Paper 2012/543

Enhanced Chosen-Ciphertext Security and Applications

Dana Dachman-Soled, Georg Fuchsbauer, Payman Mohassel, and Adam O'Neill


We introduce and study a new notion of \emph{enhanced chosen-ciphertext security} (ECCA) for public-key encryption. Loosely speaking, in the ECCA security experiment, the decryption oracle provided to the adversary is augmented to return not only the output of the decryption algorithm on a queried ciphertext but also of a \emph{randomness recovery} algorithm associated to the scheme. Our results mainly concern the case where the randomness recovery algorithm is efficient. We provide constructions of ECCA-secure encryption from adaptive trapdoor functions as defined by Kiltz \emph{et al.}~(EUROCRYPT 2010), resulting in ECCA encryption from standard number-theoretic assumptions. We then give two applications of ECCA-secure encryption: (1) We use it as a unifying concept in showing equivalence of adaptive trapdoor functions and tag-based adaptive trapdoor functions, resolving an open question of Kiltz \emph{et al}.~(2) We show that ECCA-secure encryption can be used to securely realize an approach to public-key encryption with non-interactive opening (PKENO) originally suggested by Damgård and Thorbek (EUROCRYPT 2007), resulting in new and practical PKENO schemes quite different from those in prior work. Our results demonstrate that ECCA security is of both practical and theoretical interest.

Available format(s)
Public-key cryptography
Publication info
A major revision of an IACR publication in PKC 2014
Contact author(s)
adam @ cs georgetown edu
2014-04-08: revised
2012-09-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Dana Dachman-Soled and Georg Fuchsbauer and Payman Mohassel and Adam O'Neill},
      title = {Enhanced Chosen-Ciphertext Security and Applications},
      howpublished = {Cryptology ePrint Archive, Paper 2012/543},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.