Published in

Wiley Open Access, IET Information Security, 6(10), p. 288-303, 2016

DOI: 10.1049/iet-ifs.2015.0500

Springer Verlag, Lecture Notes in Computer Science, p. 332-352

DOI: 10.1007/978-3-662-46447-2_15

Links

Tools

Export citation

Search in Google Scholar

Public-Key Encryption Indistinguishable Under Plaintext-Checkable Attacks

Journal article published in 2015 by Michel Abdalla ORCID, Fabrice Benhamouda ORCID, David Pointcheval ORCID
This paper was not found in any repository, but could be made available legally by the author.
This paper was not found in any repository, but could be made available legally by the author.

Full text: Unavailable

Green circle
Preprint: archiving allowed
Green circle
Postprint: archiving allowed
Green circle
Published version: archiving allowed
Data provided by SHERPA/RoMEO

Abstract

Indistinguishability under adaptive chosen-ciphertext attack (IND-CCA) is now considered the de facto security notion for public-key encryption. However, the security guarantee that it offers is sometimes stronger than what is needed by certain applications. In this paper, we consider a weaker notion of security for public-key encryption, termed indistinguishability under plaintext-checking attacks (IND-PCA), in which the adversary is only given access to an oracle which says whether or not a given ciphertext encrypts a given message. After formaliz- ing the IND-PCA notion, we then design a new public-key encryption scheme satisfying it. The new scheme is a more efficient variant of the Cramer-Shoup encryption scheme with shorter ciphertexts and its secu- rity is also based on the plain Decisional Diffie-Hellman (DDH) assump- tion. Additionally, the algebraic properties of the new scheme also allow for proving plaintext knowledge using Groth-Sahai non-interactive zero- knowledge proofs or smooth projective hash functions. Finally, in order to illustrate the usefulness of the new scheme, we further show that, for many password-based authenticated key exchange (PAKE) schemes in the Bellare-Pointcheval-Rogaway security model, one can safely replace the underlying IND-CCA encryption schemes with our new IND-PCA one. By doing so, we were able to reduce the overall communication complex- ity of these protocols and obtain the most efficient PAKE schemes to date based on the plain DDH assumption.