Abstract
We consider the problem of defining and achieving plaintextaware encryption without random oracles in the classical public-key model. We provide definitions for a hierarchy of notions of increasing strength: PA0, PA1 and PA2, chosen so that PA1+IND-CPA -→ IND-CCA1 and PA2+IND-CPA -→ IND-CCA2. Towards achieving the new notions of plaintext awareness, we show that a scheme due to Damgård [12], denoted DEG, and the "lite"l version of the Cramer-Shoup scheme [11], denoted CS-Iite, are both PAO under the DHKO assumption of [12], and PA1 under an extension of this assumption called DHK1. As a result, DEG is the most efficient proven IND-CCA1 scheme known. © International Association for Cryptologic Research 2004.
Cite
CITATION STYLE
Bellare, M., & Palacio, A. (2004). Towards plaintext-aware public-key encryption without random oracles. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3329, 48–62. https://doi.org/10.1007/978-3-540-30539-2_4
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
