Advertisement

Towards Plaintext-Aware Public-Key Encryption Without Random Oracles

  • Mihir Bellare
  • Adriana Palacio
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3329)

Abstract

We consider the problem of defining and achieving plaintext-aware encryption without random oracles in the classical public-key model. We provide definitions for a hierarchy of notions of increasing strength: PA0, PA1 and PA2, chosen so that PA1+IND-CPA → IND-CCA1 and PA2+IND-CPA → IND-CCA2. Towards achieving the new notions of plaintext awareness, we show that a scheme due to Damgård [12], denoted DEG, and the “lite” version of the Cramer-Shoup scheme [11], denoted CS-lite, are both PA0 under the DHK0 assumption of [12], and PA1 under an extension of this assumption called DHK1. As a result, DEG is the most efficient proven IND-CCA1 scheme known.

Keywords

Encryption Scheme Random Oracle Oracle Query Coin Toss Decryption Oracle 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Backes, M., Pfitzmann, B., Waidner, M.: A composable cryptographic library with nested operations. In: CCS 2003 (2003)Google Scholar
  2. 2.
    Bellare, M., Palacio, A.: Towards plaintext-aware public-key encryption without random oracles. Full version of this extended abstract, Available at http://www-cse.ucsd.edu/users/mihir
  3. 3.
    Bellare, M., Boldyreva, A., Palacio, A.: An un-instantiable random oracle model scheme for a hybrid encryption problem. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 171–188. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 26. Springer, Heidelberg (1998)Google Scholar
  5. 5.
    Bellare, M., Palacio, A.: The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 273–289. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  7. 7.
    Boneh, D.: Simplified OAEP for the RSA and Rabin functions. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 275. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: STOC 1988 (1988)Google Scholar
  9. 9.
    Blum, M., Feldman, P., Micali, S.: Proving security against chosen ciphertext attacks. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 256–268. Springer, Heidelberg (1990)Google Scholar
  10. 10.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: STOC 1998 (1998)Google Scholar
  11. 11.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing 33(1), 167–226 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Damgård, I.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992)Google Scholar
  13. 13.
    De Santis, A., Persiano, G.: Zero-knowledge proofs of knowledge without interaction. In: FOCS 1992 (1992)Google Scholar
  14. 14.
    Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Transactions on Information Theory 29, 198–208 (1983)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Dolev, D., Dwork, C., Naor, M.: Non-Malleable cryptography. SIAM Journal on Computing 30(2), 391–437 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is secure under the RSA assumption. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 260. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Goldreich, O.: A uniform-complexity treatment of encryption and zero-knowledge. Journal of Cryptology 6(1), 21–53 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Goldwasser, S., Taumann, Y.: On the (in)security of the Fiat-Shamir paradigm. In: FOCS 2003 (2003)Google Scholar
  19. 19.
    Hada, S., Tanaka, T.: On the existence of 3-round zero-knowledge protocols. IACR Cryptology ePrint Archive, Report 1999/009 (March 1999), Available at http://eprint.iacr.org/1999/009/ (Revised version of [20])
  20. 20.
    Hada, S., Tanaka, T.: On the existence of 3-round zero-knowledge protocols. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 408. Springer, Heidelberg (1998); Preliminary version of [19] Google Scholar
  21. 21.
    Herzog, J., Liskov, M., Micali, S.: Plaintext awareness via key registration. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 548–564. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Goldwasser, S., Micali, S.: Probabilistic Encryption. Journal of Computer and System Science 28, 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Micali, S., Rackoff, C., Sloan, B.: The notion of security for probabilistic cryptosystems. SIAM Journal on Computing 17(2), 412–426 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Naor, M.: Cryptographic assumptions and challenges. In: Crypto 2003 (2003)Google Scholar
  25. 25.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: STOC 1990 (1990)Google Scholar
  26. 26.
    Nielsen, J.B.: Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 111. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  27. 27.
    Rackoff, C., Simon, D.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
  28. 28.
    Shoup, V.: OAEP reconsidered. Journal of Cryptology 15(4), 223–249 (2002)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Adriana Palacio
    • 1
  1. 1.Dept.of Computer Science & EngineeringUniversity of California, San DiegoLa JollaUSA

Personalised recommendations