Improved Non-committing Encryption Schemes Based on a General Complexity Assumption
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
The random oracle methodology, revisited
Journal of the ACM (JACM)
Black-Box Constructions of Two-Party Protocols from One-Way Functions
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
FOCS '09 Proceedings of the 2009 50th Annual IEEE Symposium on Foundations of Computer Science
Bounded CCA2-secure encryption
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Black-box construction of a non-malleable encryption scheme from any semantically secure one
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Black-Box, Round-Efficient Secure Computation via Non-malleability Amplification
FOCS '10 Proceedings of the 2010 IEEE 51st Annual Symposium on Foundations of Computer Science
Parallel decryption queries in bounded chosen ciphertext attacks
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Construction of a non-malleable encryption scheme from any semantically secure one
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
The cramer-shoup encryption scheme is plaintext aware in the standard model
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
| Hi-index | 0.00 |
We construct an NM−CCA1 encryption scheme from any CCA1 encryption scheme that is also plaintext aware and weakly simulatable. We believe this is the first construction of a NM−CCA1 scheme that follows strictly from encryption schemes with seemingly weaker or incomparable security definitions to NM−CCA1. Previously, the statistical PA1 notion of plaintext awareness was only known to imply CCA1. Our result is therefore novel because unlike the case of CPA and CCA2, it is unknown whether a CCA1 scheme can be transformed into an NM-CCA1 scheme. Additionally, we show both the Damgård Elgamal Scheme (DEG) [Dam91] and the Cramer-Shoup Lite Scheme (CS-Lite) [CS03] are weakly simulatable under the DDH assumption. Since both are known to be statistical PA1 under the Diffie-Hellman Knowledge (DHK) assumption, they instantiate our scheme securely. Next, in a partial response to a question posed by Matsuda and Matsuura [MM11], we define an extended version of the NM−CCA1, cNM−CCA1, in which the security definition is modified so that the adversary is permuted to ask a c≥1 number of parallel queries after receiving the challenge ciphertext. We extend our construction to yield a cNM−CCA1 scheme for any constant c. All of our constructions are black-box.