Non-interactive zero-knowledge and its applications
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
New Paradigms for Constructing Symmetric Encryption Schemes Secure against Chosen-Ciphertext Attack
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Proving Security Against Chosen Cyphertext Attacks
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Minimizing the use of random oracles in authenticated encryption schemes
ICICS '97 Proceedings of the First International Conference on Information and Communication Security
Tag-KEM/DEM: A New Framework for Hybrid Encryption
Journal of Cryptology
Chosen Ciphertext Security with Optimal Ciphertext Overhead
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Compact CCA-Secure Encryption for Messages of Arbitrary Length
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Practical Chosen Ciphertext Secure Encryption from Factoring
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
The Kurosawa--Desmedt key encapsulation is not chosen-ciphertext secure
Information Processing Letters
Secure hybrid encryption from weakened key encapsulation
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
About the security of ciphers (semantic security and pseudo-random permutations)
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
The cramer-shoup encryption scheme is plaintext aware in the standard model
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
PA1 and IND-CCA2 do not guarantee PA2: brief examples
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
| Hi-index | 0.00 |
We study plaintext awareness for hybrid encryptions. Based on a binary relation R, we define a new notion of PA2 (or R-PA2 for short) and a notion of IND-CCA2 (or R-IND-CCA2 for short) for key encapsulation mechanism (KEM). We define a relation RDEM from the description of data encryption mechanism (DEM). We prove two composition results, which holds with or without (public) random oracles.a. When KEM, with RDEM-PA2 and RDEM-IND-CCA2 security, composes with a one-time pseudorandom and unforgeable (OT-PUE) DEM, the resulting hybrid encryption is PA2 secure. OT-PUE is weak and even unnecessarily passively secure and can be realized by a one-time pad encryption followed by a pseudorandom function. b. If KEM is RDEM-IND-CCA and DEM is passively secure and unforgeable, the hybrid encryption (KEM, DEM) is IND-CCA2 secure. As an application, we show that DHIES, a public key encryption scheme by Abdalla et al. [1] and now in IEEE P1361a and ANSI X.963, is PA2 secure. As another application, we prove that a hash proof system based hybrid encryption is PA2. Consequently, this especially implies that the concrete Kurosawa-Desmedt hybrid encryption (CRYPTO04) is PA2.