International Association for Cryptologic Research (IACR)
Abstract
We provide the first public key encryption schemes proven secure against selective opening attack
(SOA). This means that if an adversary obtains a number of ciphertexts and then corrupts some
fraction of the senders, obtaining not only the corresponding messages but also the coins under which
they were encrypted then the security of the other messages is guaranteed. Whether or not schemes with
this property exist has been open for many years. Our schemes are based on a primitive we call lossy
encryption. Our schemes have short keys (public and secret keys of a fixed length suffice for encrypting
an arbitrary number of messages), are stateless, are non-interactive, and security does not rely on
erasures. The schemes are without random oracles, proven secure under standard assumptions (DDH,
Paillier’s DCR, QR, lattices), and even efficient. We are able to meet both an indistinguishability
(IND-SOA-C) and a simulation-style, semantic security (SS-SOA-C) definition
