Bounded CCA2-secure encryption

Authors:
Ronald Cramer;Goichiro Hanaoka;Dennis Hofheinz;Hideki Imai;Eike Kiltz;Rafael Pass;Abhi Shelat;Vinod Vaikuntanathan
Affiliations:
Centrum voor Wiskunde en Informatica, Amsterdam and Leiden University;National Institute of Advanced Industrial Science and Technology, Tokyo;Centrum voor Wiskunde en Informatica, Amsterdam;National Institute of Advanced Industrial Science and Technology, Tokyo and Chuo University;Centrum voor Wiskunde en Informatica, Amsterdam;Cornell University;University of Virginia;Massachusetts Institute of Technology
Venue:
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Year:
2007

Citing 18
Cited 20

Universal one-way hash functions and their cryptographic applications

STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
One-way functions are necessary and sufficient for secure signatures

STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Public-key cryptosystems provably secure against chosen ciphertext attacks

STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Nonmalleable Cryptography

SIAM Journal on Computing
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Key-Insulated Public Key Cryptosystems

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security

FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack

SIAM Journal on Computing
Foundations of Cryptography: Volume 2, Basic Applications

Foundations of Cryptography: Volume 2, Basic Applications
A Simpler Construction of CCA2-Secure Public-Key Encryption under General Assumptions

Journal of Cryptology
Exposure-resilient functions and all-or-nothing transforms

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Towards a separation of semantic and CCA security for public key encryption

TCC'07 Proceedings of the 4th conference on Theory of cryptography
About the security of ciphers (semantic security and pseudo-random permutations)

SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Construction of a non-malleable encryption scheme from any semantically secure one

CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology

Some Information Theoretic Arguments for Encryption: Non-malleability and Chosen-Ciphertext Security (Invited Talk)

ICITS '08 Proceedings of the 3rd international conference on Information Theoretic Security
Chosen Ciphertext Secure Public Key Encryption with a Simple Structure

IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Compact Proofs of Retrievability

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Chosen-Ciphertext Security via Correlated Products

TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Weak Verifiable Random Functions

TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
On the Security of Padding-Based Encryption Schemes --- or --- Why We Cannot Prove OAEP Secure in the Standard Model

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Black-box construction of a non-malleable encryption scheme from any semantically secure one

TCC'08 Proceedings of the 5th conference on Theory of cryptography
Public key encryption schemes with bounded CCA security and optimal ciphertext length based on the CDH assumption

ISC'10 Proceedings of the 13th international conference on Information security
Chosen-Ciphertext Security via Correlated Products

SIAM Journal on Computing
Parallel decryption queries in bounded chosen ciphertext attacks

PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Adaptive trapdoor functions and chosen-ciphertext security

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Short signatures from weaker assumptions

ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Two-Dimensional representation of cover free families and its applications: short signatures and more

CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
A unified approach to deterministic encryption: new constructions and a connection to computational entropy

TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Detecting dangerous queries: a new approach for chosen ciphertext security

EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Relations between constrained and bounded chosen ciphertext security for key encapsulation mechanisms

PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Blackbox construction of a more than non-malleable CCA1 encryption scheme from plaintext awareness

SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Relaxing IND-CCA: indistinguishability against chosen ciphertext verification attack

SPACE'12 Proceedings of the Second international conference on Security, Privacy, and Applied Cryptography Engineering
More DCCA-secure public-key encryptions from KEM + DEM style hybrid paradigms and some observations on the 'inner-outer' structure

International Journal of Grid and Utility Computing
Black-box construction of a more than non-malleable CCA1 encryption scheme from plaintext awareness

Journal of Computer Security - Advances in Security for Communication Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Whereas encryption schemes withstanding passive chosen-plaintext attacks (CPA) can be constructed based on a variety of computational assumptions, only a few assumptions are known to imply the existence of encryption schemes withstanding adaptive chosen-ciphertext attacks (CCA2). Towards addressing this asymmetry, we consider a weakening of the CCA2 model--bounded CCA2-security -- wherein security needs only hold against adversaries that make an a-priori bounded number of queries to the decryption oracle. Regarding this notion we show (without any further assumptions): - For any polynomial q, a simple black-box construction of q-bounded IND-CCA2-secure encryption schemes, from any IND-CPA-secure encryption scheme. When instantiated with the Decisional Diffie-Hellman (DDH) assumption, this construction additionally yields encryption schemes with very short ciphertexts. - For any polynomial q, a (non-black box) construction of q-bounded NM-CCA2-secure encryption schemes, from any IND-CPA-secure encryption scheme. Bounded-CCA2 non-malleability is the strongest notion of security yet known to be achievable assuming only the existence of IND-CPA secure encryption schemes. Finally, we show that non-malleability and indistinguishability are not equivalent under bounded-CCA2 attacks (in contrast to general CCA2 attacks).