International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: A New Security Definition for Public Key Encryption Schemes and Its Applications

Guomin Yang
Duncan S. Wong
Qiong Huang
Xiaotie Deng
Search ePrint
Search Google
Abstract: The strongest security definition for public key encryption (PKE) schemes is indistinguishability against adaptive chosen ciphertext attacks (IND-CCA). A practical IND-CCA secure PKE scheme in the standard model is well-known to be difficult to construct given the fact that there are only a few such kind of PKE schemes available. From another perspective, we observe that for a large class of PKE-based applications, although IND-CCA security is sufficient, it is not a necessary requirement. Examples are Key Encapsulation Mechanism (KEM), MT-authenticator, providing pseudorandomness with a-priori information, and so on. This observation leads us to propose a slightly weaker version of IND-CCA, which requires ciphertexts of two randomly selected messages are indistinguishable under chosen ciphertext attacks. Under this new security notion, we show that highly efficient schemes proven secure in the standard model can be built in a straightforward way. We also demonstrate that such a security definition is already sufficient for the applications above.
  title={A New Security Definition for Public Key Encryption Schemes and Its Applications},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / Public Key Encryption, Adaptive Chosen Ciphertext Attacks, Standard Model},
  note={ 13740 received 14 Aug 2007},
  author={Guomin Yang and Duncan S. Wong and Qiong Huang and Xiaotie Deng},