Sciweavers

ICALP
2005
Springer

Completely Non-malleable Schemes

14 years 6 months ago
Completely Non-malleable Schemes
Abstract An encryption scheme is non-malleable if the adversary cannot transform a ciphertext into one of a related message under the given public key. Although providing a very strong security property, some application scenarios like the recently proposed key-substitution attacks yet show the limitations of this notion. In such settings the adversary may have the power to transform the ciphertext and the given public key, possibly without knowing the corresponding secret key of her own public key. In this paper we therefore introduce the notion of completely non-malleable cryptographic schemes withstanding such attacks. We show that classical schemes like the well-known Cramer-Shoup DDH encryption scheme become indeed insecure against this stronger kind of attack, implying that the notion is a strict extension of chosen-ciphertext security. We also prove that, unless one puts further restrictions on the adversary’s success goals, completely non-malleable schemes are hard to constru...
Marc Fischlin
Added 27 Jun 2010
Updated 27 Jun 2010
Type Conference
Year 2005
Where ICALP
Authors Marc Fischlin
Comments (0)