Selective-Opening Security in the Presence of Randomness Failures

We initiate the study of public-key encryption (PKE) secure against selective-opening attacks (SOA) inthe presence of randomness failures, i.e., when the sender may (inadvertently) use low-quality randomness. Inthe SOA setting, an adversary can adaptively corrupt senders; this notion is natural to consider in tandemwith randomness failures since an adversary may target senders by multiple means. Concretely, we first treat SOA security of nonce-based PKE. After formulating an appropriate definitionof SOA-secure nonce-based PKE, we provide efficient constructions in the non-programmable random-oraclemodel, based on lossy trapdoor functions. We then lift our notion of security to the setting of “hedged” PKE, which ensures security as long as thesender’s seed, message, and nonce jointly have high entropy. This unifies the notions and strengthens theprotection that nonce-based PKE provides against randomness failures even in the non-SOA setting. We liftour definitions and constructions of SOA-secure nonce-based PKE to the hedged setting as well. 1 Dept. of Computer Science, Florida State University, Email: [email protected] Dept. of Computer Science, University of Maryland, Email: [email protected] Dept. of Computer Science, Georgetown University, Email: [email protected] Dept. of Computer Science, Georgetown University, Email: [email protected]