One-Way Secure Encryption Can Leak Some Messages
نویسنده
چکیده
Last time we saw an example of an encryption scheme, the “textbook RSA” scheme, which can be one-way secure (that’s exactly the belief expressed in the “RSA assumption”) but is not secure in the sense of indistinguishability. Now we’ll see that any one-way encryption might have some bad characteristics that make it not indistinguishably secure. With these arguments we’ll try to convince you that the one-way security requirement on encryption is in fact not enough in practice.
منابع مشابه
Optimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages
This paper considers arbitrary-length chosen-ciphertext secure asymmetric encryption, thus addressing what is actually needed for a practical usage of strong public-key cryptography in the real world. We put forward two generic constructions, gem-1 and gem-2, which apply to explicit fixed-length weakly secure primitives and provide a strongly secure (IND-CCA2) public-key encryption scheme for m...
متن کاملOn the (Im)Possibility of Key Dependent Encryption
We study the possibility of constructing encryption schemes secure under messages that are chosen depending on the key k of the encryption scheme itself. We give the following separation results that hold both in the private and in the public key settings: – Let H be the family of poly(n)-wise independent hash-functions. There exists no fully-black-box reduction from an encryption scheme secure...
متن کاملTowards Key-Dependent Message Security in the Standard Model
Standard security notions for encryption schemes do not guarantee any security if the encrypted messages depend on the secret key. Yet it is exactly the stronger notion of security in the presence of key-dependent messages (KDM security) that is required in a number of applications: most prominently, KDM security plays an important role in analyzing cryptographic multi-party protocols in a form...
متن کاملEntropic Security and the Encryption of High Entropy Messages
Russell and Wang [22] recently introduced an elegant, information-theoretic notion calledentropic security of encryption: they required that the cipher text leak no predicate of theplaintext (similar to semantic security [10]) but only as long as the distribution on messageshas high entropy from the adversary’s point of view. They show that this notion of security canbe achi...
متن کاملInsecurity Against Selective-Opening Attacks: Some Key Ideas Selected Paper: Standard Security Does Not Imply Security Against Selective Opening by Bellare, Dowsley, Waters, and Yilek
Many of the standard notions of security we have examined quarter with respect to two-party communication may fail to capture notions of security in unusual settings. One such setting, not unrealistic in multi-party protocols, is the setting in which a receiver receives n individual messages from n distinct senders, all of which are encrypted and committed to their values. At some point, the re...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004