Relations among Notions of Complete Non-malleability: Indistinguishability Characterisation and Efficient Construction without Random Oracles
نویسندگان
چکیده
We study relations among various notions of complete nonmalleability, where an adversary can tamper with both ciphertexts and public-keys, and ciphertext indistinguishability. We follow the pattern of relations previously established for standard non-malleability. To this end, we propose a more convenient and conceptually simpler indistinguishability-based security model to analyse completely non-malleable schemes. Our model is based on strong decryption oracles, which provide decryptions under arbitrarily chosen public keys. We give the first precise definition of a strong decryption oracle, pointing out the subtleties in different approaches that can be taken. We construct the first efficient scheme, which is fully secure against strong chosen-ciphertext attacks, and therefore completely non-malleable, without random oracles.
منابع مشابه
Non-malleability Under Selective Opening Attacks: Implication and Separation
We formalize the security notions of non-malleability under selective opening attacks (NM-SO security) in two approaches: the indistinguishability-based approach and the simulationbased approach. We explore the relations between NM-SO security notions and the known selective opening security notions, and the relations between NM-SO security notions and the standard non-malleability notions.
متن کاملTowards Plaintext-Aware Public-Key Encryption Without Random Oracles
We consider the problem of defining and achieving plaintextaware encryption without random oracles in the classical public-key model. We provide definitions for a hierarchy of notions of increasing strength: PA0, PA1 and PA2, chosen so that PA1+IND-CPA → INDCCA1 and PA2+IND-CPA → IND-CCA2. Towards achieving the new notions of plaintext awareness, we show that a scheme due to Damg̊ard [12], denot...
متن کاملFoundations of Non-malleable Hash and One-Way Functions
Non-malleability is an interesting and useful property which ensures that a cryptographic protocol preserves the independence of the underlying values: given for example an encryption E(m) of some unknown message m, it should be hard to transform this ciphertext into some encryption E(m∗) of a related message m∗. This notion has been studied extensively for primitives like encryption, commitmen...
متن کاملRelations Among Notions of Non-malleability for Encryption
Since its introduction in the early 90’s, the notion of nonmalleability for encryption schemes has been formalized using a number of conceptually different definitional approaches—most notably, the “pragmatic” indistinguishability-based approach and the “semantical” simulation-based approach. We provide a full characterization of these approaches and consider their robustness under composition.
متن کاملFormal Indistinguishability Extended to the Random Oracle Model
Several generic constructions for transforming one-way functions to asymmetric encryption schemes have been proposed. One-way functions only guarantee the weak secrecy of their arguments. That is, given the image by a one-way function of a random value, an adversary has only negligible probability to compute this random value. Encryption schemes must guarantee a stronger secrecy notion. They mu...
متن کامل