Lecture 16 : Non - Malleability and Public Key Encryption
نویسندگان
چکیده
Until this point we have discussed encryptions that prevent a passive attacker from discovering any information about messages that are sent. In some situations, however, we may want to prevent an attacker from creating a new message from a given encryption. Consider an auction for example. Suppose the Bidder Bob is trying to send a message containing his bid to the Auctioneer Alice. Private key encryption could prevent an attacker Eve from knowing what Bob bids, but if she could construct a message that contained one more than Bob's bid, then she could win the auction. We say that an encryption scheme that prevents these kinds of attacks is non-malleable. Informally, if a scheme is non-malleable, then it is impossible to output an encrypted message containing any function of a given encrypted message. Formally, we have the following definition: Definition 1 (Non-Malleability) Let (Gen, Enc, Dec) be an encryption scheme. Let NM(m, A) be the output of the following experiment:
منابع مشابه
Alternatives to Non-Malleability: Definitions, Constructions and Applications
We explore whether non-malleability is necessary for the applications typically used to mo-tivate it, and propose two alternatives. The first we call weak non-malleability (wnm) and showthat it suffices to achieve secure contract bidding (the application for which non-malleability wasinitially introduced), despite being strictly weaker than non-malleability. The second we callta...
متن کاملRelations Among Notions of Security for Public-Key Encryption Schemes
We compare the relative strengths of popular notions of security for public-key encryption schemes. We consider the goals of privacy and non-malleability, each under chosen-plaintext attack and two kinds of chosen-ciphertext attack. For each of the resulting pairs of definitions we prove either an implication (every scheme meeting one notion must meet the other) or a separation (there is a sche...
متن کاملExtended Notions of Security for Multicast Public Key Cryptosystems
In this paper we introduce two notions of security: multi-user indistinguishability and multi-user non-malleability. We believe that they encompass the correct requirements for public key encryption schemes in the context of multicast communications. A precise and non-trivial analysis proves that they are equivalent to the former single-user notions, provided the number of participants is polyn...
متن کاملNon-Malleability vs. CCA-Security: The Case of Commitments
In this work, we settle the relations among a variety of security notions related to non-malleability and CCA-security that have been proposed for commitment schemes in the literature. Interestingly, all our separations follow from two generic transformations. Given two appropriate security notions X and Y from the class of security notions we compare, these transformations take a commitment sc...
متن کاملStrong Continuous Non-malleable Encoding Schemes with Tamper-Detection
A non-malleable encoding scheme is a keyless encoding scheme which is resilient to tampering attacks. Such a scheme is said to be continuously secure if the scheme is resilient to attacks containing more than one tampering procedure. Also, such a scheme is said to have tamper-detection property if any kind of tampering attack is detected. In [S. Faust, et al., Continuous nonmalleable codes, TCC...
متن کامل