New result in predicate encryption: disjunction support

Scott Guthery sbg at
Sun May 4 20:21:48 EDT 2008

[Moderator's Note: Top posting is discouraged. --Perry]

What I meant was that the crypogram decrypted with a correct f(I)=1 key
yields the encrypted message "Meet you at Starbucks at noon 0000000000000"
whereas decryption with a wrong, f(I)=0, key yields "Let's go down to Taco
Bell at midnight".  Padding with 0's doesn't help.

Cheers, Scott 

-----Original Message-----
From: owner-cryptography at
[mailto:owner-cryptography at] On Behalf Of Jonathan Katz
Sent: Sunday, May 04, 2008 1:20 PM
To: cryptography at
Subject: RE: New result in predicate encryption: disjunction support

On Sun, 4 May 2008, Scott Guthery wrote:

> One useful application of the Katz/Sahai/Waters work is a counter to 
> traffic analysis.  One can send the same message to everyone but 
> ensure that only a defined subset can read the message by proper key 
> management.  What is less clear is how to ensure that decrytion with 
> the wrong key doesn't yield an understandable (and actionable) message.

This is actually pretty easy to do by, e.g., padding all valid messages with
sufficiently-many 0s. Decryption with an incorrect key will result in
something "random" that is unlikely to end with the requisite number of 0s
(and so will be discarded).
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list