Amplification of Chosen-Ciphertext Security
نویسندگان
چکیده
Understanding the minimal assumptions from which we can build a publickey encryption scheme secure against chosen-ciphertext attacks (a CCA-secure scheme, for short) is a central question in both practical and theoretical cryptography. Following the large body of work on hardness and correctness amplification, we ask the question of how far we can weaken a CCA-secure encryption scheme so that an efficient construction of a fully CCA-secure scheme from it can still be given. We consider a weak CCA-secure encryption scheme that has decryption error (1 − α)/2 and is only weakly CCA secure in the sense that an adversary can distinguish encryptions of different messages with possibly large advantage β < 1−1/poly. We show that whenever α2 > β, the weak correctness and the weak CCA security properties can be simultaneously amplified to obtain a fully CCA-secure encryption scheme with negligible decryption error. Our approach relies both on a new hardcore lemma for the setting of CCA security, and on an extension of a recently proposed approach to obtain CCA security by Hohenberger, Lewko, and Waters (EUROCRYPT ’12) to handle large decryption errors. Previously, such an amplification result was only known in the simpler case of security against chosen-plaintext attacks, as shown by Dwork, Naor, and Reingold (EUROCRYPT ’04) and by Holenstein and Renner (CRYPTO ’05).
منابع مشابه
Amplification of Chosen-Ciphertext Security
Understanding the minimal assumptions from which we can build a publickey encryption scheme secure against chosen-ciphertext attacks (a CCA-secure scheme, for short) is a central question in both practical and theoretical cryptography. Following the large body of work on hardness and correctness amplification, we ask the question of how far we can weaken a CCA-secure encryption scheme so that a...
متن کاملSelf-Destruct Non-Malleability
We introduce a new security notion for public-key encryption (PKE) that we dub non-malleability under (chosen-ciphertext) self-destruct attacks (NM-SDA), which appears to be the strongest natural PKE security notion below full-blown chosen-ciphertext (IND-CCA) security. In this notion, the adversary is allowed to ask many adaptive “parallel” decryption queries (i.e., a query consists of many ci...
متن کاملWhy Chosen Ciphertext Security Matters
This article motivates the importance of public-key cryptosystems that are secure against chosen ciphertext attack, and of rigorous security proofs. It also discusses the new cryptosystem developed by Cramer and Shoup, and its relevance in this regard.
متن کاملHow to Enhance the Security of Public-Key Encryption at Minimum Cost
This paper presents a simple and generic conversion from a publickey encryption scheme which is indistinguishable against chosen-plaintext attacks into a public-key encryption scheme which is indistinguishable against adaptive chosen-ciphertext attacks in the random oracle model. The scheme obtained by the conversion is as e cient as the original encryption scheme and the security reduction is ...
متن کاملEquivalence between Semantic Security and Indistinguishability against Chosen Ciphertext Attacks
The aim of this work is to examine the relation between the notions of semantic security and indistinguishability against chosen ciphertext attacks. For this purpose, a new security notion called nondividability is introduced independent of attack models, and is shown to be equivalent to each of the previous two notions. This implies the equivalence between semantic security and indistinguishab...
متن کامل