Relations among notions of security for public-key encryption schemes

  • Mihir Bellare
  • Anand Desai
  • David Pointcheval
  • Phillip Rogaway
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1462)

Abstract

We compare the relative strengths of popular notions of security for public key encryption schemes. We consider the goals of privacy and non-malleability, each under chosen plaintext attack and two kinds of chosen ciphertext attack. For each of the resulting pairs of definitions we prove either an implication (every scheme meeting one notion must meet the other) or a separation (there is a scheme meeting one notion but not the other, assuming the first notion can be met at all). We similarly treat plaintext awareness, a notion of security in the random oracle model. An additional contribution of this paper is a new definition of non-malleability which we believe is simpler than the previous one.

References

  1. 1.
    M. Bellare, R. Canetti and H. Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols. Proceedings of the 30th Annual Symposium on Theory of Computing, ACM, 1998.Google Scholar
  2. 2.
    M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, Relations among notions of security for public-key encryption schemes. Pull version of this paper, available via http://www-cse.ucsd.edu/users/mihir/Google Scholar
  3. 3.
    M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols. First ACM Conference on Computer and Communications Security, ACM, 1993.Google Scholar
  4. 4.
    M. Bellare and P. Rogaway, Optimal asymmetric encryption — How to encrypt with RSA. Advances in Cryptology — Eurocrypt 94 Proceedings, Lecture Notes in Computer Science Vol. 950, A. De Santis ed., Springer-Verlag, 1994.Google Scholar
  5. 5.
    M. Bellare and A. Sahai, private communication, May 1998.Google Scholar
  6. 6.
    D. Bleichenbacher, A chosen ciphertext attack against protocols based on the RSA encryption standard PKCS #1, Advances in Cryptology — CRYPTO '98 Proceedings, Lecture Notes in Computer Science, H. Krawczyk, ed., Springer-Verlag 1998.Google Scholar
  7. 7.
    M. Blum, P. Feldman and S. Micali, Non-interactive zero-knowledge and its applications. Proceedings of the 20th Annual Symposium on Theory of Computing, ACM, 1988.Google Scholar
  8. 8.
    R. Cramer and V. Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. Advances in Cryptology — CRYPTO '98 Proceedings, Lecture Notes in Computer Science, H. Krawczyk, ed., Springer-Verlag 1998.Google Scholar
  9. 9.
    I. Damgård, Towards practical public key cryptosystems secure against chosen ciphertext attacks. Advances in Cryptology — Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.Google Scholar
  10. 10.
    A. De Santis and G. Persiano, Zero-knowledge proofs of knowledge without interaction. Proceedings of the 33rd Symposium on Foundations of Computer Science, IEEE, 1992.Google Scholar
  11. 11.
    D. Dolev, C. Dwork, and M. Naor, Non-malleable cryptography. Proceedings of the 23rd Annual Symposium on Theory of Computing, ACM, 1991.Google Scholar
  12. 12.
    D. Dolev, C. Dwork, and M. Naor, Non-malleable cryptography. Technical Report CS95-27, Weizmann Institute of Science, 1995.Google Scholar
  13. 13.
    D. Dolev, C. Dwork, and M. Naor, Non-malleable cryptography. Manuscript, 1998.Google Scholar
  14. 14.
    O. Goldreich, A uniform complexity treatment of encryption and zero-knowledge. Journal of Cryptology, Vol. 6, 1993, pp. 21–53.MATHMathSciNetGoogle Scholar
  15. 15.
    Z. Galil, S. Haber and M. Yung, Symmetric public key encryption. Advances in Cryptology — Crypto 85 Proceedings, Lecture Notes in Computer Science Vol. 218, H. Williams ed., Springer-Verlag, 1985.Google Scholar
  16. 16.
    Z. Galil, S. Haber and M. Yung, Security against replay chosen ciphertext attack. Distributed Computing and Cryptography, DIMACS Series in Discrete Mathematics and Theoretical Computer Science, Vol. 2, ACM, 1991.Google Scholar
  17. 17.
    S. Goldwasser and S. Micali, Probabilistic encryption. Journal of Computer and System Sciences, 28:270–299, 1984.MATHMathSciNetCrossRefGoogle Scholar
  18. 18.
    O. Goldreich, S. Goldwasser and S. Micali, How to construct random functions. Journal of the ACM, Vol. 33, No. 4, 1986, pp. 210–217.MathSciNetCrossRefGoogle Scholar
  19. 19.
    J. Håstad, R. Impagliazzo, L. Levin and M. Luby, Construction of a pseudo-random generator from any one-way function. Manuscript. Earlier versions in STOC 89 and STOC 90.Google Scholar
  20. 20.
    R. Impagliazzo and M. Luby, One-way functions are essential for complexity based cryptography. Proceedings of the 30th Symposium on Foundations of Computer Science, IEEE, 1989.Google Scholar
  21. 21.
    S. Micali, C. Rackoff and R. Sloan, The notion of security for probabilistic cryptosystems. SIAM J. of Computing, April 1988.Google Scholar
  22. 22.
    M. Naor, private communication, March 1998.Google Scholar
  23. 23.
    M. Naor and M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks. Proceedings of the 22nd Annual Symposium on Theory of Computing, ACM, 1990.Google Scholar
  24. 24.
    C. Rackoff and D. Simon, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. Advances in Cryptology — Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.Google Scholar
  25. 25.
    SETCo (Secure Electronic Transaction LLC), The SET standard book 3 formal protocol definitions (version 1.0). May 31, 1997. Available from http://www.setco.org/Google Scholar
  26. 26.
    Y. Zheng and J. Seberry, Immunizing public key cryptosystems against chosen ciphertext attack. IEEE Journal on Selected Areas in Communications, vol. 11, no. 5, 715–724 (1993).CrossRefGoogle Scholar

Copyright information

© Springer-Verlag 1998

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Anand Desai
    • 1
  • David Pointcheval
    • 2
    • 3
  • Phillip Rogaway
    • 4
  1. 1.Dept. of Computer Science & EngineeringUniversity of California at San DiegoLa JollaUSA
  2. 2.Laboratoire d'Informatique de l'École Normale SupérieureParisFrance
  3. 3.GREYC, Dépt d'InformatiqueUniversité de CaenCaen CedexFrance
  4. 4.Dept. of Computer Science, Engineering II Bldg.University of California at DavisDavisUSA

Personalised recommendations