The Cramer-Shoup Encryption Scheme Is Plaintext Aware in the Standard Model
نویسنده
چکیده
In this paper we examine the notion of plaintext awareness as it applies to hybrid encryption schemes. We apply this theory to the Cramer-Shoup hybrid scheme acting on fixed length messages and deduce that the Cramer-Shoup scheme is plaintext-aware in the standard model. This answers a previously open conjecture of Bellare and Palacio on the existence of fully plaintext-aware encryption schemes.
منابع مشابه
Cramer-Shoup is Plaintext-Aware in the Standard Model
In this paper we examine the security criteria for a KEM and a DEM that are sufficient for the overall hybrid encryption scheme to be plaintext-aware in the standard model. We apply this theory to the Cramer-Shoup hybrid scheme acting on fixed length messages and deduce that the Cramer-Shoup scheme is plaintext-aware in the standard model. This answers a previously open conjecture of Bellare an...
متن کاملA Black-Box Construction of a CCA2 Encryption Scheme from a Plaintext Aware (sPA1) Encryption Scheme
We present a construction of a CCA2-secure encryption scheme from a plaintext aware, weakly simulatable public key encryption scheme. The notion of plaintext aware, weakly simulatable public key encryption has been considered previously by Myers, Sergi and shelat (SCN, 2012) and natural encryption schemes such as the Damg̊ard Elgamal Scheme (Damg̊ard, Crypto, 1991) and the Cramer-Shoup Lite Schem...
متن کاملTowards Plaintext-Aware Public-Key Encryption Without Random Oracles
We consider the problem of defining and achieving plaintextaware encryption without random oracles in the classical public-key model. We provide definitions for a hierarchy of notions of increasing strength: PA0, PA1 and PA2, chosen so that PA1+IND-CPA → INDCCA1 and PA2+IND-CPA → IND-CCA2. Towards achieving the new notions of plaintext awareness, we show that a scheme due to Damg̊ard [12], denot...
متن کاملOn Ciphertext Undetectability
We propose a novel security notion for public-key encryption schemes – ciphertext undetectability. Informally, an encryption scheme has the property of ciphertext undetectability, if the attacker is unable to distinguish between valid and invalid ciphertexts. We compare this notion with the established ones, such as indistinguishability of ciphertexts and plaintext awareness. We analyze the pos...
متن کاملA Public Key Encryption Scheme Secure against Key Dependent Chosen Plaintext and Adaptive Chosen Ciphertext Attacks
Recently, at Crypto 2008, Boneh, Halevi, Hamburg, and Ostrovsky (BHHO) solved the longstanding open problem of “circular encryption,” by presenting a public key encryption scheme and proving that it is semantically secure against key dependent chosen plaintext attack (KDMCPA security) under standard assumptions (and without resorting to random oracles). However, they left as an open problem tha...
متن کامل