Relations Among Notions of Non-malleability for Encryption.

Since its introduction in the early 90's, the notion of nonmalleability for encryption schemes has been formalized using a number of conceptually different definitional approaches-most notably, the "pragmatic ... We provide a full characterization of these approaches and consider their robustness under composition. ... We would like to thank one of the anonymous Crypto referees for thorough and helpful comments. ...

doi:10.1007/978-3-540-76900-2_32 dblp:conf/asiacrypt/PassSV07 fatcat:66kgkrc3qnakfmefp6czmpa5gm

We follow the pattern of relations previously established for standard non-malleability. ... We study relations among various notions of complete nonmalleability, where an adversary can tamper with both ciphertexts and public-keys, and ciphertext indistinguishability. ... Governments are authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation hereon. ...

doi:10.1007/978-3-642-14081-5_10 fatcat:47urnszzlvdjdjm7xyio5csmqu

This characterization simpli es both the notion of non-malleable encryption and its usage, and enables one to see more easily how it compares with other notions of encryption. ... The equivalence relies on a new characterization of non-malleable encryption in terms of the standard notion of indistinguishability of Goldwasser and Micali. ... Relations among notions of security Our new characterization of non-malleability as indistinguishability under a parallel chosen-ciphertext attack simpli es the discussion of relationships among the notions ...

doi:10.1007/3-540-48405-1_33 fatcat:ham4ibxuard3vgx3jpueuohwya

In this paper we introduce two notions of security: multi-user indistinguishability and multi-user non-malleability. ... We also introduce a new definition for non-malleability which is simpler than those currently in use. ... Acknoledgments We thanks the program commitee for their valuable comments. ...

doi:10.1007/3-540-45022-x_42 fatcat:b6az7hmtkbgvlj7h7ejqh7bmwi

In particular, it is regarded as the appropriate security notion for encryption schemes used as components within general protocols and applications. ... RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. ... Relations among Notions of Detectable RCCA Here we investigate the relations among the different flavors of detectable RCCA security, and between these and CCA security. ...

doi:10.1007/978-3-540-45146-4_33 fatcat:vzgdcyitgzbctmib4cua7fbu24

In the context of public key encryption, this notion means it is infeasible for an adversary to transform an encryption of some message m into one of a related message m under the given public key. ... Non-malleability is an important and intensively studied security notion for many cryptographic primitives. ... Moreover, a full analysis of relationships of security notions among indistinguishability, non-malleability and complete non-malleability was given in [22] , which demonstrated that the complete non-malleability ...

doi:10.1145/2897845.2897921 dblp:conf/ccs/SunGLPY16 fatcat:53fw7lkhinaxzjocoq7jttaxoe

We also improve over the security result by Boldyreva et al., showing that our notion of non-malleability suffices for the security of the Bellare-Rogaway encryption scheme. ... Non-malleability of a cryptographic primitive is a fundamental security property which ensures some sort of independence of cryptographic values. ... Acknowledgments We thank the anonymous reviewers for valuable comments. The authors are supported by the Emmy Noether Grant Fi 940/2-1 of the German Research Foundation (DFG). ...

doi:10.1007/978-3-642-19074-2_18 fatcat:bovswhil35avvcx7bj2bdbow6i

Completely non-malleable encryption schemes resist attacks which allow an adversary to tamper with both ciphertexts and public keys. ... In this paper we introduce two extractor-based properties that allow us to gain insight into the design of such schemes and to go beyond known feasibility results in this area. ... In order to establish relations with other notions of security, non-malleability for public-key encryption was reformulated by Bellare et al. [4] as a comparison-based security model. ...

doi:10.1007/978-3-642-14081-5_11 fatcat:yizr7tvaavg5xhdvnaxnrxa7n4

In order to define the security notions of public-key cryptosystems, we have to model the power of the sender, receiver, adversary and channel. ... While we may consider a setting where quantum computers are available only to adversaries, we generally discuss what are the right security notions for (quantum) public-key cryptosystems in the quantum ... In this paper, we discuss the appropriate definitions of security notions for quantum public-key cryptosystems and derive relations among them. ...

arXiv:quant-ph/0702183v1 fatcat:sjwlmr43a5b2lmbvuv6q6heriy

The only known countermeasures against our impossibility results, besides malleable key generation, are the inclusion of an additional random string in the public key, or encryption twinning as in Naor-Yung ... We extend this impossibility to arbitrary reductions assuming non-malleable key generation, a property capturing the intuition that factoring a modulus n should not be any easier when given a factoring ... We thank the anonymous referees of Asiacrypt'06 for their numerous comments as well as Mihir Bellare for suggestions that substantially improved the presentation of this paper. ...

