Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
SIAM Journal on Computing
Improved Non-committing Encryption Schemes Based on a General Complexity Assumption
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
The random oracle methodology, revisited
Journal of the ACM (JACM)
FOCS '09 Proceedings of the 2009 50th Annual IEEE Symposium on Foundations of Computer Science
Bounded CCA2-secure encryption
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Black-box construction of a non-malleable encryption scheme from any semantically secure one
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Parallel decryption queries in bounded chosen ciphertext attacks
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Construction of a non-malleable encryption scheme from any semantically secure one
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
The cramer-shoup encryption scheme is plaintext aware in the standard model
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
| Hi-index | 0.00 |
We construct a Non-Malleable Chosen Ciphertext Attack NM-CCA1 encryption scheme from any encryption scheme that is also plaintext aware and weakly simulatable. We believe this is the first construction of a NM-CCA1 scheme that follows strictly from encryption schemes with seemingly weaker or incomparable security definitions to NM-CCA1.Previously, the statistical Plaintext Awareness #1 PA1 notion was only known to imply CCA1. Our result is therefore novel because unlike the case of Chosen Plaintext Attack CPA and Chosen Chiphertext Attack CCA2, it is unknown whether a CCA1 scheme can be transformed into an NM-CCA1 scheme. Additionally, we show both the Damgård Elgamal Scheme DEG [in: CRYPTO, J. Feigenbaum, ed., Lecture Notes in Computer Science, Vol. 576, Springer, 1991, pp. 445--456] and the Cramer--Shoup Lite Scheme CS-Lite [SIAM J. Comput. 331 2003, 167--226] are weakly simulatable under the DDH assumption. Since both are known to be statistical Plaintext Aware 1 PA1 under the Diffie--Hellman Knowledge DHK assumption, they instantiate our scheme securely.Furthermore, in response to a question posed by Matsuda and Matsuura [in: Public Key Cryptography, D. Catalano, N. Fazio, R. Gennaro and A. Nicolosi, eds, Lecture Notes in Computer Science, Vol. 6571, Springer, 2011, pp. 246--264], we define cNM-CCA1-security in which an NM-CCA1-adversary is permitted to ask a c≥1 number of parallel queries after receiving the challenge ciphertext. We extend our construction to yield a cNM-CCA1 scheme for any constant c. All of our constructions are black-box.