Cramer-Shoup Satisfies a Stronger Plaintext Awareness under a Weaker Assumption

In the seminal paper of Eurocrypt 2006, Dent defined a new assumption, simulatability, and showed that the well-known Cramer-Shoup public-key encryption scheme satisfied the weakest version of the plaintext awareness, the computational plaintext awareness, under the simulatability assumption, the DDH assumption, the DHK assumption, and the collision resistance of the hash function. However, a tricky aspect of the computational plaintext awareness was later shown. Moreover, the definition of the simulatability is elaborated. In this paper, we show that the Cramer-Shoup scheme satisfies a stronger variant of the plaintext awareness, the statistical plaintext awareness, under a weaker and simpler assumption than the simulatability. In particular, we show the statisticalPA2-ness of the Cramer-Shoup scheme under computationalassumptions.

[1]  Alexander W. Dent,et al.  The Cramer-Shoup Encryption Scheme is Plaintext Aware in the Standard Model , 2006, IACR Cryptol. ePrint Arch..

[2]  Jacques Stern,et al.  RSA-OAEP Is Secure under the RSA Assumption , 2001, Journal of Cryptology.

[3]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[4]  Ronald Cramer,et al.  Public Key Cryptography - PKC 2008, 11th International Workshop on Practice and Theory in Public-Key Cryptography, Barcelona, Spain, March 9-12, 2008. Proceedings , 2008, Public Key Cryptography.

[5]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[6]  Dan Boneh,et al.  Simplified OAEP for the RSA and Rabin Functions , 2001, CRYPTO.

[7]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[8]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[9]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[10]  E. Fujisaki Plaintext Simulatability(Public Key Cryptography, Cryptography and Information Security) , 2006 .

[11]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[12]  Silvio Micali,et al.  Plaintext Awareness via Key Registration , 2003, CRYPTO.

[13]  Isamu Teranishi,et al.  Relationship between Two Approaches for Defining the Standard Model PA-ness , 2008, ACISP.

[14]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[15]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[16]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[17]  Victor Shoup,et al.  Using Hash Functions as a Hedge against Chosen Ciphertext Attack , 2000, EUROCRYPT.

[18]  Pil Joong Lee,et al.  Advances in Cryptology — ASIACRYPT 2001 , 2001, Lecture Notes in Computer Science.

[19]  Eiichiro Fujisaki Plaintext Simulatability , 2004, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[20]  Alexander W. Dent,et al.  Relations Among Notions of Plaintext Awareness , 2008, Public Key Cryptography.

[21]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[22]  Isamu Teranishi,et al.  Relationship between Standard Model Plaintext Awareness and Message Hiding , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[23]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[24]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[25]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[26]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[27]  Mihir Bellare,et al.  Towards Plaintext-Aware Public-Key Encryption Without Random Oracles , 2004, ASIACRYPT.

[28]  James Manger,et al.  A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0 , 2001, CRYPTO.