying one-time signature scheme.

Journal

Related Projects

See more

Keywords

Details 詳細情報について

Report a problem

Back to top