**A New Security Definition for Public Key Encryption Schemes and Its Applications**

*Guomin Yang and Duncan S. Wong and Qiong Huang and Xiaotie Deng*

**Abstract: **The strongest security definition for public key encryption (PKE)
schemes is indistinguishability against adaptive chosen ciphertext
attacks (IND-CCA). A practical IND-CCA secure PKE scheme in the
standard model is well-known to be difficult to construct given
the fact that there are only a few such kind of PKE schemes
available. From another perspective, we observe that for a large
class of PKE-based applications, although IND-CCA security is
sufficient, it is not a necessary requirement. Examples are Key
Encapsulation Mechanism (KEM), MT-authenticator, providing
pseudorandomness with a-priori information, and so on. This
observation leads us to propose a slightly weaker version of
IND-CCA, which requires ciphertexts of two randomly
selected messages are indistinguishable under chosen ciphertext
attacks. Under this new security notion, we show that highly
efficient schemes proven secure in the standard model can be built
in a straightforward way. We also demonstrate that such a security
definition is already sufficient for the applications above.

**Category / Keywords: **public-key cryptography / Public Key Encryption, Adaptive Chosen Ciphertext Attacks, Standard Model

**Date: **received 14 Aug 2007

**Contact author: **csyanggm at cs cityu edu hk

**Available format(s): **PDF | BibTeX Citation

**Version: **20070816:122015 (All versions of this report)

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]