Cryptology ePrint Archive: Report 2004/221

Towards Plaintext-Aware Public-Key Encryption without Random Oracles

Mihir Bellare and Adriana Palacio

Abstract: We consider the problem of defining and achieving plaintext-aware encryption without random oracles in the classical public-key model. We provide definitions for a hierarchy of notions of increasing strength: PA0, PA1 and PA2, chosen so that PA1+IND-CPA => IND-CCA1 and PA2+IND-CPA => IND-CCA2. Towards achieving the new notions of plaintext awareness, we show that a scheme due to Damgard, denoted DEG, and the ``lite'' version of the Cramer-Shoup scheme, denoted CSL, are both PA0 under the KEA0 assumption of Damgard, and PA1 under an extension of this assumption called KEA1. As a result, DEG is the most efficient proven IND-CCA1 scheme known.

Category / Keywords: foundations / encryption, chosen-ciphertext attacks, plaintext awareness

Publication Info: An extended abstract of this paper appears in the proceedings of the Asiacrypt 2004 conference. This is the full version.

Date: received 1 Sep 2004, last revised 2 Sep 2004

Contact author: mihir at cs ucsd edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20040902:203209 (All versions of this report)

Short URL: ia.cr/2004/221

Discussion forum: Show discussion | Start new discussion