ログイン
言語:

WEKO3

  • トップ
  • ランキング
To
lat lon distance
To

Field does not validate



インデックスリンク

インデックスツリー

メールアドレスを入力してください。

WEKO

One fine body…

WEKO

One fine body…

アイテム

  1. 124 情報理工学系研究科
  2. 40 電子情報学専攻
  3. 1244020 博士論文(電子情報学専攻)
  1. 0 資料タイプ別
  2. 20 学位論文
  3. 021 博士論文

Security Notions and Generic Constructions of Chosen Ciphertext Secure Public Key Encryption Schemes

https://doi.org/10.15083/00004105
https://doi.org/10.15083/00004105
49a1cd22-6e1f-4960-9a8b-f6f15dba75e6
名前 / ファイル ライセンス アクション
48087415.pdf 48087415.pdf (555.5 kB)
Item type 学位論文 / Thesis or Dissertation(1)
公開日 2012-11-09
タイトル
タイトル Security Notions and Generic Constructions of Chosen Ciphertext Secure Public Key Encryption Schemes
言語
言語 eng
資源タイプ
資源 http://purl.org/coar/resource_type/c_46ec
タイプ thesis
ID登録
ID登録 10.15083/00004105
ID登録タイプ JaLC
その他のタイトル
その他のタイトル 選択暗号文攻撃に対して安全な公開鍵暗号の安全性定義と一般的構成法
著者 Matsuda, Takahiro

× Matsuda, Takahiro

WEKO 9471

Matsuda, Takahiro

Search repository
著者別名
識別子Scheme WEKO
識別子 9472
姓名 松田, 隆宏
著者所属
著者所属 東京大学大学院情報理工学系研究科電子情報学専攻
Abstract
内容記述タイプ Abstract
内容記述 Public key encryption (PKE) is a fundamental cryptographic primitive with which we can communicate securely over possibly insecure network without shared secret information in advance. For PKE schemes, security against chosen ciphertext attacks (CCA security) is nowadays considered as a standard security notion needed in most practical applications/situations where PKE schemes are used. Roughly, CCA security captures security against "active" adversaries that can access to an imaginary machine called decryption oracle which on input a ciphertext returns a decryption result of it, and has been shown to imply important strong security notions such as non-malleability and universal composability. Therefore, studies on constructing and understanding CCA secure PKE schemes are important research topics in the area of cryptography. In this thesis, we focus on "generic constructions" of CCA secure PKE schemes from other cryptographic primitives, and make several contributions both from practical and theoretical points of view. Firstly, aiming at generic constructions that lead to CCA secure PKE schemes with practical efficiency, we focus on the so-called "IBE-to-PKE" transformation paradigm, where IBE stands for identity-based encryption and is a kind of PKE scheme where any string can be used as a public key. This is a methodology that transforms an IBE scheme which only satisfies security against chosen plaintext attacks (CPA security), the least requirement as an encryption scheme, into a CCA secure PKE scheme, and is the only known generic methodology with which we can construct CCA secure PKE schemes with practical efficiency. The biggest problem of this methodology is that the constructed PKE scheme has large ciphertext size, even if we use a practical IBE scheme as a building block. We propose two approaches to overcome this problem. The first approach is to require non-malleability, slightly stronger security than CPA security, for the underlying IBE scheme, and develop a new very simple IBE-to-PKE transformation where we only use one-way function, the weakest primitive used in the area of cryptography, as an additional building block. The second approach is to develop a new efficient encapsulation scheme, which is a special kind of commitment scheme and is a primitive used in one of the previous IBE-to-PKE transformations, from a special kind of pseudorandom generator. Both approaches do not need strong cryptographic primitives as additional building blocks, and lead to CCA secure PKE schemes with smaller ciphertext size than the previous IBE-to-PKE transformations. Secondly, we focus on the problem of whether it is possible to construct a CCA secure PKE scheme only from a CPA secure one. This is an important fundamental open problem that leads to clarifying a necessary and sufficient condition to realize a CCA secure PKE scheme. Regarding this problem, the best known positive results are the constructions of so-called bounded CCA secure schemes from any CPA secure PKE scheme, where bounded CCA security is security against adversaries that make at most the predetermined number of decryption queries, and thus is weaker than ordinary CCA security. Since we can achieve the best possible security in the bounded CCA security notions, in order to further tackle the fundamental problem, we need new security notions that capture intermediate security notions that lie between CPA and CCA security in a different sense from bounded CCA security. Motivated by this situation, in order to provide a theoretical foundation for further tackling the above problem, we focus on parallel decryption queries for an extension of bounded CCA security, and introduce a new security notion which we call "mixed CCA" security. It captures security against adversaries that make single and parallel decryption queries in a predetermined order, where each parallel query can contain unboundedly many ciphertexts. Moreover, how the decryption oracle is available before and after the challenge is also taken into account in this new security definition, which enables us to capture existing major security notions that lie between CPA and CCA security, including a complex notion like non-malleability against bounded CCA, in a unified security notion. We investigate the relations among mixed CCA security notions, and show a necessary and sufficient condition regarding implications/separations between any two notions in mixed CCA security. We then show two black-box constructions of PKE schemes from CPA secure ones, one of which satisfies a strictly stronger security notion than the security notions achieved by the existing constructions of PKE schemes constructed only from a CPA secure one. We also discuss the consequences of our results regarding security with parallel decryption queries and give several observations.
書誌情報 発行日 2011-03-24
日本十進分類法
主題Scheme NDC
主題 547
学位名
学位名 博士(情報理工学)
学位
値 doctoral
学位分野
Information Science and Technology (情報理工学)
学位授与機関
学位授与機関名 University of Tokyo (東京大学)
研究科・専攻
Department of Information and Communication Engineering, Graduate School of Information Science and Technology (情報理工学系研究科電子情報学専攻)
学位授与年月日
学位授与年月日 2011-03-24
学位授与番号
学位授与番号 甲第27292号
学位記番号
博情第330号
戻る
0
views
See details
Views

Versions

Ver.1 2021-03-01 19:50:11.840820
Show All versions

Share

Mendeley Twitter Facebook Print Addthis

Cite as

エクスポート

OAI-PMH
  • OAI-PMH JPCOAR 2.0
  • OAI-PMH JPCOAR 1.0
  • OAI-PMH DublinCore
  • OAI-PMH DDI
Other Formats
  • JSON
  • BIBTEX

Confirm


Powered by WEKO3


Powered by WEKO3