Relations Among Notions of Plaintext Awareness
نویسندگان
چکیده
We introduce a new simplified notion of plaintext awareness, which we term PA2I, and show that this is equivalent to the standard definition of PA2 plaintext awareness for encryption schemes that satisfy certain weak security and randomness requirements. We also show that PA2 plaintext awareness is equivalent to PA2+ plaintext awareness under similar security and randomness requirements. This proves a conjecture of Dent that, for suitably random public-key encryption schemes, PA2 plaintext awareness implies PA1+ plaintext awareness.
منابع مشابه
Relations Among Notions of Security for Public-Key Encryption Schemes
We compare the relative strengths of popular notions of security for public-key encryption schemes. We consider the goals of privacy and non-malleability, each under chosen-plaintext attack and two kinds of chosen-ciphertext attack. For each of the resulting pairs of definitions we prove either an implication (every scheme meeting one notion must meet the other) or a separation (there is a sche...
متن کاملHow to Securely Release Unverified Plaintext in Authenticated Encryption
Scenarios in which authenticated encryption schemes output decrypted plaintext before successful verification raise many security issues. These situations are sometimes unavoidable in practice, such as when devices have insufficient memory to store an entire plaintext, or when a decrypted plaintext needs early processing due to real-time requirements. We introduce the first formalization of the...
متن کاملTowards Plaintext-Aware Public-Key Encryption Without Random Oracles
We consider the problem of defining and achieving plaintextaware encryption without random oracles in the classical public-key model. We provide definitions for a hierarchy of notions of increasing strength: PA0, PA1 and PA2, chosen so that PA1+IND-CPA → INDCCA1 and PA2+IND-CPA → IND-CCA2. Towards achieving the new notions of plaintext awareness, we show that a scheme due to Damg̊ard [12], denot...
متن کاملRelated Message Attacks to Public Key Encryption Schemes: Relations among Security Notions
Consider a scenario in which an adversary, attacking a certain public key encryption scheme, gains knowledge of several ciphertexts which underlying plaintext are meaningfully related with a given target ciphertext. This kind of related message attack has been proved successful against several public key encryption schemes; widely known is the Franklin-Reiter attack to RSA with low exponent and...
متن کاملParallel Decryption Queries in Bounded Chosen Ciphertext Attacks
Whether it is possible to construct a chosen ciphertext secure (CCA secure) public key encryption (PKE) scheme only from a chosen plaintext secure (CPA secure) one is a fundamental open problem, and the best known positive results regarding this problem are the constructions of so-called bounded CCA secure schemes. Since we can achieve the best possible security in the bounded CCA security noti...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007