Cryptology ePrint Archive: Report 2007/319

A New Security Definition for Public Key Encryption Schemes and Its Applications

Guomin Yang and Duncan S. Wong and Qiong Huang and Xiaotie Deng

Abstract: The strongest security definition for public key encryption (PKE) schemes is indistinguishability against adaptive chosen ciphertext attacks (IND-CCA). A practical IND-CCA secure PKE scheme in the standard model is well-known to be difficult to construct given the fact that there are only a few such kind of PKE schemes available. From another perspective, we observe that for a large class of PKE-based applications, although IND-CCA security is sufficient, it is not a necessary requirement. Examples are Key Encapsulation Mechanism (KEM), MT-authenticator, providing pseudorandomness with a-priori information, and so on. This observation leads us to propose a slightly weaker version of IND-CCA, which requires ciphertexts of two randomly selected messages are indistinguishable under chosen ciphertext attacks. Under this new security notion, we show that highly efficient schemes proven secure in the standard model can be built in a straightforward way. We also demonstrate that such a security definition is already sufficient for the applications above.

Category / Keywords: public-key cryptography / Public Key Encryption, Adaptive Chosen Ciphertext Attacks, Standard Model

Date: received 14 Aug 2007

Contact author: csyanggm at cs cityu edu hk

Available formats: PDF | BibTeX Citation

Version: 20070816:122015 (All versions of this report)

Discussion forum: Show discussion | Start new discussion