TY - GEN
T1 - Fooling an unbounded adversary with a short key, repeatedly
T2 - 2nd Conference on Information-Theoretic Cryptography, ITC 2021
AU - Li, Xinze
AU - Tang, Qiang
AU - Zhang, Zhenfeng
N1 - Funding Information:
Funding Qiang Tang: Supported by a Google Faculty Award, and a gift from Filecoin. Zhenfeng Zhang: Supported by National Key R&D Program of China (2017YFB0802000) Acknowledgements We thank anonymous reviewers for valuable comments, specifically the simplification of the key re-use analysis.
Publisher Copyright:
© 2021 Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing. All rights reserved.
PY - 2021/7/1
Y1 - 2021/7/1
N2 - This article is motivated by the classical results from Shannon that put the simple and elegant one-time pad away from practice: key length has to be as large as message length and the same key could not be used more than once. In particular, we consider encryption algorithm to be defined relative to specific message distributions in order to trade for unconditional security. Such a notion named honey encryption (HE) was originally proposed for achieving best possible security for password based encryption where secrete key may have very small amount of entropy. Exploring message distributions as in HE indeed helps circumvent the classical restrictions on secret keys.We give a new and very simple honey encryption scheme satisfying the unconditional semantic security (for the targeted message distribution) in the standard model (all previous constructions are in the random oracle model, even for message recovery security only). Our new construction can be paired with an extremely simple yet “tighter” analysis, while all previous analyses (even for message recovery security only) were fairly complicated and require stronger assumptions. We also show a concrete instantiation further enables the secret key to be used for encrypting multiple messages.
AB - This article is motivated by the classical results from Shannon that put the simple and elegant one-time pad away from practice: key length has to be as large as message length and the same key could not be used more than once. In particular, we consider encryption algorithm to be defined relative to specific message distributions in order to trade for unconditional security. Such a notion named honey encryption (HE) was originally proposed for achieving best possible security for password based encryption where secrete key may have very small amount of entropy. Exploring message distributions as in HE indeed helps circumvent the classical restrictions on secret keys.We give a new and very simple honey encryption scheme satisfying the unconditional semantic security (for the targeted message distribution) in the standard model (all previous constructions are in the random oracle model, even for message recovery security only). Our new construction can be paired with an extremely simple yet “tighter” analysis, while all previous analyses (even for message recovery security only) were fairly complicated and require stronger assumptions. We also show a concrete instantiation further enables the secret key to be used for encrypting multiple messages.
KW - Honey encryption
KW - Information theoretic encryption
KW - Unconditional security
UR - http://www.scopus.com/inward/record.url?scp=85115297672&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85115297672&partnerID=8YFLogxK
U2 - 10.4230/LIPIcs.ITC.2021.23
DO - 10.4230/LIPIcs.ITC.2021.23
M3 - Conference contribution
AN - SCOPUS:85115297672
T3 - Leibniz International Proceedings in Informatics, LIPIcs
BT - 2nd Conference on Information-Theoretic Cryptography, ITC 2021
A2 - Tessaro, Stefano
PB - Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
Y2 - 23 July 2021 through 26 July 2021
ER -