Welcome!
To use the personalized features of this site, please log in or register.
If you have forgotten your username or password, we can help.
My Menu
Marked Items 
Alerts
Order History
Saved Items
All
Favorites
    
Book Chapter Printable view
Key-Privacy in Public-Key Encryption

Key-Privacy in Public-Key Encryption

Book SeriesLecture Notes in Computer Science
PublisherSpringer Berlin / Heidelberg
ISSN0302-9743 (Print) 1611-3349 (Online)
VolumeVolume 2248/2001
BookAdvances in Cryptology — ASIACRYPT 2001
DOI10.1007/3-540-45682-1
Copyright2001
ISBN978-3-540-42987-6
DOI10.1007/3-540-45682-1_33
Pages566-582
Subject CollectionComputer Science
SpringerLink DateMonday, January 01, 2001
Add to marked items

Key-Privacy in Public-Key Encryption

Mihir BellareContact Information, Alexandra BoldyrevaContact Information, Anand DesaiContact Information and David PointchevalContact Information

(5)  Dept of Computer Science & Engineering, University of California, 92093 California, San Diego La Jolla, USA
(6)  NTT Multimedia Communications Laboratories, 94306 California, Palo Alto, USA
(7)  Dépt d’Informatique, ENS - CNRS, 45 rue d’Ulm, 75230 Paris Cedex 05, France
Abstract
We consider a novel security requirement of encryption schemes that we call “key-privacy” or “anonymity”. It asks that an eavesdropper in possession of a ciphertext not be able to tell which specific key, out of a set of known public keys, is the one under which the ciphertext was created, meaning the receiver is anonymous from the point of view of the adversary. We investigate the anonymity of known encryption schemes. We prove that the El Gamal scheme provides anonymity under chosen-plaintext attack assuming the Decision Diffie-Hellman problem is hard and that the Cramer-Shoup scheme provides anonymity under chosen-ciphertext attack under the same assumption. We also consider anonymity for trapdoor permutations. Known attacks indicate that the RSA trapdoor permutation is not anonymous and neither are the standard encryption schemes based on it. We provide a variant of RSA-OAEP that provides anonymity in the random oracle model assuming RSA is one-way. We also give constructions of anonymous trapdoor permutations, assuming RSA is one-way, which yield anonymous encryption schemes in the standard model.

Contact Information Mihir Bellare
Email: mihir@cs.ucsd.edu
URL: http://www-cse.ucsd.edu/users/mihir

Contact Information Alexandra Boldyreva
Email: aboldyre@cs.ucsd.edu
URL: http://www-cse.ucsd.edu/users/aboldyre

Contact Information Anand Desai
Email: desai@nttmcl.com
URL: http://www-cse.ucsd.edu/users/adesai

Contact Information David Pointcheval
Email: David.Pointcheval@ens.fr
URL: http://www.di.ens.fr/users/pointche
Fulltext Preview (Small, Large)
Image of the first page of the fulltext

References secured to subscribers.
more options
Find


Export this chapter
Export this chapter as RIS | Text
 
Referenced by
1 newer article

  1. Abdalla, Michel (2008) Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions. Journal of Cryptology 21(3)
    [CrossRef]
Frequently asked questions | General information on journals and books | Send us your feedback | Impressum | Contact
© Springer. Part of Springer Science+Business Media
Privacy, Disclaimer, Terms and Conditions, © Copyright Information
Remote Address: 38.107.191.109 • Server: mpweb23
HTTP User Agent: CCBot/1.0 (+http://www.commoncrawl.org/bot.html)