Sciweavers

IEICET
2006

Plaintext Simulatability

13 years 11 months ago
Plaintext Simulatability
We propose a new security class, called plaintext-simulatability, defined over the public-key encryption schemes. The notion of plaintext simulatability (denoted PS) is similar to the notion of plaintext awareness (denoted PA) [2], but it is, "properly", a weaker security class for public-key encryption. It is known that PA implies the class of CCA2-secure encryption (denoted IND-CCA2) but not vice versa. In most cases, PA is "unnecessarily" strong -- In such cases, PA is only used to prove that a public-key encryption scheme is CCA2-secure, because it looks much easier than to prove "directly" that the scheme meets IND-CCA2. We show that PS also implies IND-CCA2, while preserving a good view of the security proofs as well as PA. Recently, a couple of schemes [9, 15, 1] have been proposed, that have been proven to be CCA2 secure in the random oracle model but they lie outside PA. However, they have been "heuristically" proven and so there is no g...
Eiichiro Fujisaki
Added 12 Dec 2010
Updated 12 Dec 2010
Type Journal
Year 2006
Where IEICET
Authors Eiichiro Fujisaki
Comments (0)