In the situation where there are one sender and multiple receivers, a receiver selective opening (RSO) attack for an identity-based encryption (IBE) scheme considers adversaries that can corrupt some of the receivers and get their user secret keys and plaintexts. Security against RSO attacks for an IBE scheme ensures confidentiality of ciphertexts of uncorrupted receivers. In this paper, we formalize a definition of RSO security against chosen ciphertext attacks (RSO-CCA security) for IBE and propose the first RSO-CCA secure IBE schemes. More specifically, we construct an RSO-CCA secure IBE scheme based on an IND-ID-CPA secure IBE scheme and a non-interactive zero-knowledge proof system with unbounded simulation soundness and multi-theorem zero-knowledge. Through our generic construction, we obtain the first pairing-based and lattice-based RSO-CCA secure IBE schemes.

The enhanced chosen-ciphertext security (ECCA) is motivated by the concept of randomness recovering encryption, which was presented by Dana Dachman-Soled et al. in PKC 2014 [9]. ECCA security is the enhanced version of CCA security. CCA security often appears to be somewhat too strong, so ECCA security is also too strong: there exist encryption schemes that are not ECCA secure but still have some practical application. Canetti et al. proposed a relaxed variant of CCA security called Replayable CCA (RCCA) security in CRYPTO 2003 [3]. In this paper, we propose a relaxed variant of ECCA security called Replayable security (RECCA). RECCA security is the enhanced version of RCCA security. Since RCCA security suffices for the most existing application of CCA security, RECCA security also suffices for them, too. Moreover, RECCA security provides a useful general version of security against active attacks.

In this letter, we prove that the Kurosawa-Desmedt (KD) scheme [10], which belongs to the hybrid framework, is KDM-CCA secure w.r.t. an ensemble proposed by Qin et al. in [12] under the decisional Diffie-Hellman assumption. Since our proof does not rely on the random oracle model, we partially answer the question presented by Davies and Stam in [7], where they hope to achieve the KDM-CCA security for hybrid encryption scheme in the standard model (i.e. not random oracle model). Moreover, our result may also make sense in practice since KD-scheme is (almost) the most efficient CCA secure scheme.

In this letter, we formally present the definition of KDM-CCA1 security in public key setting, which falls in between the existing KDM-CPA and KDM-CCA2 security. We also prove that if a public key encryption scheme is CCA1 secure and has the properties of secret-key multiplication (or addition) homomorphism, and conditioned plaintext-restorability, then it is KDM-CCA1 secure w.r.t. two ensembles of functions that had been used in [15],[17], respectively. For concrete scheme, we show that the (tailored) Damgård's Elgamal scheme achieves this KDM-CCA1 security based on different assumptions.

Searchable encryption has many applications including e-mail systems and storage systems. The usefulness of searchable encryption derives from its support of keyword-testability. Keyword-testability means that a receiver of a ciphertext can test whether the ciphertext contains a specific keyword. Recently, Bellare et al. suggested an efficiently-searchable encryption scheme with keyword-recoverability as well as keyword-testability. Keyword-recoverability means that a receiver can extract the keyword from a ciphertext. All of the previous searchable encryption schemes have provided only keyword-testability. However, as explained by Bellare et al., no efficiently-searchable encryption scheme can provide even security against chosen keyword attacks. That is, Bellare et al.'s scheme assumes that no useful partial information about the keyword is known to the adversaries. In this paper, we suggest an SEKR (searchable encryption with keyword-recoverability) scheme which is secure even if the adversaries have any useful partial information about the keyword. Our scheme provides security against chosen ciphertext attacks which are stronger attacks than chosen keyword attacks. We also suggest an SEKR scheme for multi-keywords.

KASUMI is a blockcipher that forms the heart of the 3GPP confidentiality and integrity algorithms. In this paper, we study the security of the five-round KASUMI type permutations, and derive a highly non-trivial security bound against adversaries with adaptive chosen plaintext and chosen ciphertext attacks. To derive our security bound, we heavily use the tools from graph theory. However the result does not show its super-pseudorandomness, this gives us a strong evidence that the design of KASUMI is sound.