References in periodicals archive ?
(v) The ciphertext of our PKE scheme is (kem.c, aiae.c).
(i) In contrast to presenting a concrete construction of AIAE in the conference paper, we give a general paradigm for constructing AIAE from a one-time secure authenticated encryption (AE) and a tag-based hash proof system (HPS) in this paper.
(a) In Section 3.2, we show that the resulting AIAE is IND-RKA secure and weak-INT-RKA secure, as long as the underlying tag-based HPS is [universal.sub.2], extracting, and key-homomorphic.
Following our paradigm, we obtain a DDH-based AIAE scheme in Section 3.4.
We view the specific AIAE proposed in the conference paper as an instantiation of the general paradigm presented in this paper.
Our PKE constructions in Sections 4 and 5 will resort to a new primitive AIAE. To serve the KDM-CCA security of our PKE construction in Figure 1, our AIAE should satisfy the following properties.
(i) AIAE must take an auxiliary input ai in both the encryption and decryption algorithms.
(ii) AIAE must have IND-F-RKA security and weak-INT-F-RKA security.
In the following, we present the syntax of AIAE and define its IND-F-RKA Security and Weak-INT-F-RKA Security.
(i) The parameter generation algorithm AIAE.ParGen([1.sup.[lambda]]) generates a system parameter [pars.sub.AIAE].
(ii) The encryption algorithm AIAE.Encrypt(k, m, ai) takes a key k [member of] [K.sub.AIAE], a message m [member of] M, and an auxiliary input ai [member of] AI as input and outputs a ciphertext aiae.c.
(iii) The decryption algorithm AIAE.Decrypt(k, aiae.c, ai) takes a key k [member of] [K.sub.AIAE], a ciphertext aiae.c, and an auxiliary input ai [member of] AI as input and outputs a message m [member of] M or a symbol [perpendicular to].
Acronyms browser ?
Full browser ?
- Aia Maea Ainen Kiribati
- AIA uniform system