Paper 2004/221

Towards Plaintext-Aware Public-Key Encryption without Random Oracles

Mihir Bellare and Adriana Palacio

Abstract

We consider the problem of defining and achieving plaintext-aware encryption without random oracles in the classical public-key model. We provide definitions for a hierarchy of notions of increasing strength: PA0, PA1 and PA2, chosen so that PA1+IND-CPA => IND-CCA1 and PA2+IND-CPA => IND-CCA2. Towards achieving the new notions of plaintext awareness, we show that a scheme due to Damgard, denoted DEG, and the ``lite'' version of the Cramer-Shoup scheme, denoted CSL, are both PA0 under the KEA0 assumption of Damgard, and PA1 under an extension of this assumption called KEA1. As a result, DEG is the most efficient proven IND-CCA1 scheme known.

Metadata
Available format(s)
PDF PS
Category
Foundations
Publication info
Published elsewhere. An extended abstract of this paper appears in the proceedings of the Asiacrypt 2004 conference. This is the full version.
Keywords
encryptionchosen-ciphertext attacksplaintext awareness
Contact author(s)
mihir @ cs ucsd edu
History
2004-09-02: revised
2004-09-02: received
See all versions
Short URL
https://ia.cr/2004/221
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2004/221,
      author = {Mihir Bellare and Adriana Palacio},
      title = {Towards Plaintext-Aware Public-Key Encryption without Random Oracles},
      howpublished = {Cryptology {ePrint} Archive, Paper 2004/221},
      year = {2004},
      url = {https://eprint.iacr.org/2004/221}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.