Completely Non-malleable Schemes
METADATA ONLY
Loading...
Author / Producer
Date
2005
Publication Type
Conference Paper
ETH Bibliography
yes
Citations
Altmetric
METADATA ONLY
Data
Rights / License
Abstract
An encryption scheme is non-malleable if the adversary cannot transform a ciphertext into one of a related message under the given public key. Although providing a very strong security property, some application scenarios like the recently proposed key-substitution attacks yet show the limitations of this notion. In such settings the adversary may have the power to transform the ciphertext and the given public key, possibly without knowing the corresponding secret key of her own public key. In this paper we therefore introduce the notion of completely non-malleable cryptographic schemes withstanding such attacks. We show that classical schemes like the well-known Cramer-Shoup DDH encryption scheme become indeed insecure against this stronger kind of attack, implying that the notion is a strict extension of chosen-ciphertext security. We also prove that, unless one puts further restrictions on the adversary’s success goals, completely non-malleable schemes are hard to construct (as in the case of encryption) or even impossible (as in the case of signatures). Identifying the appropriate restrictions we then show how to modify well-known constructions like RSA-OAEP and Fiat-Shamir signatures yielding practical solutions for the problem in the random oracle model.
Permanent link
Publication status
published
External links
Book title
Automata, Languages and Programming
Journal / series
Volume
3580
Pages / Article No.
779 - 790
Publisher
Springer
Event
32nd International Colloquium on Automata, Languages and Programming (ICALP 2005)
Edition / version
Methods
Software
Geographic location
Date collected
Date created
Subject
Organisational unit
03338 - Maurer, Ueli (emeritus) / Maurer, Ueli (emeritus)