Paper 2021/1649

A New Security Notion for PKC in the Standard Model: Weaker, Simpler, and Still Realizing Secure Channels

Wasilij Beskorovajnov
Roland Gröll
Jörn Müller-Quade
Astrid Ottenhues
Rebecca Schwerdt
Abstract

Encryption satisfying CCA2 security is commonly known to be unnecessarily strong for realizing secure channels. Moreover, CCA2 constructions in the standard model are far from being competitive practical alternatives to constructions via random oracle. A promising research area to alleviate this problem are weaker security notions—like IND-RCCA secure encryption or IND-atag-wCCA secure tag-based encryption—which are still able to facilitate secure message transfer (SMT) via authenticated channels. In this paper we introduce the concept of sender-binding encryption (SBE), unifying prior approaches of SMT construction in the universal composability (UC) model. We furthermore develop the corresponding non-trivial security notion of IND-SB-CPA and formally prove that it suffices for realizing SMT in conjunction with authenticated channels. Our notion is the weakest so far in the sense that it generically implies the weakest prior notions—RCCA and atag-wCCA—without additional assumptions, while the reverse is not true. A direct consequence is that IND-stag-wCCA, which is strictly weaker than IND-atag-wCCA but stronger than our IND-SB-CPA, can be used to construct a secure channel. Finally, we give an efficient IND-SB-CPA secure construction in the standard model from IND-CPA secure double receiver encryption (DRE) based on McEliece. This shows that IND-SB-CPA security yields simpler and more efficient constructions in the standard model than the weakest prior notions, i.e., IND-atag-wCCA and IND-stag-wCCA.

Note: This is the full version of the IACR PKC 2022 publication.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published by the IACR in PKC 2022
Keywords
Secure Message TransferAuthenticated ChannelTag-based EncryptionIND-CPAIND-CCA2CCA2 RelaxationsUniversal ComposabilityMcEliece
Contact author(s)
beskorovajnov @ fzi de
groell @ fzi de
ottenhues @ kit edu
schwerdt @ kit edu
History
2023-01-27: revised
2021-12-17: received
See all versions
Short URL
https://ia.cr/2021/1649
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1649,
      author = {Wasilij Beskorovajnov and Roland Gröll and Jörn Müller-Quade and Astrid Ottenhues and Rebecca Schwerdt},
      title = {A New Security Notion for PKC in the Standard Model: Weaker, Simpler, and Still Realizing Secure Channels},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1649},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/1649}},
      url = {https://eprint.iacr.org/2021/1649}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.