Alternatives to Non-malleability: Definitions, Constructions, and Applications [chapter]

Philip MacKenzie, Michael K. Reiter, Ke Yang
2004 Lecture Notes in Computer Science  
We explore whether non-malleability is necessary for the applications typically used to motivate it, and propose two alternatives. The first we call weak non-malleability (wnm) and show that it suffices to achieve secure contract bidding (the application for which nonmalleability was initially introduced), despite being strictly weaker than non-malleability. The second we call tag-based non-malleability (tnm), and show that it suffices to construct an efficient universally-composable secure
more » ... age transmission (SMT) protocol, for which the only previous solution was based on a public key encryption functionality whose security is equivalent to non-malleability. We also demonstrate constructions for wnm and tnm encryption schemes that are simpler than known constructions of non-malleable encryption schemes. 1 While there exist efficient encryption systems that implement indistinguishability under adaptive chosen-ciphertext attacks (and thus non-malleability under these attacks, e.g., [2, 8] ), we are unaware of prior constructions that, like those listed here, so simply implement a property strictly stronger than indistinguishability (in this case, weak non-malleability) under chosen-plaintext and lunchtime attacks.
doi:10.1007/978-3-540-24638-1_10 fatcat:5umu66rbfvezzb6kzadj2h3bhm