On families of hash functions via geometric codes and concatenation
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Universal hashing and authentication codes
Designs, Codes and Cryptography
Cryptography: Theory and Practice,Second Edition
Cryptography: Theory and Practice,Second Edition
SIAM Journal on Computing
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Characterization of Security Notions for Probabilistic Private-Key Encryption
Journal of Cryptology
ICITS '08 Proceedings of the 3rd international conference on Information Theoretic Security
Relations among notions of non-malleability for encryption
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
ICITS'11 Proceedings of the 5th international conference on Information theoretic security
Unconditionally secure chaffing-and-winnowing: a relationship between encryption and authentication
AAECC'06 Proceedings of the 16th international conference on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
Construction of a non-malleable encryption scheme from any semantically secure one
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
ICITS'11 Proceedings of the 5th international conference on Information theoretic security
Hi-index | 0.00 |
Roughly speaking, an encryption scheme is said to be nonmalleable, if no adversary can modify a ciphertext so that the resulting message is meaningfully related to the original message. We compare this notion of security to secrecy and authenticity, and provide a complete characterization of their relative strengths. In particular, we show that information-theoretic perfect non-malleability is equivalent to perfect secrecy of two different messages. This implies that for n-bit messages a shared secret key of length roughly 2n is necessary to achieve non-malleability, which meets the previously known upper bound. We define approximate non-malleability by relaxing the security conditions and only requiring non-malleability to hold with high probability (over the choice of secret key), and show that any authentication scheme implies approximate non-malleability. Since authentication is possible with a shared secret key of length roughly log n, the same applies to approximate non-malleability.