A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
Communications of the ACM
Composition and integrity preservation of secure reactive systems
Proceedings of the 7th ACM conference on Computer and communications security
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
On the Security of Joint Signature and Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
The Decision Diffie-Hellman Problem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
New notions of security: achieving universal composability without trusted setup
STOC '04 Proceedings of the thirty-sixth annual ACM symposium on Theory of computing
New notions of security
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Breaking four mix-related schemes based on universal re-encryption
ISC'06 Proceedings of the 9th international conference on Information Security
A formal treatment of onion routing
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Chosen-ciphertext secure proxy re-encryption
Proceedings of the 14th ACM conference on Computer and communications security
Homomorphic Encryption with CCA Security
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Simplified Submission of Inputs to Protocols
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Computationally Sound Formalization of Rerandomizable RCCA Secure Encryption
Formal to Practical Security
Toward practical anonymous rerandomizable RCCA secure encryptions
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Attacking and repairing the improved ModOnions protocol
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Targeted malleability: homomorphic encryption for restricted computations
Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Malleable proof systems and applications
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Succinct malleable NIZKs and an application to compact shuffles
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Hi-index | 0.00 |
We give the first perfectly rerandomizable, Replayable-CCA (RCCA) secure encryption scheme, positively answering an open problem of Canetti et al. (CRYPTO 2003). Our encryption scheme, which we call the Double-strand Cramer-Shoup scheme, is a non-trivial extension of the popular Cramer-Shoup encryption. Its security is based on the standard DDH assumption. To justify our definitions, we define a powerful "Replayable Message Posting" functionality in the Universally Composable (UC) framework, and show that any encryption scheme that satisfies our definitions of rerandomizability and RCCA security is a UC-secure implementation of this functionality. Finally, we enhance the notion of rerandomizable RCCA security by adding a receiver-anonymity (or key-privacy) requirement, and show that it results in a correspondingly enhanced UC functionality. We leave open the problem of constructing a scheme achieving this enhancement.