A note on the security of KHL scheme
A public key trace and revoke scheme combines the functionality of broadcast encryption with the capability of traitor tracing. In Asiacrypt 2003, Kim, Hwang and Lee proposed a public key trace and revoke scheme (referred to as KHL scheme), and gave the security proof to support that their scheme is...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2015
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/2820 https://ink.library.smu.edu.sg/context/sis_research/article/3820/viewcontent/KHL_scheme_pv_2015.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-3820 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-38202020-04-27T09:52:36Z A note on the security of KHL scheme WENG, Jian ZHAO, Yunlei DENG, Robert H., LIU, Shengli YANG, Yanjiang SAKURAI, Kouichi A public key trace and revoke scheme combines the functionality of broadcast encryption with the capability of traitor tracing. In Asiacrypt 2003, Kim, Hwang and Lee proposed a public key trace and revoke scheme (referred to as KHL scheme), and gave the security proof to support that their scheme is z-resilient against adaptive chosen-ciphertext attacks, in which the adversary is allowed to adaptively issue decryption queries as well as adaptively corrupt up to z users. In the passed ten years, KHL scheme has been believed as one of the most efficient public key trace and revoke schemes with z-resilience against adaptive chosen-ciphertext attacks under the well-studied DDH assumption. However, in this paper, by giving a concrete attack, we indicate that KHL scheme is actually not secure against adaptive chosen-ciphertexts, even without corruption of any user. We then identify the flaws in the security proof for KHL-scheme, and discuss the consequences of the attack. (C) 2015 Elsevier B.V. All rights reserved. 2015-10-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/2820 info:doi/10.1016/j.tcs.2015.07.051 https://ink.library.smu.edu.sg/context/sis_research/article/3820/viewcontent/KHL_scheme_pv_2015.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Cryptography Traitor-tracing Broadcast encryption Chosen-ciphertext attacks Computer Sciences Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Cryptography Traitor-tracing Broadcast encryption Chosen-ciphertext attacks Computer Sciences Information Security |
| spellingShingle |
Cryptography Traitor-tracing Broadcast encryption Chosen-ciphertext attacks Computer Sciences Information Security WENG, Jian ZHAO, Yunlei DENG, Robert H., LIU, Shengli YANG, Yanjiang SAKURAI, Kouichi A note on the security of KHL scheme |
| description |
A public key trace and revoke scheme combines the functionality of broadcast encryption with the capability of traitor tracing. In Asiacrypt 2003, Kim, Hwang and Lee proposed a public key trace and revoke scheme (referred to as KHL scheme), and gave the security proof to support that their scheme is z-resilient against adaptive chosen-ciphertext attacks, in which the adversary is allowed to adaptively issue decryption queries as well as adaptively corrupt up to z users. In the passed ten years, KHL scheme has been believed as one of the most efficient public key trace and revoke schemes with z-resilience against adaptive chosen-ciphertext attacks under the well-studied DDH assumption. However, in this paper, by giving a concrete attack, we indicate that KHL scheme is actually not secure against adaptive chosen-ciphertexts, even without corruption of any user. We then identify the flaws in the security proof for KHL-scheme, and discuss the consequences of the attack. (C) 2015 Elsevier B.V. All rights reserved. |
| format |
text |
| author |
WENG, Jian ZHAO, Yunlei DENG, Robert H., LIU, Shengli YANG, Yanjiang SAKURAI, Kouichi |
| author_facet |
WENG, Jian ZHAO, Yunlei DENG, Robert H., LIU, Shengli YANG, Yanjiang SAKURAI, Kouichi |
| author_sort |
WENG, Jian |
| title |
A note on the security of KHL scheme |
| title_short |
A note on the security of KHL scheme |
| title_full |
A note on the security of KHL scheme |
| title_fullStr |
A note on the security of KHL scheme |
| title_full_unstemmed |
A note on the security of KHL scheme |
| title_sort |
note on the security of khl scheme |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2015 |
| url |
https://ink.library.smu.edu.sg/sis_research/2820 https://ink.library.smu.edu.sg/context/sis_research/article/3820/viewcontent/KHL_scheme_pv_2015.pdf |
| _version_ |
1770572635321663488 |