Partial decryption attacks in security-mediated certificateless encryption

• Published in: IET information security Vol. 3; no. 4; pp. 148 - 151
• Main Authors: Chow, S.S.M., Yap, W.-S.
• Format: Journal Article
• Language: English
• Published: Stevenage The Institution of Engineering & Technology 01.12.2009
• Subjects: Certification; Computer information security; Encryption; Formulations; Scanning electron microscopy
• ISSN: 1751-8709; 1751-8717
• DOI: 10.1049/iet-ifs.2009.0028

Certificateless encryption refers to public key encryption with implicit certification. Security-mediated certificateless (SMC) encryption takes one-step further, such that every decryption requires a security-mediator (SEM) to partially decrypt the ciphertext. One major benefit is that instant revocation can be done by simply instructing the SEM to reject any further decryption request. Similar to the conventional chosen-ciphertext attack, it is reasonable to assume that an adversary can obtain the partial decryption of many ciphertexts. The authors show that the schemes proposed by Yang-Wang-Wang in AINAW 2007, Lo-Hwang-Li in IET Information Security, 1(3) and Yang-Xiong-Su in Computer Applications, 28(11) are insecure against partial decryption attacks; and hence cannot be classified as SMC encryption according to the original Chow-Boyd-Gonzalez Nieto's formulation in PKC 2006.