CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
RSA-OAEP Is Secure under the RSA Assumption
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
How to Enhance the Security of Public-Key Encryption at Minimum Cost
PKC '99 Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography
Simplified OAEP for the RSA and Rabin Functions
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Relationship between Two Approaches for Defining the Standard Model PA-ness
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Relationship between Standard Model Plaintext Awareness and Message Hiding
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Using hash functions as a hedge against chosen ciphertext attack
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Relations among notions of plaintext awareness
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
The cramer-shoup encryption scheme is plaintext aware in the standard model
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
PA1 and IND-CCA2 do not guarantee PA2: brief examples
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
| Hi-index | 0.01 |
In the seminal paper of Eurocrypt 2006, Dent defined a new assumption, simulatability, and showed that the well-known Cramer-Shoup public-key encryption scheme satisfied the weakest version of the plaintext awareness, the computational plaintext awareness, under the simulatability assumption, the DDH assumption, the DHK assumption, and the collision resistance of the hash function. However, a tricky aspect of the computational plaintext awareness was later shown. Moreover, the definition of the simulatability is elaborated. In this paper, we show that the Cramer-Shoup scheme satisfies a stronger variant of the plaintext awareness, the statistical plaintext awareness, under a weaker and simpler assumption than the simulatability. In particular, we show the statisticalPA2-ness of the Cramer-Shoup scheme under computationalassumptions.