Emura et al. [Int. J. Inf. Sec. 2014] showed that a public key encryption scheme with non-interactive opening (PKENO scheme) can be constructed from a group signature scheme secure in the dynamic setting. By following this construction, it seems that we can obtain a disavowable PKENO scheme [Ishida et al., ASIACCS 2015] from a deniable group signature scheme [Ishida et al., CANS 2016] since these primitives have the similar functionalities. In this work, we claim that this intuition is incorrect. Concretely, we show that the obtained scheme does not satisfy the functionality of disavowable PKENO by providing an attack for the indistinguishability against chosen ciphertext and prove attack security.
展开▼
