Paper 2023/477
Separations among formulations of non-malleable encryption under valid ciphertext condition
Abstract
Non-malleability is one of the basic security goals for encryption schemes which ensures the resistance of the scheme against ciphertext modifications in the sense that any adversary, given a ciphertext of a plaintext, cannot generate another ciphertext whose underlying plaintext is meaningfully related to the initial one. There are multiple formulations of non-malleable encryption schemes, depending on whether they are based on simulation or comparison, or whether they impose valid ciphertext condition, in which an adversary is required to generate only valid ciphertexts, or not. In addition to the simulation-based and comparison-based formulations (SNM and CNM), non-malleability has an indistinguishability-based characterization called ciphertext indistinguishability (IND) against parallel chosen-ciphertext attacks. These three formulations, SNM, CNM and IND, have been shown to be equivalent if the valid ciphertext condition is not imposed; however, if that condition is imposed, then the equivalence among them has been shown only against the strongest type of attack models, and the relations among them against the weaker types of the attack models remain open. This work answers this open question by showing the separations SNM*$\not\rightarrow$CNM* and IND*$\not\rightarrow$SNM* against the weaker types of the attack models, where the asterisk attached to the short-hand notations represents that the valid ciphertext condition is imposed. Moreover, motivated by the proof of the latter separation, this paper introduces simulation-based and comparison-based formulations of semantic security (SSS* and CSS*) against parallel chosen-ciphertext attacks, and shows the equivalences SSS*$\leftrightarrow$SNM* and CSS*$\leftrightarrow$CNM* against all types of the attack models. It thus follows that IND*$\not\rightarrow$SSS*, that is, semantic security and ciphertext indistinguishability, which have been shown to be equivalent in various settings, separate against the weaker parallel chosen-ciphertext attacks under the valid ciphertext condition.
Metadata
- Available format(s)
- Category
- Foundations
- Publication info
- Preprint.
- Keywords
- Public key encryptionNon-malleabilityRelation among security notions
- Contact author(s)
- yodai @ u-aizu ac jp
- History
- 2023-06-01: revised
- 2023-04-02: received
- See all versions
- Short URL
- https://ia.cr/2023/477
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/477, author = {Yodai Watanabe}, title = {Separations among formulations of non-malleable encryption under valid ciphertext condition}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/477}, year = {2023}, url = {https://eprint.iacr.org/2023/477} }