Cramer-Shoup Satisfies a Stronger Plaintext Awareness under a Weaker Assumption

  • Isamu Teranishi
  • Wakaha Ogata
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5229)


In the seminal paper of Eurocrypt 2006, Dent defined a new assumption, simulatability, and showed that the well-known Cramer-Shoup public-key encryption scheme satisfied the weakest version of the plaintext awareness, the computational plaintext awareness, under the simulatability assumption, the DDH assumption, the DHK assumption, and the collision resistance of the hash function. However, a tricky aspect of the computational plaintext awareness was later shown. Moreover, the definition of the simulatability is elaborated. In this paper, we show that the Cramer-Shoup scheme satisfies a stronger variant of the plaintext awareness, the statistical plaintext awareness, under a weaker and simpler assumption than the simulatability. In particular, we show the statistical PA2-ness of the Cramer-Shoup scheme under computational assumptions.


Statistical Plaintext Awareness Standard Model Cramer-Shoup Scheme 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BDPR98]
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations Among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)Google Scholar
  2. [BP04]
    Bellare, M., Palacio, A.: Towards plaintext-aware public-key encryption without random oracles. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 48–62. Springer, Heidelberg (2004)Google Scholar
  3. [BR94]
    Bellare, M., Rogaway, P.: Optimal Asymmetric Encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  4. [BD08]
    Birkett, J., Dent, A.W.: Relations Among Notions of Plaintext Awareness. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 47–64. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. [B01]
    Boneh, D.: Simplified OAEP for the RSA and Rabin Functions. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 275–291. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. [CS98]
    Cramer, R., Shoup, V.: A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)Google Scholar
  7. [CS01]
    Cramer, R., Shoup, V.: Design and Analysis of Practical Public-Key Encryption Schemes (2001)Google Scholar
  8. [D91]
    Damgård, I.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992)Google Scholar
  9. [D06]
    Dent, A.W.: Cramer-Shoup is Plaintext-Aware in the Standard Model. In: EUROCRYPT 2006 (2006)Google Scholar
  10. [F06]
    Fujisaki, E.: Plaintext Simulatability. IEICE Trans. Fundamentals, E89-A, pp.55-65. Preliminary version (2006),
  11. [FO99]
    Fujisaki, E., Okamoto, T.: How to Enhance the Security of Public-Key Encryption at Minimum Cost. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 53–68. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  12. [FOPS01]
    Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP Is Secure under the RSA Assumption. In: CRYPTO 2001, pp. 260–274; J. Cryptology 17(2), pp.81-104 (2004)Google Scholar
  13. [HLM03]
    Herzog, J., Liskov, M., Micali, S.: Plaintext Awareness via Key Registration. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 548–564. Springer, Heidelberg (2003)Google Scholar
  14. [M01]
    Manger, J.: A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 230–238. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. [S00]
    Shoup, V.: Using Hash Functions as a Hedge against Chosen Ciphertext Attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 275–288. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  16. [S01]
    Shoup, V.: OAEP Reconsidered. In: CRYPTO 2001, pp.239–259 (2001); J. Cryptology, 15(4), 223–249 (2002)Google Scholar
  17. [TO06]
    Teranishi, I., Ogata, W.: Relationship between Standard Model Plaintext Awareness and Message Hiding. In: ASIACRYPT 2006. IEICE Transactions 2008 91-A(1), pp.244-261Google Scholar
  18. [TO08]
    Teranishi, I., Ogata, W.: Relationship between Two Approaches for Defining the Standard Model PA-ness. In: ACISP 2008 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Isamu Teranishi
    • 1
  • Wakaha Ogata
    • 2
  1. 1.NEC CorporationKawasakiJapan
  2. 2.Tokyo Institute of TechnologyTokyoJapan

Personalised recommendations