Relaxing Chosen-Ciphertext Security

Canetti, Ran; Krawczyk, Hugo; Nielsen, Jesper Buus

doi:10.1007/978-3-540-45146-4_33

Cited by 208 publications

(270 citation statements)

References 22 publications

Supporting

Mentioning

266

Contrasting

Order By: Relevance

“…One interesting class of relaxations is the notion of Replayable Chosen Ciphertext Security [8] and other similar works [29,1]. These works aim to capture the concept that some malleability attacks might intuitively be benign.…”

Section: Related Workmentioning

confidence: 99%

“…In [8], the authors gave an example of an RCCA scheme that could not be publicly detected. Conversely, not all DCCA schemes will be RCCA secure.…”

Section: Related Workmentioning

confidence: 99%

“…Our bit encryption instance serves as an example. We also note that [8] discusses a notion of detectability and introduces a definition that combines replayable and detectable properties. This combined definition is a particular instance of DCCA.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Detecting Dangerous Queries: A New Approach for Chosen Ciphertext Security

Hohenberger

Lewko

Waters

2012

Advances in Cryptology – EUROCRYPT 2012

View full text Add to dashboard Cite

Abstract. We present a new approach for creating chosen ciphertext secure encryption. The focal point of our work is a new abstraction that we call Detectable Chosen Ciphertext Security (DCCA). Intuitively, this notion is meant to capture systems that are not necessarily chosen ciphertext attack (CCA) secure, but where we can detect whether a certain query CT can be useful for decrypting (or distinguishing) a challenge ciphertext CT * .We show how to build chosen ciphertext secure systems from DCCA security. We motivate our techniques by describing multiple examples of DCCA systems including creating them from 1-bit CCA secure encryption -capturing the recent Myers-shelat result (FOCS 2009). Our work identifies DCCA as a new target for building CCA secure systems.

show abstract

Section: Related Workmentioning

confidence: 99%

“…In [8], the authors gave an example of an RCCA scheme that could not be publicly detected. Conversely, not all DCCA schemes will be RCCA secure.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Detecting Dangerous Queries: A New Approach for Chosen Ciphertext Security

Hohenberger

Lewko

Waters

2012

Advances in Cryptology – EUROCRYPT 2012

View full text Add to dashboard Cite

show abstract

“…These techniques for unidirectional transformation and ciphertext validity checking intrinsically require the pairings. Moreover, the security guarantee provided by LV08 is only against replayable chosen-ciphertext attacks (RCCA) [CKN03], a weaker variant of CCA tolerating a "harmless mauling" of the challenge ciphertext.…”

Section: Schemesmentioning

confidence: 99%

Efficient Unidirectional Proxy Re-Encryption

Chow

Weng

Yang

et al. 2010

Lecture Notes in Computer Science

147

View full text Add to dashboard Cite

Abstract. Proxy re-encryption (PRE) allows a semi-trusted proxy to convert a ciphertext originally intended for Alice into one encrypting the same plaintext for Bob. The proxy only needs a re-encryption key given by Alice, and cannot learn anything about the plaintext encrypted. This adds flexibility in various applications, such as confidential email, digital right management and distributed storage. In this paper, we study unidirectional PRE, which the re-encryption key only enables delegation in one direction but not the opposite. In PKC 2009, Shao and Cao proposed a unidirectional PRE assuming the random oracle. However, we show that it is vulnerable to chosen-ciphertext attack (CCA). We then propose an efficient unidirectional PRE scheme (without resorting to pairings). We gain high efficiency and CCA-security using the "token-controlled encryption" technique, under the computational Diffie-Hellman assumption, in the random oracle model and a relaxed but reasonable definition.

show abstract

“…In [11], Hayashi and Tanaka also employed the same restriction in order to prove the anonymity of their encryption scheme. Incidentally, Canetti, Krawczyk, and Nielsen [4] proposed a relaxed notion of CCA security, called Replayable CCA (RCCA). In their security model, the schemes which require restriction such as equivalence class for proving their CCA security satisfy a variant of RCCA, pd-RCCA (publicly-detectable replayable-CCA) secure.…”

Section: Securitymentioning

confidence: 99%

Universally Anonymizable Public-Key Encryption

Hayashi

Tanaka

2005

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We first propose the notion of universally anonymizable publickey encryption. Suppose that we have the encrypted data made with the same security parameter, and that these data do not satisfy the anonymity property. Consider the situation that we would like to transform these encrypted data to those with the anonymity property without decrypting these encrypted data. In this paper, in order to formalize this situation, we propose a new property for public-key encryption called universal anonymizability. If we use a universally anonymizable public-key encryption scheme, not only the person who made the ciphertexts, but also anyone can anonymize the encrypted data without using the corresponding secret key. We then propose universally anonymizable public-key encryption schemes based on the ElGamal encryption scheme, the Cramer-Shoup encryption scheme, and RSA-OAEP, and prove their security.

show abstract

Relaxing Chosen-Ciphertext Security

Cited by 208 publications

References 22 publications

Detecting Dangerous Queries: A New Approach for Chosen Ciphertext Security

Detecting Dangerous Queries: A New Approach for Chosen Ciphertext Security

Efficient Unidirectional Proxy Re-Encryption

Universally Anonymizable Public-Key Encryption

Contact Info

Product

Resources

About