[Resource Topic] 2004/221: Towards Plaintext-Aware Public-Key Encryption without Random Oracles

Welcome to the resource topic for 2004/221

Towards Plaintext-Aware Public-Key Encryption without Random Oracles

Authors: Mihir Bellare, Adriana Palacio


We consider the problem of defining and
achieving plaintext-aware encryption without random oracles in the classical
public-key model. We provide definitions for a hierarchy of notions of
increasing strength: PA0, PA1 and PA2, chosen so that PA1+IND-CPA =>
IND-CCA1 and PA2+IND-CPA => IND-CCA2. Towards achieving the new
notions of plaintext awareness, we show that a scheme due to Damgard,
denoted DEG, and the ``lite’’ version of the Cramer-Shoup scheme,
denoted CSL, are both PA0 under the KEA0
assumption of Damgard, and PA1 under an extension of this assumption called
KEA1. As a result, DEG is the most efficient proven IND-CCA1 scheme known.

ePrint: https://eprint.iacr.org/2004/221

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .