Metadata only
Autor(in)
Datum
2005Typ
- Conference Paper
ETH Bibliographie
yes
Altmetrics
Abstract
An encryption scheme is non-malleable if the adversary cannot transform a ciphertext into one of a related message under the given public key. Although providing a very strong security property, some application scenarios like the recently proposed key-substitution attacks yet show the limitations of this notion. In such settings the adversary may have the power to transform the ciphertext and the given public key, possibly without knowing the corresponding secret key of her own public key. In this paper we therefore introduce the notion of completely non-malleable cryptographic schemes withstanding such attacks. We show that classical schemes like the well-known Cramer-Shoup DDH encryption scheme become indeed insecure against this stronger kind of attack, implying that the notion is a strict extension of chosen-ciphertext security. We also prove that, unless one puts further restrictions on the adversary’s success goals, completely non-malleable schemes are hard to construct (as in the case of encryption) or even impossible (as in the case of signatures). Identifying the appropriate restrictions we then show how to modify well-known constructions like RSA-OAEP and Fiat-Shamir signatures yielding practical solutions for the problem in the random oracle model. Mehr anzeigen
Publikationsstatus
publishedExterne Links
Buchtitel
Automata, Languages and ProgrammingZeitschrift / Serie
Lecture Notes in Computer ScienceBand
Seiten / Artikelnummer
Verlag
SpringerKonferenz
Organisationseinheit
03338 - Maurer, Ueli / Maurer, Ueli
ETH Bibliographie
yes
Altmetrics