Paper 2023/249
Anamorphic Encryption, Revisited
Abstract
An anamorphic encryption scheme allows two parties who share a so-called double key to embed covert messages in ciphertexts of an established PKE scheme. This protects against a dictator that can force the receiver to reveal the secret keys for the PKE scheme, but who is oblivious about the existence of the double key. We identify two limitations of the original model by Persiano, Phan, and Yung (EUROCRYPT 2022). First, in their definition a double key can only be generated once, together with a key-pair. This has the drawback that a receiver who wants to use the anamorphic mode after a dictator comes to power, needs to deploy a new key-pair, a potentially suspicious act. Second, a receiver cannot distinguish whether or not a ciphertext contains a covert message. In this work we propose a new model that overcomes these limitations. First, we allow to associate multiple double keys to a key-pair, after its deployment. This also enables deniability in case the double key only depends on the public key. Second, we propose a natural robustness notion, which guarantees that anamorphically decrypting a regularly encrypted message results in a special symbol indicating that no covert message is contained, which also eliminates certain attacks. Finally, to instantiate our new, stronger definition of anamorphic encryption, we provide generic and concrete constructions. Concretely, we show that ElGamal and Cramer-Shoup satisfy a new condition, selective randomness recoverability, which enables robust anamorphic extensions, and we also provide a robust anamorphic extension for RSA-OAEP.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- A major revision of an IACR publication in EUROCRYPT 2024
- DOI
- 10.1007/978-3-031-58723-8_1
- Keywords
- anamorphic encryptiondictator modelrobustnessselective randomness recoverability
- Contact author(s)
-
fabio banfi @ inf ethz ch
konstantin gegier @ inf ethz ch
hirt @ inf ethz ch
maurer @ inf ethz ch
guilherme teixeirarito @ rub de - History
- 2024-05-22: revised
- 2023-02-21: received
- See all versions
- Short URL
- https://ia.cr/2023/249
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/249, author = {Fabio Banfi and Konstantin Gegier and Martin Hirt and Ueli Maurer and Guilherme Rito}, title = {Anamorphic Encryption, Revisited}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/249}, year = {2023}, doi = {10.1007/978-3-031-58723-8_1}, url = {https://eprint.iacr.org/2023/249} }