Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
SIAM Journal on Computing
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Toward a theory of steganography
Toward a theory of steganography
Public-key steganography with active attacks
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Upper and lower bounds on black-box steganography
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
On the limits of steganography
IEEE Journal on Selected Areas in Communications
Practical Insecurity for Effective Steganalysis
Information Hiding
TAMC'11 Proceedings of the 8th annual conference on Theory and applications of models of computation
Provably secure steganography with imperfect sampling
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Theoretical Computer Science
Hi-index | 0.00 |
At TCC 2005, Backes and Cachin proposed a new and very strong notion of security for public key steganography: secrecy against adaptive chosen covertext attack (SS-CCA); and posed the question of whether SS-CCA security was achievable for any covertext channel. We resolve this question in the affirmative: SS-CCA security is possible for any channel that admits a secure stegosystem against the standard and weaker “chosen hiddentext attack” in the standard model of computation. Our construction requires a public-key encryption scheme with ciphertexts that remain indistinguishable from random bits under adaptive chosen-ciphertext attack. We show that a scheme with this property can be constructed under the Decisional Diffie-Hellman assumption. This encryption scheme, which modifies a scheme proposed by Kurosawa and Desmedt, also resolves an open question posed by von Ahn and Hopper at Eurocrypt 2004.