Cramer-Shoup is Plaintext-Aware in the Standard Model
نویسنده
چکیده
In this paper we examine the security criteria for a KEM and a DEM that are sufficient for the overall hybrid encryption scheme to be plaintext-aware in the standard model. We apply this theory to the Cramer-Shoup hybrid scheme acting on fixed length messages and deduce that the Cramer-Shoup scheme is plaintext-aware in the standard model. This answers a previously open conjecture of Bellare and Palacio on the existence of plaintext-aware encryption schemes.
منابع مشابه
The Cramer-Shoup Encryption Scheme Is Plaintext Aware in the Standard Model
In this paper we examine the notion of plaintext awareness as it applies to hybrid encryption schemes. We apply this theory to the Cramer-Shoup hybrid scheme acting on fixed length messages and deduce that the Cramer-Shoup scheme is plaintext-aware in the standard model. This answers a previously open conjecture of Bellare and Palacio on the existence of fully plaintext-aware encryption schemes.
متن کاملA Black-Box Construction of a CCA2 Encryption Scheme from a Plaintext Aware (sPA1) Encryption Scheme
We present a construction of a CCA2-secure encryption scheme from a plaintext aware, weakly simulatable public key encryption scheme. The notion of plaintext aware, weakly simulatable public key encryption has been considered previously by Myers, Sergi and shelat (SCN, 2012) and natural encryption schemes such as the Damg̊ard Elgamal Scheme (Damg̊ard, Crypto, 1991) and the Cramer-Shoup Lite Schem...
متن کاملTowards Plaintext-Aware Public-Key Encryption Without Random Oracles
We consider the problem of defining and achieving plaintextaware encryption without random oracles in the classical public-key model. We provide definitions for a hierarchy of notions of increasing strength: PA0, PA1 and PA2, chosen so that PA1+IND-CPA → INDCCA1 and PA2+IND-CPA → IND-CCA2. Towards achieving the new notions of plaintext awareness, we show that a scheme due to Damg̊ard [12], denot...
متن کاملElGamal and Cramer - Shoup Variants with Anonymity Using Different Groups ( Extended
In this paper, we have proposed new variants of the El-Gamal and the Cramer-Shoup encryption schemes. In our schemes, the anonymity property holds even if each user chooses an arbitrary prime q where |q| = k and p = 2q + 1 is also prime. More precisely, our El-Gamal variants provide anonymity against the chosen-plaintext attack, and our Cramer-Shoup variants provide anonymity against the adapti...
متن کاملOn Ciphertext Undetectability
We propose a novel security notion for public-key encryption schemes – ciphertext undetectability. Informally, an encryption scheme has the property of ciphertext undetectability, if the attacker is unable to distinguish between valid and invalid ciphertexts. We compare this notion with the established ones, such as indistinguishability of ciphertexts and plaintext awareness. We analyze the pos...
متن کامل