CryptoDB
Towards Plaintext-Aware Public-Key Encryption without Random Oracles
Authors: | |
---|---|
Download: | |
Abstract: | We consider the problem of defining and achieving plaintext-aware encryption without random oracles in the classical public-key model. We provide definitions for a hierarchy of notions of increasing strength: PA0, PA1 and PA2, chosen so that PA1+IND-CPA => IND-CCA1 and PA2+IND-CPA => IND-CCA2. Towards achieving the new notions of plaintext awareness, we show that a scheme due to Damgard, denoted DEG, and the ``lite'' version of the Cramer-Shoup scheme, denoted CSL, are both PA0 under the KEA0 assumption of Damgard, and PA1 under an extension of this assumption called KEA1. As a result, DEG is the most efficient proven IND-CCA1 scheme known. |
BibTeX
@misc{eprint-2004-12192, title={Towards Plaintext-Aware Public-Key Encryption without Random Oracles}, booktitle={IACR Eprint archive}, keywords={foundations / encryption, chosen-ciphertext attacks, plaintext awareness}, url={http://eprint.iacr.org/2004/221}, note={An extended abstract of this paper appears in the proceedings of the Asiacrypt 2004 conference. This is the full version. mihir@cs.ucsd.edu 12663 received 1 Sep 2004, last revised 2 Sep 2004}, author={Mihir Bellare and Adriana Palacio}, year=2004 }