Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: Advances in Security for Communication Networks
Guest editors: Ivan ViscontiGuest-Editor
Article type: Research Article
Authors: Myers, Stevena | Sergi, Monab | shelat, abhib; *
Affiliations: [a] Indiana University, Bloomington, IN, USA. E-mail: samyers@indiana.edu | [b] University of Virginia, Charlottesville, VA, USA. E-mails: ms4bf@virginia.edu, abhi@virginia.edu
Correspondence: [*] Corresponding author. Tel.: +1 434 243 2145; E-mail: abhi@virginia.edu
Note: [1] The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the US government.
Abstract: We construct a Non-Malleable Chosen Ciphertext Attack (NM-CCA1) encryption scheme from any encryption scheme that is also plaintext aware and weakly simulatable. We believe this is the first construction of a NM-CCA1 scheme that follows strictly from encryption schemes with seemingly weaker or incomparable security definitions to NM-CCA1. Previously, the statistical Plaintext Awareness #1 (PA1) notion was only known to imply CCA1. Our result is therefore novel because unlike the case of Chosen Plaintext Attack (CPA) and Chosen Chiphertext Attack (CCA2), it is unknown whether a CCA1 scheme can be transformed into an NM-CCA1 scheme. Additionally, we show both the Damgård Elgamal Scheme (DEG) [in: CRYPTO, J. Feigenbaum, ed., Lecture Notes in Computer Science, Vol. 576, Springer, 1991, pp. 445–456] and the Cramer–Shoup Lite Scheme (CS-Lite) [SIAM J. Comput. 33(1) (2003), 167–226] are weakly simulatable under the DDH assumption. Since both are known to be statistical Plaintext Aware 1 (PA1) under the Diffie–Hellman Knowledge (DHK) assumption, they instantiate our scheme securely. Furthermore, in response to a question posed by Matsuda and Matsuura [in: Public Key Cryptography, D. Catalano, N. Fazio, R. Gennaro and A. Nicolosi, eds, Lecture Notes in Computer Science, Vol. 6571, Springer, 2011, pp. 246–264], we define cNM-CCA1-security in which an NM-CCA1-adversary is permitted to ask a c≥1 number of parallel queries after receiving the challenge ciphertext. We extend our construction to yield a cNM-CCA1 scheme for any constant c. All of our constructions are black-box.
Keywords: Public-key encryption, plaintext-awareness, non-malleability
DOI: 10.3233/JCS-130485
Journal: Journal of Computer Security, vol. 21, no. 5, pp. 721-748, 2013
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl