Bounded CCA2-Secure Non-Malleable Encryption

Pass, Rafael; Shelat, Abhi; Vaikuntanathan, Vinod

Author(s)

Pass, Rafael; Shelat, Abhi; Vaikuntanathan, Vinod

DownloadMIT-CSAIL-TR-2006-081.ps (1193.Kb)

Additional downloads

Other Contributors

Theory of Computation

Advisor

Shafi Goldwasser

Metadata

Show full item record

Abstract

Under an adaptive chosen ciphertext attack (CCA2), the security of an encryption scheme must hold against adversaries that have access to a decryption oracle. We consider a weakening of CCA2 security, wherein security need only hold against adversaries making an a-priori bounded number of queries to the decryption oracle. Concerning this notion, which we call bounded-CCA2 security, we show the following two results. (1) Bounded-CCA2 secure non-malleable encryption schemes exist if and only if semantically-secure (IND-CPA-secure) encryption schemes exist.(As far as we know, bounded-CCA2 non-malleability is the strongest notion of security known to be satisfiable assuming only the existence of semantically-secure encryption schemes.) (2) In contrast to CCA2 security, bounded-CCA2 security alone does not imply non-malleability. In particular, if there exists an encryption scheme that is bounded-CCA2 secure, then there exists another encryption scheme which remains bounded-CCA2 secure, but is malleable under a simple chosen-plaintext attack.

Date issued

2006-12-14

URI

http://hdl.handle.net/1721.1/34968

Other identifiers

MIT-CSAIL-TR-2006-081

Series/Report no.

Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory

Keywords

Public-key Encryption, Non-Malleability, Chosen Ciphertext Security

Collections

CSAIL Technical Reports (July 1, 2003 - present)