Paper 2023/477

Separations among formulations of non-malleable encryption under valid ciphertext condition

Yodai Watanabe, University of Aizu
Abstract

Non-malleability is one of the basic security goals for encryption schemes which ensures the resistance of the scheme against ciphertext modifications in the sense that any adversary, given a ciphertext of a plaintext, cannot generate another ciphertext whose underlying plaintext is meaningfully related to the initial one. There are multiple formulations of non-malleable encryption schemes, depending on whether they are based on simulation or comparison, or whether they impose valid ciphertext condition, in which an adversary is required to generate only valid ciphertexts, or not. In addition to the simulation-based and comparison-based formulations (SNM and CNM), non-malleability has an indistinguishability-based characterization called ciphertext indistinguishability (IND) against parallel chosen-ciphertext attacks. These three formulations, SNM, CNM and IND, have been shown to be equivalent if the valid ciphertext condition is not imposed; however, if that condition is imposed, then the equivalence among them has been shown only against the strongest type of attack models, and the relations among them against the weaker types of the attack models remain open. This work answers this open question by showing the separations SNM*$\not\rightarrow$CNM* and IND*$\not\rightarrow$SNM* against the weaker types of the attack models, where the asterisk attached to the short-hand notations represents that the valid ciphertext condition is imposed. Moreover, motivated by the proof of the latter separation, this paper introduces simulation-based and comparison-based formulations of semantic security (SSS* and CSS*) against parallel chosen-ciphertext attacks, and shows the equivalences SSS*$\leftrightarrow$SNM* and CSS*$\leftrightarrow$CNM* against all types of the attack models. It thus follows that IND*$\not\rightarrow$SSS*, that is, semantic security and ciphertext indistinguishability, which have been shown to be equivalent in various settings, separate against the weaker parallel chosen-ciphertext attacks under the valid ciphertext condition.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint.
Keywords
Public key encryptionNon-malleabilityRelation among security notions
Contact author(s)
yodai @ u-aizu ac jp
History
2023-06-01: revised
2023-04-02: received
See all versions
Short URL
https://ia.cr/2023/477
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/477,
      author = {Yodai Watanabe},
      title = {Separations among formulations of non-malleable encryption under valid ciphertext condition},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/477},
      year = {2023},
      url = {https://eprint.iacr.org/2023/477}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.