Paper 2014/609

Public-Key Encryption Indistinguishable Under Plaintext-Checkable Attacks

Michel Abdalla, Fabrice Benhamouda, and David Pointcheval


Indistinguishability under chosen-ciphertext attack (INDCCA) is now considered the de facto security notion for public-key encryption. However, this sometimes offers a stronger security guarantee than what is needed. In this paper, we consider a weaker security notion, termed indistinguishability under plaintext-checking attacks (INDPCA), in which the adversary has only access to an oracle indicating whether or not a given ciphertext encrypts a given message. After formalizing this notion, we design a new public-key encryption scheme satisfying it. The new scheme is a variant of the Cramer-Shoup encryption scheme with shorter ciphertexts. Its security is also based on the plain Decisional Diffie-Hellman (DDH) assumption. Additionally, the algebraic properties of the new scheme allow proving plaintext knowledge using Groth-Sahai non-interactive zero-knowledge proofs or smooth projective hash functions. Finally, as a concrete application, we show that, for many password-based authenticated key exchange (PAKE) schemes in the Bellare-Pointcheval-Rogaway security model, we can safely replace the underlying INDCCA encryption schemes with our new INDPCA one. By doing so, we reduce the overall communication complexity of these protocols and obtain the most efficient PAKE schemes to date based on plain DDH.

Note: version 2018-07-02: this version repairs a mistake in the GLPAKE, thanks to a remark from Yu Yu: the two-flow variants require the use of two IND-PCA encryption schemes instead of one IND-CPA and one IND-PCA; version 2015-01-16: new title, published in PKC 2015; version 2014-08-15: added missing references

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in PKC 2015
Authenticated Key ExchangeEncryption SchemePlaintext-Checking AttackIND-PCA
Contact author(s)
fabrice ben hamouda @ ens fr
2018-07-02: last of 5 revisions
2014-08-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Michel Abdalla and Fabrice Benhamouda and David Pointcheval},
      title = {Public-Key Encryption Indistinguishable Under Plaintext-Checkable Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2014/609},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.