Relationship Between Standard Model Plaintext Awareness and Message Hiding

  • Isamu Teranishi
  • Wakaha Ogata
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4284)


Recently, Bellare and Palacio succeeded in defining the plaintext awareness, which is also called PA2, in the standard model. They propose three valiants of the standard model PA2 named perfect, statistical, and computational PA2. In this paper, we study the relationship between the standard model PA2 and the property about message hiding, that is, IND-CPA. Although it seems that these two are independent notions at first glance, we show that all of the perfect, statistical, and computational PA2 in the standard model imply the IND-CPA security if the encryption function is oneway. By using this result, we also showed that “PA2 + Oneway \(\Rightarrow\) IND-CCA2”. This result shows the “all-or-nothing” aspect of the PA2. That is, a standard model PA2 secure public-key encryption scheme either satisfies the strongest message hiding property, IND-CCA2, or does not satisfy even the weakest message hiding property, onewayness. We also showed that the computational PA2 notion is strictly stronger than the statistical one.


Plaintext Awareness Standard Model 


  1. [BDPR98]
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)Google Scholar
  2. [BP04]
    Bellare, M., Palacio, A.: Towards plaintext-aware public-key encryption without random oracles. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 48–62. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. [BR94]
    Bellare, M., Rogaway, P.: Optimal Asymmetric Encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  4. [BR96]
    Bellare, M., Rogaway, P.: The Exact Security of Digital Signatures - How to Sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)Google Scholar
  5. [B01]
    Boneh, D.: Simplified OAEP for the RSA and Rabin Functions. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 275–291. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. [BF01]
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. [CHJPPT98]
    Coron, J.-S., Handschuh, H., Joye, M., Paillier, P., Pointcheval, D., Tymen, C.: Optimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 17–33. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. [CJNP02]
    Coron, J.-S., Joye, M., Naccache, D., Paillier, P.: Universal Padding Schemes for RSA. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 226–241. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. [CS98]
    Cramer, R., Shoup, V.: A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)Google Scholar
  10. [CS01]
    Cramer, R., Shoup, V.: Design and Analysis of Practical Public-Key Encryption Schemes. SIAM J. Comp. 33(1), 167–226 (2004) (full version) (manuscript, 2001)CrossRefMathSciNetGoogle Scholar
  11. [D91]
    Damgård, I.B.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992)Google Scholar
  12. [D06]
    Dent, A.W.: The Cramer-Shoup Encryption Scheme Is Plaintext Aware in the Standard Model. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 289–307. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. [DDN00]
    Dolev, D., Dwork, C., Naor, M.: Nonmalleable Cryptography. SIAM J. Comp. 30(2), 391–437 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  14. [DY83]
    Dolev, D., Yao, A.C.-C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)zbMATHCrossRefMathSciNetGoogle Scholar
  15. [F06]
    Fujisaki, E.: Plaintext Simulatability. IEICE Trans. Fundamentals E89-A, 55–65 (2006), Preliminary version is available at: CrossRefGoogle Scholar
  16. [FO99]
    Fujisaki, E., Okamoto, T.: How to Enhance the Security of Public-Key Encryption at Minimum Cost. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 53–68. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  17. [FOPS01]
    Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP Is Secure under the RSA Assumption. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 260–274. Springer, Heidelberg (2001); J. Cryptology  17(2), 81–104 (2004)Google Scholar
  18. [HLM03]
    Herzog, J., Liskov, M., Micali, S.: Plaintext Awareness via Key Registration. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 548–564. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. [JN03]
    Joux, A., Nguyen, K.: Separating Decision Diffie-Hellman from Computational Diffie-Hellman in Cryptographic Groups. J. Cryptology 16(4), 239–247 (2003), zbMATHCrossRefMathSciNetGoogle Scholar
  20. [KI01]
    Kobara, K., Imai, H.: Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 19–35. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. [KO03]
    Komano, Y., Ohta, K.: Efficient Universal Padding Techniques for Multiplicative Trapdoor One-Way Permutation. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 366–382. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. [M01]
    Manger, J.: A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 230–238. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. [MOV93]
    Menezes, A., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. on Information Theory 39(5), 1639–1646 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  24. [OP01]
    Okamoto, T., Pointcheval, D.: REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 159–175. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. [PP04]
    Phan, D.H., Pointcheval, D.: OAEP 3-Round:A Generic and Secure Asymmetric Encryption Padding. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 63–77. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  26. [SOK01]
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems Based on Pairings. In: SCIS 2001(2001)Google Scholar
  27. [S00]
    Shoup, V.: Using Hash Functions as a Hedge against Chosen Ciphertext Attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 275–288. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  28. [S01]
    Shoup, V.: OAEP reconsidered. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 239–249. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Isamu Teranishi
    • 1
    • 2
  • Wakaha Ogata
    • 2
  1. 1.NEC CorporationKawasaki, KanagawaJapan
  2. 2.Tokyo Institute of TechnologyTokyoJapan

Personalised recommendations