The above definition extends the definition of semantic security under chosen ciphertext attacks (CCAs), which is also formulated in this work. The extension is in considering the security of multiple plaintexts rather than the security of a single plaintext. We prove that both these formulations are equivalent to the standard formulation of CCA, which refers to indistinguishability of encryptions. The good news is that any encryption scheme that is secure in the standard CCA sense is in fact secure in the extended model.
The treatment holds both for public-key and private-key encryption schemes.
Category / Keywords: foundations / Security of Encryption Schemes, Chosen Ciphertext Attacks Date: received 4 Jul 2002 Contact author: oded at wisdom weizmann ac il Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation Note: Preliminary version: February 2002. Version: 20020704:204402 (All versions of this report) Short URL: ia.cr/2002/089 Discussion forum: Show discussion | Start new discussion