Relationship between Standard Model Plaintext Awareness and Message Hiding

Recently, Bellare and Palacio succeeded in defining the plaintext awareness, which is also called PA2, in the standard model. They propose three valiants of the standard model PA2 named perfect, statistical, and computational PA2. In this paper, we study the relationship between the standard model PA2 and the property about message hiding, that is, IND-CPA. Although it seems that these two are independent notions at first glance, we show that all of the perfect, statistical, and computational PA2 in the standard model imply the IND-CPA security if the encryption function is oneway. By using this result, we also showed that PA2 + Oneway => IND-CCA2. This result shows the all-or-nothing aspect of the PA2. That is, a standard model PA2 secure public-key encryption scheme either satisfies the strongest message hiding property. IND-CCA2, or does not satisfy even the weakest message hiding property, onewayness. We also showed that the computational PA2 notion is strictly stronger than the statistical one.

[1]  Jacques Stern,et al.  RSA-OAEP Is Secure under the RSA Assumption , 2001, Journal of Cryptology.

[2]  Antoine Joux,et al.  Separating Decision Diffie–Hellman from Computational Diffie–Hellman in Cryptographic Groups , 2003, Journal of Cryptology.

[3]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[4]  Dan Boneh,et al.  Simplified OAEP for the RSA and Rabin Functions , 2001, CRYPTO.

[5]  Kazukuni Kobara,et al.  Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC , 2001, Public Key Cryptography.

[6]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[7]  Mihir Bellare,et al.  Towards Plaintext-Aware Public-Key Encryption Without Random Oracles , 2004, ASIACRYPT.

[8]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[9]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[10]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[11]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[12]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[13]  Alexander W. Dent,et al.  The Cramer-Shoup Encryption Scheme is Plaintext Aware in the Standard Model , 2006, IACR Cryptol. ePrint Arch..

[14]  Jean-Sébastien Coron,et al.  Universal Padding Schemes for RSA , 2002, CRYPTO.

[15]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[16]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[17]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[18]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[19]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[20]  Jean-Sébastien Coron,et al.  Optimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages , 2002, Public Key Cryptography.

[21]  James Manger,et al.  A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0 , 2001, CRYPTO.

[22]  Eiichiro Fujisaki Plaintext Simulatability , 2004, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[23]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[24]  Silvio Micali,et al.  Plaintext Awareness via Key Registration , 2003, CRYPTO.

[25]  Alexander W. Dent Cramer-Shoup is Plaintext-Aware in the Standard Model , 2005 .

[26]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[27]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[28]  David Pointcheval,et al.  OAEP 3-Round: A Generic and Secure Asymmetric Encryption Padding , 2004, ASIACRYPT.

[29]  David Pointcheval,et al.  REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform , 2001, CT-RSA.

[30]  Yuichi Komano,et al.  Efficient Universal Padding Techniques for Multiplicative Trapdoor One-Way Permutation , 2003, CRYPTO.

[31]  Victor Shoup,et al.  Using Hash Functions as a Hedge against Chosen Ciphertext Attack , 2000, EUROCRYPT.