Bounded CCA2-Secure Non-Malleable Encryption
Author(s)
Pass, Rafael; Shelat, Abhi; Vaikuntanathan, Vinod
DownloadMIT-CSAIL-TR-2006-081.ps (1193.Kb)
Additional downloads
Other Contributors
Theory of Computation
Advisor
Shafi Goldwasser
Metadata
Show full item recordAbstract
Under an adaptive chosen ciphertext attack (CCA2), the security of an encryption scheme must hold against adversaries that have access to a decryption oracle. We consider a weakening of CCA2 security, wherein security need only hold against adversaries making an a-priori bounded number of queries to the decryption oracle. Concerning this notion, which we call bounded-CCA2 security, we show the following two results. (1) Bounded-CCA2 secure non-malleable encryption schemes exist if and only if semantically-secure (IND-CPA-secure) encryption schemes exist.(As far as we know, bounded-CCA2 non-malleability is the strongest notion of security known to be satisfiable assuming only the existence of semantically-secure encryption schemes.) (2) In contrast to CCA2 security, bounded-CCA2 security alone does not imply non-malleability. In particular, if there exists an encryption scheme that is bounded-CCA2 secure, then there exists another encryption scheme which remains bounded-CCA2 secure, but is malleable under a simple chosen-plaintext attack.
Date issued
2006-12-14Other identifiers
MIT-CSAIL-TR-2006-081
Series/Report no.
Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory
Keywords
Public-key Encryption, Non-Malleability, Chosen Ciphertext Security