摘要:This article is motivated by the classical results from Shannon that put the simple and elegant one-time pad away from practice: key length has to be as large as message length and the same key could not be used more than once. In particular, we consider encryption algorithm to be defined relative to specific message distributions in order to trade for unconditional security. Such a notion named honey encryption (HE) was originally proposed for achieving best possible security for password based encryption where secrete key may have very small amount of entropy. Exploring message distributions as in HE indeed helps circumvent the classical restrictions on secret keys.We give a new and very simple honey encryption scheme satisfying the unconditional semantic security (for the targeted message distribution) in the standard model (all previous constructions are in the random oracle model, even for message recovery security only). Our new construction can be paired with an extremely simple yet "tighter" analysis, while all previous analyses (even for message recovery security only) were fairly complicated and require stronger assumptions. We also show a concrete instantiation further enables the secret key to be used for encrypting multiple messages.
