Home  >>  Research

Bounded CCA2-Secure Encryption

Ronald Cramer, Goichiro Hanaoka, Dennis Hofheinz, Hideki Imai, Eike Kiltz, Rafael Pass, abhi shelat, and Vinod Vaikuntanathan. 

To appear in ASIACRYPT'07, December 2007, Kuching, Malaysia.

This paper is a merger of three papers: one by Cramer, Hofheinz, and Kiltz, one by Hanaoka and Imai, and one by Pass, shelat, and Vaikuntanathan.

Whereas encryption schemes withstanding only passive chosen-plaintext attacks (CPA) can be constructed based on a variety of computational assumptions, only a few assumptions are known to imply the existence of  encryption schemes withstanding adaptive chosen-ciphertext attacks (CCA2). Towards addressing this asymmetry, we consider a weakening of the CCA2 model---bounded CCA2-security---wherein security needs only hold against adversaries that make an a-priori bounded number of queries to the decryption oracle.  Regarding this notion we show (without any further assumptions):

  • For any polynomial $q$, a simple black-box construction of $q$-bounded IND-CCA2-secure encryption schemes, from any CPA secure encryption scheme. When instantiated with the DDH assumption, this construction additionally yields encryption schemes with very short ciphertexts.
  • For any polynomial $q$, a (non-black box) construction of $q$-bounded NM-CCA2-secure encryption schemes, from any CPA secure encryption scheme. As far as we know, bounded-CCA2 non-malleability is the strongest notion of security known to be achievable assuming only the existence of CPA secure encryption schemes.

Finally, we show that non-malleability and indistinguishability are not equivalent under bounded CCA2 attacks
(in contrast to general CCA2 attacks).

0 TrackBacks

Listed below are links to blogs that reference this entry: Bounded CCA2-Secure Encryption.

TrackBack URL for this entry: http://www.cs.virginia.edu/~shelat/mt/mt-tb.cgi/16

Leave a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)