Bit encryption is complete

  • Myers S
  • Shelat A
  • 17

    Readers

    Mendeley users who have this article in their library.
  • 40

    Citations

    Citations of this article.

Abstract

Under CPA and CCA1 attacks, a secure bit encryption scheme can be applied bit-by-bit to construct a secure many-bit encryption scheme. The same construction fails, however, under a CCA2 attack. In fact, since the notion of CCA2 security was introduced by Rackoff and Simon [21], it has been an open question to determine whether single bit CCA2 secure encryption implies the existence of many-bit CCA2 security. We positively resolve this long-standing question and establish that bit encryption is complete for CPA, CCA1, and CCA2 notions. Our construction is black-box, and thus requires novel techniques to avoid known impossibility results concerning trapdoor predicates [10]. To the best of our knowledge, our work is also the first example of a non-shielding reduction (introduced in [9]) in the standard (i.e., not random-oracle) model.

Author-supplied keywords

  • Chosen-ciphertext secure public key encryption

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Authors

  • Steven Myers

  • Abhi Shelat

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free