One-way functions are necessary and sufficient for secure signatures
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
Another method for attaining security against adaptively chosen ciphertext attacks
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
CRYPTREC Project - Cryptographic Evaluation Project for the Japanese Electronic Government
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
Direct chosen ciphertext security from identity-based techniques
Proceedings of the 12th ACM conference on Computer and communications security
Tag-KEM/DEM: A New Framework for Hybrid Encryption
Journal of Cryptology
Generic Constructions of Identity-Based and Certificateless KEMs
Journal of Cryptology
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Chosen Ciphertext Security with Optimal Ciphertext Overhead
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Chosen-ciphertext secure key-encapsulation based on gap hashed Diffie-Hellman
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Adaptively secure non-interactive threshold cryptosystems
ICALP'11 Proceedings of the 38th international conference on Automata, languages and programming - Volume Part II
Identity-based server-aided decryption
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
Chosen ciphertext secure public key threshold encryption without random oracles
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Improved efficiency for CCA-secure cryptosystems built using identity-based encryption
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Direct chosen-ciphertext secure identity-based key encapsulation without random oracles
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
Chosen-Ciphertext security from tag-based encryption
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Publicly verifiable ciphertexts
Journal of Computer Security - Advances in Security for Communication Networks
Hi-index | 0.00 |
In many applications where encrypted traffic flows from an open (public) domain to a protected (private) domain there exists a gateway that bridges the two domains and faithfully forwards the incoming traffic to the receiver. We observe that indistinguishability against (adaptive) chosen-ciphertext attacks (IND-CCA), which is a mandatory goal in face of active attacks in a public domain, can be essentially relaxed to indistinguishability against chosen-plaintext attacks (IND-CPA) for ciphertexts once they pass the gateway that acts as an IND-CCA/CPA filter, by first checking the validity of an incoming IND-CCA ciphertext, then transforming it (if valid) into an IND-CPA ciphertext, and finally forwarding the latter to the recipient in the private domain. "Non-trivial filtering" can result in reduced decryption costs on the receiver's side. We identify a class of encryption schemes with publicly verifiable ciphertexts that admit generic constructions of (non-trivial) IND-CCA/ CPA filters. These schemes are characterized by existence of public algorithms that can distinguish between valid and invalid ciphertexts. To this end, we formally define (non-trivial) public verifiability of ciphertexts for general encryption schemes, key encapsulation mechanisms, and hybrid encryption schemes, encompassing public-key, identity-based, and tag-based encryption flavors. We further analyze the security impact of public verifiability and discuss generic transformations and concrete constructions that enjoy this property.