Abstract
We consider a novel security requirement of encryption schemes that we call “key-privacy” or “anonymity”.It asks that an eavesdropper in possession of a ciphertext not be able to tell which specific key, out of a set of known public keys, is the one under which the ciphertext was created, meaning the receiver is anonymous from the point of view of the adversary.W e investigate the anonymity of known encryption schemes.W e prove that the El Gamal scheme provides anonymity under chosen-plaintext attack assuming the Decision Diffie-Hellman problem is hard and that the Cramer-Shoup scheme provides anonymity under chosen-ciphertext attack under the same assumption.W e also consider anonymity for trapdoor permutations.Kno wn attacks indicate that the RSA trapdoor permutation is not anonymous and neither are the standard encryption schemes based on it.W e provide a variant of RSA-OAEP that provides anonymity in the random oracle model assuming RSA is one-way.We also give constructions of anonymous trapdoor permutations, assuming RSA is one-way, which yield anonymous encryption schemes in the standard model.
Cite
CITATION STYLE
Bellare, M., Boldyreva, A., Desai, A., & Pointcheval, D. (2001). Key-privacy in public-key encryption. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2248, pp. 566–582). Springer Verlag. https://doi.org/10.1007/3-540-45682-1_33
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
