Homomorphic Encryption with CCA Security

Manoj Prabhakaran and Mike Rosulek. Appeared in ICALP 2008.

Abstract

We address the problem of constructing public-key encryption schemes that meaningfully combine useful computability features with non-malleability. In particular, we investigate schemes in which anyone can change an encryption of an unknown message m into an encryption of T(m) (as a feature), for a specific set of allowed functions T, but the scheme is "non-malleable" with respect to all other operations. We formulate precise definitions that capture these intuitive requirements and also show relationships among our new definitions and other more standard ones (IND-CCA, gCCA, and RCCA). We further justify our definitions by showing their equivalence to a natural formulation of security in the Universally Composable framework. We also consider extending the definitions to features which combine multiple ciphertexts, and show that a natural definition is unattainable for a useful class of features. Finally, we describe a new family of encryption schemes that satisfy our definitions for a wide variety of allowed transformations T, and which are secure under the standard Decisional Diffie-Hellman (DDH) assumption.

Downloads

• Full version, via Cryptology ePrint Archive.
• ICALP 2008 proceedings version, via SpringerLink.
• Presentation slides from ICALP 2008.
• Presentation slides from TCC 2008 rump session (very brief).
• BibTeX entries for the proceedings and full versions.

Notes

• The definitions and construction presented here significantly generalize those of Rerandomizable RCCA Encryption.