Paper 2016/235

Trading Plaintext-Awareness for Simulatability to Achieve Chosen Ciphertext Security

Takahiro Matsuda and Goichiro Hanaoka

Abstract

In PKC 2014, Dachman-Soled showed a construction of a chosen ciphertext (CCA) secure public key encryption (PKE) scheme based on a PKE scheme which simultaneously satisfies a security property called weak simulatability and (standard model) plaintext awareness (sPA1) in the presence of multiple public keys. It is not well-known if plaintext awareness for the multiple keys setting is equivalent to the more familiar notion of that in the single key setting, and it is typically considered that plaintext awareness is a strong security assumption (because to achieve it we have to rely on a "knowledge"-type assumption). In Dachman-Soled's construction, the underlying PKE scheme needs to be plaintext aware in the presence of $2k+2$ public keys. The main result in this work is to show that the strength of plaintext awareness required in the Dachman-Soled construction can be somehow "traded" with the strength of a "simulatability" property of other building blocks. Furthermore, we also show that we can "separate" the assumption that a single PKE scheme needs to be both weakly simulatable and plaintext aware in her construction. Specifically, in this paper we show two new constructions of CCA secure key encapsulation mechanisms (KEMs): Our first scheme is based on a KEM which is chosen plaintext (CPA) secure and plaintext aware only under the $2$ keys setting, and a PKE scheme satisfying a "slightly stronger" simulatability than weak simulatability, called \emph{trapdoor simulatability} (introduced by Choi et al. ASIACRYPT 2009). Our second scheme is based on a KEM which is $1$-bounded CCA secure (Cramer et al. ASIACRYPT 2007) and plaintext aware only in the \emph{single} key setting, and a trapdoor simulatable PKE scheme. Our results add new recipes for constructing CCA secure PKE/KEM from general assumptions (that are incomparable to those used by Dachman-Soled), and in particular show interesting trade-offs among building blocks with those used in Dachman-Soled's construction.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in PKC 2016
Keywords
public key encryptionkey encapsulation mechanismchosen ciphertext securityplaintext-awarenesstrapdoor simulatability
Contact author(s)
t-matsuda @ aist go jp
History
2016-03-03: received
Short URL
https://ia.cr/2016/235
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/235,
      author = {Takahiro Matsuda and Goichiro Hanaoka},
      title = {Trading Plaintext-Awareness for Simulatability to Achieve Chosen Ciphertext Security},
      howpublished = {Cryptology ePrint Archive, Paper 2016/235},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/235}},
      url = {https://eprint.iacr.org/2016/235}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.