PA1 and IND-CCA2 do not guarantee PA2: brief examples

Authors:
Yamin Liu;Bao Li;Xianhui Lu;Yazhe Zhang
Affiliations:
State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, China;State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, China;State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, China;State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing, China
Venue:
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Year:
2010

Citing 14
Cited 0

New Paradigms for Constructing Symmetric Encryption Schemes Secure against Chosen-Ciphertext Attack

CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack

SIAM Journal on Computing
Deniable authentication and key exchange

Proceedings of the 13th ACM conference on Computer and communications security
Plaintext Simulatability*The earlier versions of this manuscript were presented at SCIS'04 [12] and at the IACR Cryptology ePrint Archive [13].

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Cramer-Shoup Satisfies a Stronger Plaintext Awareness under a Weaker Assumption

SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
A CCA Secure Hybrid Damgård's ElGamal Encryption

ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Relations among notions of plaintext awareness

PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Relationship between standard model plaintext awareness and message hiding

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
About the security of ciphers (semantic security and pseudo-random permutations)

SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
The cramer-shoup encryption scheme is plaintext aware in the standard model

EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Plaintext-Awareness of hybrid encryption

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

We give several examples to show that PA1 and IND-CCA2 together do not guarantee PA2 in the absence of random oracles, for both statistical and computational PA. In the statistical case, we use the Desmedt-Phan hybrid encryption scheme as the first example. If the DEM of the Desmedt-Phan hybrid encryption is an IND-CCA2 symmetric encryption without MAC, then the Desmedt-Phan hybrid is IND-CCA2 and statistical PA1 but not statistical PA2. Extend the result to the Cramer-Shoup hybrid encryption scheme, we find that even statistical PA1+ and IND-CCA2 together could not reach statistical PA2. In the computational case, we give an artificial example to show that neither statistical nor computational PA1 together with IND-CCA2 could guarantee computational PA2.