Identity-based cryptosystems and signature schemes
Proceedings of CRYPTO 84 on Advances in cryptology
Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
The random oracle methodology, revisited
Journal of the ACM (JACM)
Lossy trapdoor functions and their applications
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Completely non-malleable encryption revisited
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Black-box construction of a non-malleable encryption scheme from any semantically secure one
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Completely non-malleable schemes
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
More constructions of lossy and correlation-secure trapdoor functions
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Construction of a non-malleable encryption scheme from any semantically secure one
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Chosen-Ciphertext security from tag-based encryption
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Lattice-based completely non-malleable PKE in the standard model
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
Lattice-based completely non-malleable public-key encryption in the standard model
Designs, Codes and Cryptography
| Hi-index | 0.00 |
Non-malleable encryption schemes make it infeasible for adversaries provided with an encryption of some plaintext m to compute another ciphertext encrypting a plaintext m′ that is related to m. At ICALP'05, Fischlin suggested a stronger notion, called complete nonmalleability, where non-malleability should be preserved against adversaries attempting to compute encryptions of related plaintexts under newly generated public keys. This new notion applies to systems where on-line certificate authorities are available and users can issue keys on-the-fly. it was originally motivated by the design of non-malleable commitments from public key encryption (i.e., extractable commitments), for which the usual flavor of non-malleability does not suffice. Completely non-malleable encryption schemes are known not to exist w.r.t. black-box simulation in the standard model (although constructions are possible in the random oracle model). One of the original motivations of Fischlin's work was to have non-malleable commitments without preconditions. At PKC'08, Ventre and Visconti investigated complete non malleability as a general notion suitable for protocol design, and departed from only considering it as a tool for commitment schemes without preconditions. Indeed, if one allows members of a community to generate public keys "on the fly", then considering the notion is justified: For example, if a bidder in an auction scheme can, in the middle of the auction process, register a public key which is malleable with respect to a scheme used in an already submitted bid, he may produce a slightly higher bid without even knowing the already submitted bid. Only when the latter is opened he may be able to open its bid. In this more general context, Ventre and Visconti showed that completely non malleable schemes do exist in the standard model; in fact in the shared random string model as well as in the interactive setting. Their non-interactive scheme is, however, inefficient as it relies on the generic NIZK approach. They left the existence of efficient schemes in the common reference string model open. In this work we describe the first efficient constructions that are completely non-malleable in this standard model.