Welcome to the resource topic for 2025/2004
Title:
Re-randomization Attack on the Certificateless Encryption Scheme proposed by Guo et al.
Authors: Nobuyuki Sugio, Keita Emura, Toshihiro Ohigashi
Abstract:Guo, Li, and Qin proposed a lightweight certificateless encryption (CLE) scheme designed for IoT environments (\textit{Discover Computing}, 2025). This paper demonstrates that the proposed scheme does not achieve CCA security, contrary to the authors’ claim. Specifically, we identify two critical points. First, since the ciphertext retains a multiplicative ElGamal structure, it can always be re-randomized using arbitrary randomness. Second, based on this property, an adversary can transform a challenge ciphertext into another valid ciphertext of the same plaintext, and then query the decryption oracle with the transformed ciphertext to recover the challenge plaintext. This attack exploits a definitional gap in the CCA game, where only direct decryption queries on the challenge ciphertext are prohibited. In this work, we formalize the attack procedure and verify its validity based on implementation.
ePrint: https://eprint.iacr.org/2025/2004
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .