## CryptoDB

### Paper: Towards Plaintext-Aware Public-Key Encryption without Random Oracles

Authors: Mihir Bellare Adriana Palacio URL: http://eprint.iacr.org/2004/221 Search ePrint Search Google We consider the problem of defining and achieving plaintext-aware encryption without random oracles in the classical public-key model. We provide definitions for a hierarchy of notions of increasing strength: PA0, PA1 and PA2, chosen so that PA1+IND-CPA => IND-CCA1 and PA2+IND-CPA => IND-CCA2. Towards achieving the new notions of plaintext awareness, we show that a scheme due to Damgard, denoted DEG, and the lite'' version of the Cramer-Shoup scheme, denoted CSL, are both PA0 under the KEA0 assumption of Damgard, and PA1 under an extension of this assumption called KEA1. As a result, DEG is the most efficient proven IND-CCA1 scheme known.
##### BibTeX
@misc{eprint-2004-12192,
title={Towards Plaintext-Aware Public-Key Encryption without Random Oracles},
booktitle={IACR Eprint archive},
keywords={foundations / encryption, chosen-ciphertext attacks, plaintext awareness},
url={http://eprint.iacr.org/2004/221},
note={An extended abstract of this paper appears in the proceedings of the Asiacrypt 2004 conference. This is the full version. mihir@cs.ucsd.edu 12663 received 1 Sep 2004, last revised 2 Sep 2004},