Sciweavers

ASIACRYPT
2001
Springer

Key-Privacy in Public-Key Encryption

14 years 4 months ago
Key-Privacy in Public-Key Encryption
We consider a novel security requirement of encryption schemes that we call “key-privacy” or “anonymity”. It asks that an eavesdropper in possession of a ciphertext not be able to tell which specific key, out of a set of known public keys, is the one under which the ciphertext was created, meaning the receiver is anonymous from the point of view of the adversary. We investigate the anonymity of known encryption schemes. We prove that the El Gamal scheme provides anonymity under chosen-plaintext attack assuming the Decision Diffie-Hellman problem is hard and that the Cramer-Shoup scheme provides anonymity under chosen-ciphertext attack under the same assumption. We also consider anonymity for trapdoor permutations. Known attacks indicate that the RSA trapdoor permutation is not anonymous and neither are the standard encryption schemes based on it. We provide a variant of RSAOAEP that provides anonymity in the random oracle model assuming RSA is one-way. We also give constructio...
Mihir Bellare, Alexandra Boldyreva, Anand Desai, D
Added 28 Jul 2010
Updated 28 Jul 2010
Type Conference
Year 2001
Where ASIACRYPT
Authors Mihir Bellare, Alexandra Boldyreva, Anand Desai, David Pointcheval
Comments (0)