Relations Among Notions of Security for Public-Key Encryption Schemes
نویسندگان
چکیده
We compare the relative strengths of popular notions of security for public-key encryption schemes. We consider the goals of privacy and non-malleability, each under chosen-plaintext attack and two kinds of chosen-ciphertext attack. For each of the resulting pairs of definitions we prove either an implication (every scheme meeting one notion must meet the other) or a separation (there is a scheme meeting one notion but not the other, assuming the first notion can be met at all). We similarly treat plaintext awareness, a notion of security in the randomoracle model. An additional contribution of this paper is a new definition of non-malleability which we believe is simpler than the previous one.
منابع مشابه
Related Message Attacks to Public Key Encryption Schemes: Relations among Security Notions
Consider a scenario in which an adversary, attacking a certain public key encryption scheme, gains knowledge of several ciphertexts which underlying plaintext are meaningfully related with a given target ciphertext. This kind of related message attack has been proved successful against several public key encryption schemes; widely known is the Franklin-Reiter attack to RSA with low exponent and...
متن کاملNon-Malleability vs. CCA-Security: The Case of Commitments
In this work, we settle the relations among a variety of security notions related to non-malleability and CCA-security that have been proposed for commitment schemes in the literature. Interestingly, all our separations follow from two generic transformations. Given two appropriate security notions X and Y from the class of security notions we compare, these transformations take a commitment sc...
متن کاملRelations Among Notions of Plaintext Awareness
We introduce a new simplified notion of plaintext awareness, which we term PA2I, and show that this is equivalent to the standard definition of PA2 plaintext awareness for encryption schemes that satisfy certain weak security and randomness requirements. We also show that PA2 plaintext awareness is equivalent to PA2+ plaintext awareness under similar security and randomness requirements. This p...
متن کاملOn Modeling IND-CCA Security in Cryptographic Protocols
Two common notions of security for public key encryption schemes are shown to be equivalent: we prove that indistinguishability against chosen-ciphertext attacks (IND-CCA) is in fact polynomially equivalent to (yet “slightly” weaker than) securely realizing the ideal functionality FPKE in the general modeling of cryptographic protocols of [Can01a]. This disproves in particular the claim that se...
متن کاملParallel Decryption Queries in Bounded Chosen Ciphertext Attacks
Whether it is possible to construct a chosen ciphertext secure (CCA secure) public key encryption (PKE) scheme only from a chosen plaintext secure (CPA secure) one is a fundamental open problem, and the best known positive results regarding this problem are the constructions of so-called bounded CCA secure schemes. Since we can achieve the best possible security in the bounded CCA security noti...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1998