Paper 2023/249

Anamorphic Encryption, Revisited

Fabio Banfi, Zühlke Engineering AG
Konstantin Gegier, ETH Zurich
Martin Hirt, ETH Zurich
Ueli Maurer, ETH Zurich
Guilherme Rito, Ruhr-Universität Bochum
Abstract

An anamorphic encryption scheme allows two parties who share a so-called double key to embed covert messages in ciphertexts of an established PKE scheme. This protects against a dictator that can force the receiver to reveal the secret keys for the PKE scheme, but who is oblivious about the existence of the double key. We identify two limitations of the original model by Persiano, Phan, and Yung (EUROCRYPT 2022). First, in their definition a double key can only be generated once, together with a key-pair. This has the drawback that a receiver who wants to use the anamorphic mode after a dictator comes to power, needs to deploy a new key-pair, a potentially suspicious act. Second, a receiver cannot distinguish whether or not a ciphertext contains a covert message. In this work we propose a new model that overcomes these limitations. First, we allow to associate multiple double keys to a key-pair, after its deployment. This also enables deniability in case the double key only depends on the public key. Second, we propose a natural robustness notion, which guarantees that anamorphically decrypting a regularly encrypted message results in a special symbol indicating that no covert message is contained, which also eliminates certain attacks. Finally, to instantiate our new, stronger definition of anamorphic encryption, we provide generic and concrete constructions. Concretely, we show that ElGamal and Cramer-Shoup satisfy a new condition, selective randomness recoverability, which enables robust anamorphic extensions, and we also provide a robust anamorphic extension for RSA-OAEP.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in EUROCRYPT 2024
DOI
10.1007/978-3-031-58723-8_1
Keywords
anamorphic encryptiondictator modelrobustnessselective randomness recoverability
Contact author(s)
fabio banfi @ inf ethz ch
konstantin gegier @ inf ethz ch
hirt @ inf ethz ch
maurer @ inf ethz ch
guilherme teixeirarito @ rub de
History
2024-05-22: revised
2023-02-21: received
See all versions
Short URL
https://ia.cr/2023/249
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/249,
      author = {Fabio Banfi and Konstantin Gegier and Martin Hirt and Ueli Maurer and Guilherme Rito},
      title = {Anamorphic Encryption, Revisited},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/249},
      year = {2023},
      doi = {10.1007/978-3-031-58723-8_1},
      url = {https://eprint.iacr.org/2023/249}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.