The Edited Truth

Goldwasser, Shafrira; Klein, Saleet; Wichs, Daniel

Author(s)

Goldwasser, Shafrira; Klein, Saleet; Wichs, Daniel

DownloadAccepted version (857.8Kb)

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

We introduce two new cryptographic notions in the realm of public and symmetric key encryption. Encryption with invisible edits is an encryption scheme with two tiers of users: “privileged” and “unprivileged”. Privileged users know a key pair (pke, ske) and “unprivileged” users know a key pair (pk, sk) which is associated with an underlying edit e to be applied to messages encrypted. When an unprivileged user attempts to decrypt a ciphertext generated by a privileged user of an underlying plaintext m, it will be decrypted to an edited m' = Edit(m,e). Here, Edit is a supported edit function and e is a description of the particular edit. A user shouldn’t be able to tell whether he’s an unprivileged or a privileged user.An encryption with deniable edits is an encryption scheme which allows a user who owns a ciphertext c encrypting a large corpus of data m under a secret key sk, to generate an alternative but legitimate looking secret key skc,e that decrypts c to an “edited” version of the data m'= Edit(m,e). This generalizes classical receiver deniable encryption, which is a special case of deniable edits where the edit function completely replaces the original data. The new flexibility allows to design solutions with much smaller key sizes than required in classical receiver deniable encryption allowing the key size to only scale with the description size of the edit e which can be much smaller than the plaintext data m. We construct encryption schemes with deniable and invisible edits for any polynomial-time computable edit function under minimal assumptions: in the public-key setting we require the existence of standard public-key encryption and in the symmetric-key setting require the existence of one-way functions. The solutions to both problems use common ideas, however there is a significant conceptual difference between deniable edits and invisible edits. Whereas encryption with deniable edits enables a user to modify the meaning of a single ciphertext in hindsight, the goal of encryption with invisible edits is to enable ongoing modifications of multiple ciphertexts.

Description

Part of the Lecture Notes in Computer Science book series (LNCS, volume 10677).

Date issued

2017-11

URI

https://hdl.handle.net/1721.1/128908

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science; Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory

Journal

Lecture Notes in Computer Science

Publisher

Springer International Publishing

Citation

Goldwasser, Shafi et al. "The Edited Truth." Theory of Cryptography Conference, Lecture Notes in Computer Science, 10677, Springer, 2017, 305-340. © 2017 International Association for Cryptologic Research

Version: Author's final manuscript

ISBN

9783319704999

9783319705002

ISSN

0302-9743

1611-3349

Collections

MIT Open Access Articles