International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Towards Plaintext-Aware Public-Key Encryption without Random Oracles

Authors:
Mihir Bellare
Adriana Palacio
Download:
URL: http://eprint.iacr.org/2004/221
Search ePrint
Search Google
Abstract: We consider the problem of defining and achieving plaintext-aware encryption without random oracles in the classical public-key model. We provide definitions for a hierarchy of notions of increasing strength: PA0, PA1 and PA2, chosen so that PA1+IND-CPA => IND-CCA1 and PA2+IND-CPA => IND-CCA2. Towards achieving the new notions of plaintext awareness, we show that a scheme due to Damgard, denoted DEG, and the ``lite'' version of the Cramer-Shoup scheme, denoted CSL, are both PA0 under the KEA0 assumption of Damgard, and PA1 under an extension of this assumption called KEA1. As a result, DEG is the most efficient proven IND-CCA1 scheme known.
BibTeX
@misc{eprint-2004-12192,
  title={Towards Plaintext-Aware Public-Key Encryption without Random Oracles},
  booktitle={IACR Eprint archive},
  keywords={foundations / encryption, chosen-ciphertext attacks, plaintext awareness},
  url={http://eprint.iacr.org/2004/221},
  note={An extended abstract of this paper appears in the proceedings of the Asiacrypt 2004 conference. This is the full version. mihir@cs.ucsd.edu 12663 received 1 Sep 2004, last revised 2 Sep 2004},
  author={Mihir Bellare and Adriana Palacio},
  year=2004
}