Interactive encryption and message authentication

Yevgeniy Dodis, Dario Fiore

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Public-Key Encryption (PKE) and Message Authentication (PKMA, aka as digital signatures) are fundamental cryptographic primitives. Traditionally, both notions are defined as non-interactive (i.e., single-message). In this work, we initiate rigorous study of (possibly) interactive PKE and PKMA schemes. We obtain the following results demonstrating the power of interaction to resolve questions which are either open or impossible in the non-interactive setting. Efficiency/Assumptions. One of the most well known open questions in the area of PKE is to build, in a “black-box way”, so called chosen ciphertext attack (CCA-) secure PKE from chosen plaintext attack (CPA-) secure PKE. In contrast, we show a simple 2-round CCA-secure PKE from any (non-interactive) CPA-secure PKE (in fact, these primitives turn out to be equivalent). Similarly, although non-interactive PKMA schemes can be inefficiently built from any one-way function, no efficient signature schemes are known from many popular numbertheoretic assumptions, such as factoring, CDH or DDH. In contrast, we show an efficient 2-round PKMA from most popular assumptions, including factoring, CDH and DDH. Advanced Properties. It is well known that no non-interactive signature (resp. encryption) scheme can be deniable (resp. forward-secure), since the signature (resp. ciphertext) can later “serve as an evidence of the sender’s consent” (resp. “be decrypted if the receiver’s key is compromised”). We also formalize a related notion of replay-secure (necessarily) interactive PKMA (resp. PKE) schemes, where the verifier (resp. encryptor) is assured that the “current” message can only be authenticated (resp. decrypted) by the secret key owner now, as opposed to some time in the past (resp. future). We observe that our 2-round PKMA scheme is both replay-secure and (passively) deniable, and our 2-round PKE scheme is both replay- and forward-secure.

Original languageEnglish (US)
Title of host publicationSecurity and Cryptography for Networks - 9th International Conference, SCN 2014, Proceedings
PublisherSpringer Verlag
Pages494-513
Number of pages20
Volume8642
ISBN (Print)9783319108780
StatePublished - 2014
Event9th International Conference on Security and Cryptography for Networks, SCN 2014 - Amalfi, Italy
Duration: Sep 3 2014Sep 5 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8642
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other9th International Conference on Security and Cryptography for Networks, SCN 2014
CountryItaly
CityAmalfi
Period9/3/149/5/14

Fingerprint

Message Authentication
Public Key Encryption
Authentication
Encryption
Cryptography
Attack
Factoring
Signature
One-way Function
Digital Signature
Electronic document identification systems
Signature Scheme
Black Box
Resolve
Receiver

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Dodis, Y., & Fiore, D. (2014). Interactive encryption and message authentication. In Security and Cryptography for Networks - 9th International Conference, SCN 2014, Proceedings (Vol. 8642, pp. 494-513). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8642). Springer Verlag.

Interactive encryption and message authentication. / Dodis, Yevgeniy; Fiore, Dario.

Security and Cryptography for Networks - 9th International Conference, SCN 2014, Proceedings. Vol. 8642 Springer Verlag, 2014. p. 494-513 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8642).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dodis, Y & Fiore, D 2014, Interactive encryption and message authentication. in Security and Cryptography for Networks - 9th International Conference, SCN 2014, Proceedings. vol. 8642, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8642, Springer Verlag, pp. 494-513, 9th International Conference on Security and Cryptography for Networks, SCN 2014, Amalfi, Italy, 9/3/14.
Dodis Y, Fiore D. Interactive encryption and message authentication. In Security and Cryptography for Networks - 9th International Conference, SCN 2014, Proceedings. Vol. 8642. Springer Verlag. 2014. p. 494-513. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Dodis, Yevgeniy ; Fiore, Dario. / Interactive encryption and message authentication. Security and Cryptography for Networks - 9th International Conference, SCN 2014, Proceedings. Vol. 8642 Springer Verlag, 2014. pp. 494-513 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{78778fd59fa74fa682fb7979d4831c80,
title = "Interactive encryption and message authentication",
abstract = "Public-Key Encryption (PKE) and Message Authentication (PKMA, aka as digital signatures) are fundamental cryptographic primitives. Traditionally, both notions are defined as non-interactive (i.e., single-message). In this work, we initiate rigorous study of (possibly) interactive PKE and PKMA schemes. We obtain the following results demonstrating the power of interaction to resolve questions which are either open or impossible in the non-interactive setting. Efficiency/Assumptions. One of the most well known open questions in the area of PKE is to build, in a “black-box way”, so called chosen ciphertext attack (CCA-) secure PKE from chosen plaintext attack (CPA-) secure PKE. In contrast, we show a simple 2-round CCA-secure PKE from any (non-interactive) CPA-secure PKE (in fact, these primitives turn out to be equivalent). Similarly, although non-interactive PKMA schemes can be inefficiently built from any one-way function, no efficient signature schemes are known from many popular numbertheoretic assumptions, such as factoring, CDH or DDH. In contrast, we show an efficient 2-round PKMA from most popular assumptions, including factoring, CDH and DDH. Advanced Properties. It is well known that no non-interactive signature (resp. encryption) scheme can be deniable (resp. forward-secure), since the signature (resp. ciphertext) can later “serve as an evidence of the sender’s consent” (resp. “be decrypted if the receiver’s key is compromised”). We also formalize a related notion of replay-secure (necessarily) interactive PKMA (resp. PKE) schemes, where the verifier (resp. encryptor) is assured that the “current” message can only be authenticated (resp. decrypted) by the secret key owner now, as opposed to some time in the past (resp. future). We observe that our 2-round PKMA scheme is both replay-secure and (passively) deniable, and our 2-round PKE scheme is both replay- and forward-secure.",
author = "Yevgeniy Dodis and Dario Fiore",
year = "2014",
language = "English (US)",
isbn = "9783319108780",
volume = "8642",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "494--513",
booktitle = "Security and Cryptography for Networks - 9th International Conference, SCN 2014, Proceedings",