doi:10.1007/11935230_17 fatcat:vjv2pyjsjrcdfonfypinyi6udi

Namely, we show that instantiating both random oracles in OAEP by modest functions implies non-malleability under chosen plaintext attacks for random messages. ... We also discuss the implications, especially of the full instantiation result, to the usage of OAEP for secure hybird encryption (as required in SSL/TLS, for example). ... Acknowledgments We thank the anonymous reviewers for comments. Part of the work done while both authors were visiting Centre de Recerca Matematica (CRM) and Technical ...

doi:10.1007/11935230_14 fatcat:7sexexxrtneztlagkrff2mutwa

We then apply our scheme for constructing a novel protocol for secure data aggregation in Wireless Sensor Networks. ... In this study, we achieve this goal by lifting the message space of the ElGamal scheme from M to g M 0 . ... Typically, two goals, namely, indistinguishability (IND) [13] and non-malleability (NM) [8] , and three attack models, namely, chosen-plaintext attack (CPA), non-adaptive chosen-ciphertext attack (CCA1 ...

doi:10.1007/978-3-642-11145-7_39 fatcat:scaivp4g7jfy3os3exondr42i4

An encryption scheme is non-malleable if the adversary cannot transform a ciphertext into one of a related message under the given public key. ... In this paper we therefore introduce the notion of completely non-malleable cryptographic schemes withstanding such attacks. ... Acknowledgments We would like to thank Yevgeniy Dodis, Alejandro Hevia, Bogdan Warinschi and the reviewers for helpful input. ...

doi:10.1007/11523468_63 fatcat:473abeex3fdg7oituxznffueoq

This paper presents a simple and generic transformation that adds traceability to an anonymous encryption scheme. ... We focus on the case of honest senders, which finds applications in many real-life scenarios. Advantageously, our transformation can be applied to already deployed public-key infrastructures. ... We are grateful to the anonymous referees and to Alain Durand, Mohamed Karroumi and Nicolas Prigent for useful comments. ...

doi:10.1145/1655048.1655051 dblp:conf/drm/AlessioJ09 fatcat:xtei6edjrvgkhdchowarcwclzi

Furthermore, as an independent result, we revisit and extend prior work on the relations among security notions for KEMs and DEMs. ... Using six different security notions for KEMs, 10 for DEMs, and six for PKE schemes, we completely characterize in this work which combinations lead to a secure hybrid PKE scheme (by proving a composition ... Acknowledgments The authors thank Tatsuaki Okamoto for providing us with a preliminary version of [24] and Mihir Bellare for interesting discussions. ...

doi:10.1016/j.ic.2010.07.002 fatcat:g6tjox5gy5dmnlvmluwpui2kyq

Szczepanski

Relations Among Notions of Non-malleability for Encryption [chapter]

Preserved Fulltext

Relations among Notions of Complete Non-malleability: Indistinguishability Characterisation and Efficient Construction without Random Oracles [chapter]

Preserved Fulltext

Non-malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization [chapter]

Preserved Fulltext

Extended Notions of Security for Multicast Public Key Cryptosystems [chapter]

Preserved Fulltext

Relaxing Chosen-Ciphertext Security [chapter]

Preserved Fulltext

Efficient Construction of Completely Non-Malleable CCA Secure Public Key Encryption

Preserved Fulltext

Expedient Non-malleability Notions for Hash Functions [chapter]

Preserved Fulltext

Strong Knowledge Extractors for Public-Key Encryption Schemes [chapter]

Preserved Fulltext

Security Notions for Quantum Public-Key Cryptography [article]

Preserved Fulltext

Trading One-Wayness Against Chosen-Ciphertext Security in Factoring-Based Encryption [chapter]

Preserved Fulltext

On the Security of OAEP [chapter]

Preserved Fulltext

Discrete-Log-Based Additively Homomorphic Encryption and Secure WSN Data Aggregation [chapter]

Preserved Fulltext

Completely Non-malleable Schemes [chapter]

Preserved Fulltext

A simple construction for public-key encryption with revocable anonymity

Preserved Fulltext

Some (in)sufficient conditions for secure hybrid encryption

Preserved Fulltext