|
Abstract:
|
Nowadays Cloud computation has become a commonplace information service paradigm for all actors in ICT field, from individuals to big corporates. In particular, Cloud platforms and data centres are being used each time more for outsourcing data. However, data owners often worry about their data security and privacy before outsourcing the data to the Cloud, thus it is often a practice to first encrypt the data sets and then outsource them to the Cloud. The drawback of this approach is that, if the encryption scheme can only achieve chosen plaintext security, it cannot be assured to achieve strong security against many kinds of malicious adversaries in the Cloud setting. The chosen ciphertext security is essential for outsourcing ciphertexts to the Cloud, on the other hand, in most cases the data owners prefer to choose high-efficient encryption schemes for saving computation and communication costs. In this paper, we propose a new way to achieve chosen ciphertext security for Elgamal encryption scheme, which is a very basic and usual primitive for encapsulating block data encryption keys. We propose two new chosen ciphertext attack (CCA) secure schemes. The first one, which is a public key encryption proved secure in the random oracle based on the computational Diffie-Hellman (CDH) assumption, has almost no additional overhead compared with the traditional (indistinguishable under chosen plaintext attack secure Elgamal scheme, except one additional modular exponentiation for the decryption. The second scheme, which is a key encapsulation mechanism (KEM) proved secure in the standard model based on a new non-interactive assumption, has only two group elements as the encapsulations. Thus we solve the open problem left by Hanaoka et al. in Crypto'12, which consists in how to construct anindistinguishable under chosen ciphertext attack secure KEM without pairings based on a non-interactive assumption and with two group element encapsulations. To prove the scheme's security, we develop a new assumption called verifiable CDH assumption. We also generalise our technique to several existing well-known CCA secure KEMs, including the Boneh-Mei-Waters (BMW) KEM and the Hofheinz-Kiltz (HK) KEM, and show that our new schemes are even more efficient than these well-known schemes. Finally, we propose a new framework for efficient and secure data outsourcing to the Cloud based on our new schemes and present a rough analysis of its security. |