}

TY - GEN

T1 - Interactive encryption and message authentication

AU - Dodis, Yevgeniy

AU - Fiore, Dario

PY - 2014

Y1 - 2014

N2 - Public-Key Encryption (PKE) and Message Authentication (PKMA, aka as digital signatures) are fundamental cryptographic primitives. Traditionally, both notions are defined as non-interactive (i.e., single-message). In this work, we initiate rigorous study of (possibly) interactive PKE and PKMA schemes. We obtain the following results demonstrating the power of interaction to resolve questions which are either open or impossible in the non-interactive setting. Efficiency/Assumptions. One of the most well known open questions in the area of PKE is to build, in a “black-box way”, so called chosen ciphertext attack (CCA-) secure PKE from chosen plaintext attack (CPA-) secure PKE. In contrast, we show a simple 2-round CCA-secure PKE from any (non-interactive) CPA-secure PKE (in fact, these primitives turn out to be equivalent). Similarly, although non-interactive PKMA schemes can be inefficiently built from any one-way function, no efficient signature schemes are known from many popular numbertheoretic assumptions, such as factoring, CDH or DDH. In contrast, we show an efficient 2-round PKMA from most popular assumptions, including factoring, CDH and DDH. Advanced Properties. It is well known that no non-interactive signature (resp. encryption) scheme can be deniable (resp. forward-secure), since the signature (resp. ciphertext) can later “serve as an evidence of the sender’s consent” (resp. “be decrypted if the receiver’s key is compromised”). We also formalize a related notion of replay-secure (necessarily) interactive PKMA (resp. PKE) schemes, where the verifier (resp. encryptor) is assured that the “current” message can only be authenticated (resp. decrypted) by the secret key owner now, as opposed to some time in the past (resp. future). We observe that our 2-round PKMA scheme is both replay-secure and (passively) deniable, and our 2-round PKE scheme is both replay- and forward-secure.

AB - Public-Key Encryption (PKE) and Message Authentication (PKMA, aka as digital signatures) are fundamental cryptographic primitives. Traditionally, both notions are defined as non-interactive (i.e., single-message). In this work, we initiate rigorous study of (possibly) interactive PKE and PKMA schemes. We obtain the following results demonstrating the power of interaction to resolve questions which are either open or impossible in the non-interactive setting. Efficiency/Assumptions. One of the most well known open questions in the area of PKE is to build, in a “black-box way”, so called chosen ciphertext attack (CCA-) secure PKE from chosen plaintext attack (CPA-) secure PKE. In contrast, we show a simple 2-round CCA-secure PKE from any (non-interactive) CPA-secure PKE (in fact, these primitives turn out to be equivalent). Similarly, although non-interactive PKMA schemes can be inefficiently built from any one-way function, no efficient signature schemes are known from many popular numbertheoretic assumptions, such as factoring, CDH or DDH. In contrast, we show an efficient 2-round PKMA from most popular assumptions, including factoring, CDH and DDH. Advanced Properties. It is well known that no non-interactive signature (resp. encryption) scheme can be deniable (resp. forward-secure), since the signature (resp. ciphertext) can later “serve as an evidence of the sender’s consent” (resp. “be decrypted if the receiver’s key is compromised”). We also formalize a related notion of replay-secure (necessarily) interactive PKMA (resp. PKE) schemes, where the verifier (resp. encryptor) is assured that the “current” message can only be authenticated (resp. decrypted) by the secret key owner now, as opposed to some time in the past (resp. future). We observe that our 2-round PKMA scheme is both replay-secure and (passively) deniable, and our 2-round PKE scheme is both replay- and forward-secure.

UR - http://www.scopus.com/inward/record.url?scp=84927619224&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84927619224&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9783319108780

VL - 8642

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 494

EP - 513

BT - Security and Cryptography for Networks - 9th International Conference, SCN 2014, Proceedings

PB - Springer Verlag

ER -