Cryptology ePrint Archive: Report 2009/418
Subtleties in the Definition of IND-CCA: When and How Should Challenge-Decryption be Disallowed?
Mihir Bellare and Dennis Hofheinz and Eike Kiltz
Abstract: The definition of IND-CCA disallows an adversary from querying the
challenge ciphertext to its decryption oracle. We point out that there are several ways to formalize this. We show that, surprisingly, for
public-key encryption the resulting notions are not all equivalent.
We then consider the same question for key-encapsulation mechanisms
(KEMs) and show that in this case the four notions ARE all
equivalent. Our discoveries are another manifestation of the
subtleties that make the study of cryptography so attractive and are
important towards achieving the definitional clarity and unity
required for firm foundations.
Category / Keywords: foundations / Definitions, foundations, encryption, chosen-ciphertext attack
Date: received 27 Aug 2009
Contact author: mihir at cs ucsd edu
Available format(s): PDF | BibTeX Citation
Version: 20090901:065518 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]