STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Constructing Strong KEM from Weak KEM (or How to Revive the KEM/DEM Framework)
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On the Equivalence of Several Security Notions of KEM and DEM
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
A New Randomness Extraction Paradigm for Hybrid Encryption
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
The Kurosawa--Desmedt key encapsulation is not chosen-ciphertext secure
Information Processing Letters
Multi-recipient Public-Key Encryption from Simulators in Security Proofs
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Secure hybrid encryption from weakened key encapsulation
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Bounded CCA2-secure encryption
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Relations among notions of non-malleability for encryption
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
The twin Diffie-Hellman problem and applications
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Some (in)sufficient conditions for secure hybrid encryption
Information and Computation
A generic method for reducing ciphertext length of reproducible KEMs in the RO model
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Parallel decryption queries in bounded chosen ciphertext attacks
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
About the security of ciphers (semantic security and pseudo-random permutations)
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Tag-KEM/DEM: a new framework for hybrid encryption and a new analysis of kurosawa-desmedt KEM
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Simple and efficient public-key encryption from computational diffie-hellman in the standard model
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Plaintext-Awareness of hybrid encryption
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Detecting dangerous queries: a new approach for chosen ciphertext security
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
In CRYPTO 2007, Hofheinz and Kiltz formalized a security notion for key encapsulation mechanisms (KEMs), called constrained chosen ciphertext (CCCA) security, which is strictly weaker than ordinary chosen ciphertext (CCA) security, and showed a new composition paradigm for CCA secure hybrid encryption. Thus, CCCA security of a KEM turned out to be quite useful. However, since the notion is relatively new and its definition is slightly complicated, relations among CCCA security and other security notions have not been clarified well. In this paper, in order to better understand CCCA security and the construction of CCCA secure KEMs, we study relations between CCCA and bounded CCA security, where the latter notion considers security against adversaries that make a-priori bounded number of decapsulation queries, and is also strictly weaker than CCA security. Specifically, we show that in most cases there are separations between these notions, while there is some unexpected implication from (a slightly stronger version of) CCCA security to a weak form of 1-bounded CCA security. We also revisit the construction of a KEM from a hash proof system (HPS) with computational security properties, and show that the HPS-based KEM, which was previously shown CCCA secure, is actually 1-bounded CCA secure as well. This result, together with the above general implication, suggests that 1-bounded CCA security can be essentially seen as a ‘‘necessary" condition for a CCCA secure KEM.