Abstract
Security against adaptive chosen ciphertext attacks (or, CCA security) has been accepted as the standard requirement from encryption schemes that need to withstand active attacks. In particular, it is regarded as the appropriate security notion for encryption schemes used as components within general protocols and applications. Indeed, CCA security was shown to suffice in a large variety of contexts. However, CCA security often appears to be somewhat too strong: there exist encryption schemes (some of which come up naturally in practice) that are not CCA secure, but seem sufficiently secure βfor most practical purposes.β
We propose a relaxed variant of CCA security, called Replayable CCA (RCCA) security. RCCA security accepts as secure the non-CCA (yet arguably secure) schemes mentioned above; furthermore, it suffices for most existing applications of CCA security. We provide three formulations of RCCA security. The first one follows the spirit of semantic security and is formulated via an ideal functionality in the universally composable security framework. The other two are formulated following the indistinguishability and non-malleability approaches, respectively. We show that the three formulations are equivalent in most interesting cases.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
An, J.H., Dodis, Y., Rabin, T.: On the Security of Joint Signature and Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol.Β 2332, pp. 83β107. Springer, Heidelberg (2002)
Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key-exchange protocols. In: 30th STOC (1998)
Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations Among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol.Β 1462, p. 26. Springer, Heidelberg (1998)
Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol.Β 1976, p. 531. Springer, Heidelberg (2000)
Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password- based protocols secure against dictionary attacks. In: Proceedings of the IEEE. Computer Society Symposium on Research in Security and Privacy, pp. 72β84 (1992)
Bleichenbacher, D.: Chosen Ciphertext Attacks against Protocols Based on RSA Encryption Standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol.Β 1462, pp. 1β12. Springer, Heidelberg (1998)
Canetti, R.: Universally Composable Security: A new paradigm for cryptographic protocols. Extended Abstract appears in 42nd FOCS (2001), http://eprint.iacr.org/2000/067
Canetti, R., Krawczyk, H., Nielsen, J.: Relaxing Chosen Ciphertext Security (2003), available online at http://eprint.iacr.org
Canetti, R., Goldwasser, S.: A practical threshold cryptosystem resilient against adaptive chosen ciphertext attacks. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol.Β 1592, p. 90. Springer, Heidelberg (1999)
Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol.Β 2045, p. 453. Springer, Heidelberg (2001); Report 2001/040, Full version in: Cryptology ePrint Archive, http://eprint.iacr.org/
Cramer, R., Shoup, V.: A practical public-key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol.Β 1462, p. 13. Springer, Heidelberg (1998)
Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM. J. ComputingΒ 30(2), 391β437 (2000); Preliminary version in 23rd Symposium on Theory of Computing (STOC). ACM, New York (1991)
ElGamal, T.: A Public-Key cryptosystem and a Signature Scheme based on Discrete Logarithms. IEEE TransactionsΒ IT-31(4), 469β472 (1985)
Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge Press, New York (2001)
Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of the ACMΒ 33(4), 210β217 (1986)
Goldwasser, S., Micali, S.: Probabilistic encryption. JCSSΒ 28(2) (1984)
Halevi, S., Krawczyk, H.: Public-Key Cryptography and Password Protocols. ACM Transactions on Information and System SecurityΒ 2(3), 230β268 (1999)
Hofheinz, D., Mueller-Quade, J., Steinwandt, R.: On Modeling IND-CCA Security in Cryptographic Protocols (2003), http://eprint.iacr.org/2003/024
Krawczyk, H.: The order of encryption and authentication for protecting communications (Or: how secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol.Β 2139, p. 310. Springer, Heidelberg (2001), http://eprint.iacr.org/2001/045
Krohn, M.: On the definitions of cryptographic security: Chosen-Ciphertext attack revisited. Senior Thesis, Harvard U. (1999)
Naor, M., Yung, M.: Public key cryptosystems provably secure against chosen ciphertext attacks. In: Proceedings of the 22nd Annual ACM Symposium on Theory of Computing (1990)
Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: The non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol.Β 2442, pp. 111β126. Springer, Heidelberg (2002)
Rackoff, C., Simon, D.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol.Β 576, pp. 433β444. Springer, Heidelberg (1992)
Shoup, V.: A Proposal for an ISO Standard for Public Key Encryption. In: Crypto Eprint archive entry (2001), http://eprint.iacr.org/2001/112
Sahai, A.: Non malleable, non-interactive zero knowledge and adaptive chosen ciphertext security, FOCS 1999 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Β© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Canetti, R., Krawczyk, H., Nielsen, J.B. (2003). Relaxing Chosen-Ciphertext Security. In: Boneh, D. (eds) Advances in Cryptology - CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science, vol 2729. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45146-4_33
Download citation
DOI: https://doi.org/10.1007/978-3-540-45146-4_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40674-7
Online ISBN: 978-3-540-45146-4
eBook Packages: Springer Book Archive