Constructions And Security Proofs Of Encryption Schemes In Different Settings

For a long time,cryptographer has been focusing on studying on encryption schemes in the normal circumstances.These schemes not only involve classical encryption algorithms such as RSA and El Gamal,but also derive many encryption schemes with special properties and functionalities such as identity-based encryption,attribute-based encryption,broadcast encryption,trapdoor encryption,proxy re-encryption,functional encryption,message-locked encryption and so on.These works will be of important significance to theoretical research and practical application.However,with the gradual in-depth study and the widely application of cryptographic technique,previous encryption schemes and security notions no longer apply in different settings from the original ones.Therefore,studying encryption schemes that have stronger functionalities,higher-level security and better efficiency has more practical significance and application value.We will do studies on the constructions and security proofs for encryption schemes in the following several different settings.· We propose a new message-locked encryption primitive(short for MLE3)and define for it the corresponding security model.The new primitive is in fact a variant of the original randomized messagelocked encryption proposed by Bellare et al.at Eurocrypt'13.In order to prevent trivial attacks,this primitive allows a semi-trusted server to hold a secret-key of public-key encryption to verify the correctess of a tag.The new security model namely privacy chosen-distribution attacks3(short for PRV-CDA3)requires that the encryption of an unpredictable message is computationally indistinguishable from a randomly chosen ciphertext from ciphertext space.However,the security model,PRV-CDA,proposed by Bellare et al.requires that the encryptions of any two unpredictable messages are computationally indistinguishable.Obviously,PRV-CDA3 is stronger than PRV-CDA.Based on the new primitive,we propose a new randomized message-locked encryption schemes which is proved to be PRV-CDA3 and STC secure in the standard model via UCE techiniques proposed by Bellare et al.at Crypto'13.In addition,our scheme also provide the validity testing algorithm for ciphertexts.Compared with existing randomized message-locked encryption schemes in the standard model,our scheme is the first randomized message-locked encryption scheme that provides full construction,full security proofs and achieves PRV-CDA3 and STC securities.· Previous CCA secure public-key functional encryption for randomized functions is proposed by Goyal et al.at TCC15,and relies on non-interactive witness-indistinguishable system(short for NIWI),data signature(short for DS).In this paper,we propose a trapdoor hash proof system(short for trapdoor HPS)and use it to construct a new public-key functional encryption for randomized functions without relying on NIWI and DS.Assume that the differing-inputs obfuscator(short for DIO)exists,the new scheme not only achieves CCA security but also can resist related-randomness attacks(short for RRA)and master secret-key leakage attacks(short for LR).As a another contribution,in the indistinguishable-based(short for IND-based)security model,we also provide a LR-RRA-CCA secure public-key functional encryption for deterministic functions.· We first propose the functional broadcast encryption notions and give two simple constructions.The first construction is implemented in the public-key setting based on the assumptions of puncturable pseudorandom function(short for puncturable PRF),pseudorandom generator(PRG)and indistinguishable obfuscator(short for IO).The second construction is implemented in the secret-key setting only relying on the assumptions of puncturable PRG and IO.In our defined security model,both constructions achieve adaptive IND-CPA security and selective IND-CCA security.Furthermore,we also confirm that the two schemes achieve small ciphertexts and small functional private keys.These results establish the existence of simple constructions for adaptive IND-CPA and selective IND-CCA secure functional broadcast encryption only building on the assumptions of one-way function and IO.· Selective opening attacks(short for SOA)security notion is proposed by Dwork et al.on FOCS'99 in the multi-user setting.Roughly speaking,an encryption scheme is SOA secure,if an adversary can not only see the ciphertext vector but also can obtain the message and randomness involved in the allowed opened ciphertexts,while the messages in the unopened ciphertexts are still secure.Designing and proving SOA secure encryption schemes has more challenges.In this paper,we first make studies on SOA secure certificateless encryption and provide formal definition and concrete construction.In the random oracle model,building on one-time signature scheme and computational diffie-hellman assumption(short for CDH assumption),it is proved to be SIM-SO-CPA secure.Compared with previous SIM-SO-CPA secure public-key encryption schemes and identity-based encryption schemes,our scheme has the advantage of eliminating certificate management and secret-key escrow.