Chosen-ciphertext security of multiple encryption

Yevgeniy Dodis, Jonathan Katz

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Encryption of data using multiple, independent encryption schemes ("multiple encryption") has been suggested in a variety of contexts, and can be used, for example, to protect against partial key exposure or cryptanalysis, or to enforce threshold access to data. Most prior work on this subject has focused on the security of multiple encryption against chosen-plaintext attacks, and has shown constructions secure in this sense based on the chosen-plaintext security of the component schemes. Subsequent work has sometimes assumed that these solutions are also secure against chosen-ciphertext attacks when component schemes with stronger security properties are used. Unfortunately, this intuition is false for all existing multiple encryption schemes. Here, in addition to formalizing the problem of chosen-ciphertext security for multiple encryption, we give simple, efficient, and generic constructions of multiple encryption schemes secure against chosen-ciphertext attacks (based on any component schemes secure against such attacks) in the standard model. We also give a more efficient construction from any (hierarchical) identity-based encryption scheme secure against selective-identity chosen plaintext attacks. Finally, we discuss a wide range of applications for our proposed schemes.

Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science
EditorsJ. Kilian
Pages188-209
Number of pages22
Volume3378
StatePublished - 2005
EventSecond Theory of Cryptography Conference, TCC 2005 - Cambridge, MA, United States
Duration: Feb 10 2005Feb 12 2005

Other

OtherSecond Theory of Cryptography Conference, TCC 2005
CountryUnited States
CityCambridge, MA
Period2/10/052/12/05

Fingerprint

Cryptography

ASJC Scopus subject areas

  • Computer Science (miscellaneous)

Cite this

Dodis, Y., & Katz, J. (2005). Chosen-ciphertext security of multiple encryption. In J. Kilian (Ed.), Lecture Notes in Computer Science (Vol. 3378, pp. 188-209)

Chosen-ciphertext security of multiple encryption. / Dodis, Yevgeniy; Katz, Jonathan.

Lecture Notes in Computer Science. ed. / J. Kilian. Vol. 3378 2005. p. 188-209.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dodis, Y & Katz, J 2005, Chosen-ciphertext security of multiple encryption. in J Kilian (ed.), Lecture Notes in Computer Science. vol. 3378, pp. 188-209, Second Theory of Cryptography Conference, TCC 2005, Cambridge, MA, United States, 2/10/05.
Dodis Y, Katz J. Chosen-ciphertext security of multiple encryption. In Kilian J, editor, Lecture Notes in Computer Science. Vol. 3378. 2005. p. 188-209
Dodis, Yevgeniy ; Katz, Jonathan. / Chosen-ciphertext security of multiple encryption. Lecture Notes in Computer Science. editor / J. Kilian. Vol. 3378 2005. pp. 188-209
@inproceedings{60e24d4f32f140ed845bd83021189fe9,
title = "Chosen-ciphertext security of multiple encryption",
abstract = "Encryption of data using multiple, independent encryption schemes ({"}multiple encryption{"}) has been suggested in a variety of contexts, and can be used, for example, to protect against partial key exposure or cryptanalysis, or to enforce threshold access to data. Most prior work on this subject has focused on the security of multiple encryption against chosen-plaintext attacks, and has shown constructions secure in this sense based on the chosen-plaintext security of the component schemes. Subsequent work has sometimes assumed that these solutions are also secure against chosen-ciphertext attacks when component schemes with stronger security properties are used. Unfortunately, this intuition is false for all existing multiple encryption schemes. Here, in addition to formalizing the problem of chosen-ciphertext security for multiple encryption, we give simple, efficient, and generic constructions of multiple encryption schemes secure against chosen-ciphertext attacks (based on any component schemes secure against such attacks) in the standard model. We also give a more efficient construction from any (hierarchical) identity-based encryption scheme secure against selective-identity chosen plaintext attacks. Finally, we discuss a wide range of applications for our proposed schemes.",
author = "Yevgeniy Dodis and Jonathan Katz",
year = "2005",
language = "English (US)",
volume = "3378",
pages = "188--209",
editor = "J. Kilian",
booktitle = "Lecture Notes in Computer Science",

}

TY - GEN

T1 - Chosen-ciphertext security of multiple encryption

AU - Dodis, Yevgeniy

AU - Katz, Jonathan

PY - 2005

Y1 - 2005

N2 - Encryption of data using multiple, independent encryption schemes ("multiple encryption") has been suggested in a variety of contexts, and can be used, for example, to protect against partial key exposure or cryptanalysis, or to enforce threshold access to data. Most prior work on this subject has focused on the security of multiple encryption against chosen-plaintext attacks, and has shown constructions secure in this sense based on the chosen-plaintext security of the component schemes. Subsequent work has sometimes assumed that these solutions are also secure against chosen-ciphertext attacks when component schemes with stronger security properties are used. Unfortunately, this intuition is false for all existing multiple encryption schemes. Here, in addition to formalizing the problem of chosen-ciphertext security for multiple encryption, we give simple, efficient, and generic constructions of multiple encryption schemes secure against chosen-ciphertext attacks (based on any component schemes secure against such attacks) in the standard model. We also give a more efficient construction from any (hierarchical) identity-based encryption scheme secure against selective-identity chosen plaintext attacks. Finally, we discuss a wide range of applications for our proposed schemes.

AB - Encryption of data using multiple, independent encryption schemes ("multiple encryption") has been suggested in a variety of contexts, and can be used, for example, to protect against partial key exposure or cryptanalysis, or to enforce threshold access to data. Most prior work on this subject has focused on the security of multiple encryption against chosen-plaintext attacks, and has shown constructions secure in this sense based on the chosen-plaintext security of the component schemes. Subsequent work has sometimes assumed that these solutions are also secure against chosen-ciphertext attacks when component schemes with stronger security properties are used. Unfortunately, this intuition is false for all existing multiple encryption schemes. Here, in addition to formalizing the problem of chosen-ciphertext security for multiple encryption, we give simple, efficient, and generic constructions of multiple encryption schemes secure against chosen-ciphertext attacks (based on any component schemes secure against such attacks) in the standard model. We also give a more efficient construction from any (hierarchical) identity-based encryption scheme secure against selective-identity chosen plaintext attacks. Finally, we discuss a wide range of applications for our proposed schemes.

UR - http://www.scopus.com/inward/record.url?scp=24144468589&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=24144468589&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:24144468589

VL - 3378

SP - 188

EP - 209

BT - Lecture Notes in Computer Science

A2 - Kilian, J.

ER -