eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2005/261

The Cramer-Shoup Encryption Scheme is Plaintext Aware in the Standard Model

Alexander W. Dent

Abstract

In this paper we examine the security criteria for a KEM and a DEM that are su±cient for the overall hybrid encryption scheme to be plaintext-aware in the standard model. We apply this theory to the Cramer-Shoup hybrid scheme acting on ¯xed length messages and deduce that the Cramer-Shoup scheme is plaintext-aware in the standard model. This answers a previously open conjecture of Bellare and Palacio on the existence of plaintext-aware encryption schemes.

Note: The original version of this paper contained an subtle, but substantial error in the proof of the theorem that PA1 + Simulability => PA2. This theorem has been withdrawn. The main result, that Cramer-Shoup is PA2, is now proven using a slight variation of the original technique. My apologies to anyone inconvenienced by the error.

Metadata
Available format(s)
PDF PS
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
provable securityplaintext-awareness
Contact author(s)
a dent @ rhul ac uk
History
2006-04-21: last of 3 revisions
2005-08-11: received
See all versions
Short URL
https://ia.cr/2005/261
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2005/261,
      author = {Alexander W.  Dent},
      title = {The Cramer-Shoup Encryption Scheme is Plaintext Aware in the Standard Model},
      howpublished = {Cryptology ePrint Archive, Paper 2005/261},
      year = {2005},
      note = {\url{https://eprint.iacr.org/2005/261}},
      url = {https://eprint.iacr.org/2005/261}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.