Skip to main content

Table 3 IND-CCA security for DRE

From: (Identity-based) dual receiver encryption from lattice-based programmable hash functions with high min-entropy

\(\mathbf {Experiment}~\mathsf {Exp}_{\mathcal {DRE},\mathcal {A}}^{\mathsf {ind}-\mathsf {cca}}(1^{\lambda }):\)
\(\mathsf {crs}\overset {\$}{\leftarrow }\mathsf {CGen}_{\mathsf {DRE}}(1^{\lambda })\);
\((pk_{j},sk_{j})\overset {\$}{\leftarrow }\mathsf {Gen}_{\mathsf {DRE}}(\mathsf {crs})\) for j{1,2};
\((M_{0},M_{1},s)\overset {\$}{\leftarrow }\mathcal {A}^{\mathsf {Dec}_{\mathsf {DRE}}(sk_{j},c)}(\mathsf {crs},pk_{1},pk_{2})\);
\(b\overset {\$}{\leftarrow }\{0,1\}\), \(c^{\star }\overset {\$}{\leftarrow }\mathsf {Enc}_{\mathsf {DRE}}(\mathsf {crs},pk_{1},pk_{2},M_{b})\);
\(b^{\prime }\overset {\$}{\leftarrow }\mathcal {A}^{\mathsf {Dec}_{\mathsf {DRE}}(sk_{j},c)\wedge {c\neq c^{\star }}}(c^{\star },s)\);
if b=b then return 1 else return 0.