Bounded CCA2-Secure Non-Malleable Encryption
Under an adaptive chosen ciphertext attack (CCA2), the security of an encryption scheme must hold against adversaries that have access to a decryption oracle. We consider a weakening of CCA2 security, wherein security need only hold against adversaries making an a-priori bounded number of querie...
| Main Authors: | , , |
|---|---|
| Other Authors: | |
| Language: | en_US |
| Published: |
2006
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/1721.1/34968 |
| _version_ | 1826209982055448576 |
|---|---|
| author | Pass, Rafael Shelat, Abhi Vaikuntanathan, Vinod |
| author2 | Shafi Goldwasser |
| author_facet | Shafi Goldwasser Pass, Rafael Shelat, Abhi Vaikuntanathan, Vinod |
| author_sort | Pass, Rafael |
| collection | MIT |
| description | Under an adaptive chosen ciphertext attack (CCA2), the security of an encryption scheme must hold against adversaries that have access to a decryption oracle. We consider a weakening of CCA2 security, wherein security need only hold against adversaries making an a-priori bounded number of queries to the decryption oracle. Concerning this notion, which we call bounded-CCA2 security, we show the following two results. (1) Bounded-CCA2 secure non-malleable encryption schemes exist if and only if semantically-secure (IND-CPA-secure) encryption schemes exist.(As far as we know, bounded-CCA2 non-malleability is the strongest notion of security known to be satisfiable assuming only the existence of semantically-secure encryption schemes.) (2) In contrast to CCA2 security, bounded-CCA2 security alone does not imply non-malleability. In particular, if there exists an encryption scheme that is bounded-CCA2 secure, then there exists another encryption scheme which remains bounded-CCA2 secure, but is malleable under a simple chosen-plaintext attack. |
| first_indexed | 2024-09-23T14:38:23Z |
| id | mit-1721.1/34968 |
| institution | Massachusetts Institute of Technology |
| language | en_US |
| last_indexed | 2024-09-23T14:38:23Z |
| publishDate | 2006 |
| record_format | dspace |
| spelling | mit-1721.1/349682019-04-11T09:50:10Z Bounded CCA2-Secure Non-Malleable Encryption Pass, Rafael Shelat, Abhi Vaikuntanathan, Vinod Shafi Goldwasser Theory of Computation Public-key Encryption Non-Malleability Chosen Ciphertext Security Under an adaptive chosen ciphertext attack (CCA2), the security of an encryption scheme must hold against adversaries that have access to a decryption oracle. We consider a weakening of CCA2 security, wherein security need only hold against adversaries making an a-priori bounded number of queries to the decryption oracle. Concerning this notion, which we call bounded-CCA2 security, we show the following two results. (1) Bounded-CCA2 secure non-malleable encryption schemes exist if and only if semantically-secure (IND-CPA-secure) encryption schemes exist.(As far as we know, bounded-CCA2 non-malleability is the strongest notion of security known to be satisfiable assuming only the existence of semantically-secure encryption schemes.) (2) In contrast to CCA2 security, bounded-CCA2 security alone does not imply non-malleability. In particular, if there exists an encryption scheme that is bounded-CCA2 secure, then there exists another encryption scheme which remains bounded-CCA2 secure, but is malleable under a simple chosen-plaintext attack. 2006-12-14T14:51:47Z 2006-12-14T14:51:47Z 2006-12-14 MIT-CSAIL-TR-2006-081 http://hdl.handle.net/1721.1/34968 en_US Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory 17 p. 1222225 bytes 239045 bytes application/postscript application/pdf application/postscript application/pdf |
| spellingShingle | Public-key Encryption Non-Malleability Chosen Ciphertext Security Pass, Rafael Shelat, Abhi Vaikuntanathan, Vinod Bounded CCA2-Secure Non-Malleable Encryption |
| title | Bounded CCA2-Secure Non-Malleable Encryption |
| title_full | Bounded CCA2-Secure Non-Malleable Encryption |
| title_fullStr | Bounded CCA2-Secure Non-Malleable Encryption |
| title_full_unstemmed | Bounded CCA2-Secure Non-Malleable Encryption |
| title_short | Bounded CCA2-Secure Non-Malleable Encryption |
| title_sort | bounded cca2 secure non malleable encryption |
| topic | Public-key Encryption Non-Malleability Chosen Ciphertext Security |
| url | http://hdl.handle.net/1721.1/34968 |
| work_keys_str_mv | AT passrafael boundedcca2securenonmalleableencryption AT shelatabhi boundedcca2securenonmalleableencryption AT vaikuntanathanvinod boundedcca2securenonmalleableencryption |