International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Jacob C. N. Schuldt

Publications

Year
Venue
Title
2018
PKC
Related Randomness Security for Public Key Encryption, Revisited
Takahiro Matsuda Jacob C. N. Schuldt
Motivated by the history of randomness failures in practical systems, Paterson, Schuldt, and Sibborn (PKC 2014) introduced the notion of related randomness security for public key encryption. In this paper, we firstly show an inherent limitation of this notion: if the family of related randomness functions is sufficiently rich to express the encryption function of the considered scheme, then security cannot be achieved. This suggests that achieving security for function families capable of expressing more complex operations, such as those used in random number generation, might be difficult. The current constructions of related randomness secure encryption in the standard model furthermore reflect this; full security is only achieved for function families with a convenient algebraic structure. We additionally revisit the seemingly optimal random oracle model construction by Paterson et al. and highlight its limitations.To overcome this difficulty, we propose a new notion which we denote related refreshable randomness security. This notion captures a scenario in which an adversary has limited time to attack a system before new entropy is added. More specifically, the number of encryption queries with related randomness the adversary can make before the randomness is refreshed, is bounded, but the adversary is allowed to make an unbounded total number of queries. Furthermore, the adversary is allowed to influence how entropy is added to the system. In this setting, we construct an encryption scheme which remains secure in the standard model for arbitrary function families of size $$2^p$$2p (where p is polynomial in the security parameter) that satisfy certain collision-resistant and output-unpredictability properties. This captures a rich class of functions, which includes, as a special case, circuits of polynomial size. Our scheme makes use of a new construction of a (bounded) related-key attack secure pseudorandom function, which in turn is based on a new flavor of the leftover hash lemma. These technical results might be of independent interest.
2016
CRYPTO
2014
PKC
2014
ASIACRYPT
2014
FSE
2012
CRYPTO
2012
PKC
2012
PKC
2011
JOFC
2011
PKC
2011
ASIACRYPT
2008
PKC

Program Committees

PKC 2022
Eurocrypt 2018