WEKO3
アイテム
Security Notions and Generic Constructions of Chosen Ciphertext Secure Public Key Encryption Schemes
https://doi.org/10.15083/00004105
https://doi.org/10.15083/0000410549a1cd22-6e1f-4960-9a8b-f6f15dba75e6
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
48087415.pdf (555.5 kB)
|
|
| Item type | 学位論文 / Thesis or Dissertation(1) | |||||
|---|---|---|---|---|---|---|
| 公開日 | 2012-11-09 | |||||
| タイトル | ||||||
| タイトル | Security Notions and Generic Constructions of Chosen Ciphertext Secure Public Key Encryption Schemes | |||||
| 言語 | ||||||
| 言語 | eng | |||||
| 資源タイプ | ||||||
| 資源 | http://purl.org/coar/resource_type/c_46ec | |||||
| タイプ | thesis | |||||
| ID登録 | ||||||
| ID登録 | 10.15083/00004105 | |||||
| ID登録タイプ | JaLC | |||||
| その他のタイトル | ||||||
| その他のタイトル | 選択暗号文攻撃に対して安全な公開鍵暗号の安全性定義と一般的構成法 | |||||
| 著者 |
Matsuda, Takahiro
× Matsuda, Takahiro |
|||||
| 著者別名 | ||||||
| 識別子Scheme | WEKO | |||||
| 識別子 | 9472 | |||||
| 姓名 | 松田, 隆宏 | |||||
| 著者所属 | ||||||
| 著者所属 | 東京大学大学院情報理工学系研究科電子情報学専攻 | |||||
| Abstract | ||||||
| 内容記述タイプ | Abstract | |||||
| 内容記述 | Public key encryption (PKE) is a fundamental cryptographic primitive with which we can communicate securely over possibly insecure network without shared secret information in advance. For PKE schemes, security against chosen ciphertext attacks (CCA security) is nowadays considered as a standard security notion needed in most practical applications/situations where PKE schemes are used. Roughly, CCA security captures security against "active" adversaries that can access to an imaginary machine called decryption oracle which on input a ciphertext returns a decryption result of it, and has been shown to imply important strong security notions such as non-malleability and universal composability. Therefore, studies on constructing and understanding CCA secure PKE schemes are important research topics in the area of cryptography. In this thesis, we focus on "generic constructions" of CCA secure PKE schemes from other cryptographic primitives, and make several contributions both from practical and theoretical points of view. Firstly, aiming at generic constructions that lead to CCA secure PKE schemes with practical efficiency, we focus on the so-called "IBE-to-PKE" transformation paradigm, where IBE stands for identity-based encryption and is a kind of PKE scheme where any string can be used as a public key. This is a methodology that transforms an IBE scheme which only satisfies security against chosen plaintext attacks (CPA security), the least requirement as an encryption scheme, into a CCA secure PKE scheme, and is the only known generic methodology with which we can construct CCA secure PKE schemes with practical efficiency. The biggest problem of this methodology is that the constructed PKE scheme has large ciphertext size, even if we use a practical IBE scheme as a building block. We propose two approaches to overcome this problem. The first approach is to require non-malleability, slightly stronger security than CPA security, for the underlying IBE scheme, and develop a new very simple IBE-to-PKE transformation where we only use one-way function, the weakest primitive used in the area of cryptography, as an additional building block. The second approach is to develop a new efficient encapsulation scheme, which is a special kind of commitment scheme and is a primitive used in one of the previous IBE-to-PKE transformations, from a special kind of pseudorandom generator. Both approaches do not need strong cryptographic primitives as additional building blocks, and lead to CCA secure PKE schemes with smaller ciphertext size than the previous IBE-to-PKE transformations. Secondly, we focus on the problem of whether it is possible to construct a CCA secure PKE scheme only from a CPA secure one. This is an important fundamental open problem that leads to clarifying a necessary and sufficient condition to realize a CCA secure PKE scheme. Regarding this problem, the best known positive results are the constructions of so-called bounded CCA secure schemes from any CPA secure PKE scheme, where bounded CCA security is security against adversaries that make at most the predetermined number of decryption queries, and thus is weaker than ordinary CCA security. Since we can achieve the best possible security in the bounded CCA security notions, in order to further tackle the fundamental problem, we need new security notions that capture intermediate security notions that lie between CPA and CCA security in a different sense from bounded CCA security. Motivated by this situation, in order to provide a theoretical foundation for further tackling the above problem, we focus on parallel decryption queries for an extension of bounded CCA security, and introduce a new security notion which we call "mixed CCA" security. It captures security against adversaries that make single and parallel decryption queries in a predetermined order, where each parallel query can contain unboundedly many ciphertexts. Moreover, how the decryption oracle is available before and after the challenge is also taken into account in this new security definition, which enables us to capture existing major security notions that lie between CPA and CCA security, including a complex notion like non-malleability against bounded CCA, in a unified security notion. We investigate the relations among mixed CCA security notions, and show a necessary and sufficient condition regarding implications/separations between any two notions in mixed CCA security. We then show two black-box constructions of PKE schemes from CPA secure ones, one of which satisfies a strictly stronger security notion than the security notions achieved by the existing constructions of PKE schemes constructed only from a CPA secure one. We also discuss the consequences of our results regarding security with parallel decryption queries and give several observations. | |||||
| 書誌情報 | 発行日 2011-03-24 | |||||
| 日本十進分類法 | ||||||
| 主題Scheme | NDC | |||||
| 主題 | 547 | |||||
| 学位名 | ||||||
| 学位名 | 博士(情報理工学) | |||||
| 学位 | ||||||
| 値 | doctoral | |||||
| 学位分野 | ||||||
| Information Science and Technology (情報理工学) | ||||||
| 学位授与機関 | ||||||
| 学位授与機関名 | University of Tokyo (東京大学) | |||||
| 研究科・専攻 | ||||||
| Department of Information and Communication Engineering, Graduate School of Information Science and Technology (情報理工学系研究科電子情報学専攻) | ||||||
| 学位授与年月日 | ||||||
| 学位授与年月日 | 2011-03-24 | |||||
| 学位授与番号 | ||||||
| 学位授与番号 | 甲第27292号 | |||||
| 学位記番号 | ||||||
| 博情第330号 | ||||||
