Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2017 (2017), Article ID 2148534, 27 pages
Research Article

Efficient KDM-CCA Secure Public-Key Encryption via Auxiliary-Input Authenticated Encryption

Shuai Han,1,2 Shengli Liu,1,2,3 and Lin Lyu1,2

1Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240, China
2State Key Laboratory of Cryptology, P.O. Box 5159, Beijing 100878, China
3Westone Cryptologic Research Center, Beijing 100070, China

Correspondence should be addressed to Shengli Liu

Received 1 April 2017; Revised 13 June 2017; Accepted 6 July 2017; Published 11 December 2017

Academic Editor: Muhammad Khurram Khan

Copyright © 2017 Shuai Han et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


KDM-CCA security of public-key encryption (PKE) ensures the privacy of key-dependent messages which are closely related to the secret key , where , even if the adversary is allowed to make decryption queries. In this paper, we study the design of KDM-CCA secure PKE. To this end, we develop a new primitive named Auxiliary-Input Authenticated Encryption (AIAE). For AIAE, we introduce two related-key attack (RKA) security notions, including IND-RKA and weak-INT-RKA. We present a generic construction of AIAE from tag-based hash proof system (HPS) and one-time secure authenticated encryption (AE) and give an instantiation of AIAE under the Decisional Diffie-Hellman (DDH) assumption. Using AIAE as an essential building block, we give two constructions of efficient KDM-CCA secure PKE based on the DDH and the Decisional Composite Residuosity (DCR) assumptions. Specifically, (i) our first PKE construction is the first one achieving KDM-CCA security for the set of affine functions and compactness of ciphertexts simultaneously. (ii) Our second PKE construction is the first one achieving KDM-CCA security for the set of polynomial functions and almost compactness of ciphertexts simultaneously. Our PKE constructions are very efficient; in particular, they are pairing-free and NIZK-free.