Abstract
The growing need for user privacy protection has lead to the development of general notions and efficient tools for building privacy-preserving applications. Among them, the notion of key privacy in public-key encryption, which guarantees that an adversary is unable to tell with which public key a certain ciphertext has been produced, plays a key-role in the design of several anonymous protocols. Apparently, it seems to be unrelated to the security of the encrypted content, and it looks like just an additional property the encryption scheme can enjoy. In this paper we show that for a robust encryption scheme key privacy under chosen ciphertext attack implies non-malleability and, hence, security under chosen ciphertext attacks. Then, we look at two privacy-preserving protocols: secret sets and anonymous broadcast encryption. We prove that secret sets and anonymous broadcast are equivalent w.r.t. non-adaptive adversaries: the first can be used to design the second and vice versa. Finally, we revisit some previous constructions for secret sets, and we show the security properties they enjoy within a rigorously defined adversarial model.