Encryption Simulatability Reconsidered

The notion of encryption simulatability was proposed by Dent to help proving plaintext awareness, and it was claimed that a hybrid encryption scheme composed of a simulatable KEM and a simulatable DEM is simulatable. Here we prove the simulatability of IND-CCA2 secure probabilistic symmetric encryption scheme with every string in its ciphertext space being a valid ciphertext. Moreover, for such a DEM and a simulatable KEM with sparse valid ciphertext space, we show that the resulting hybrid encryption scheme is not simulatable. However, if both the KEM and DEM have sparse valid ciphertext space, or every string in the ciphertext space of the hybrid encryption scheme is a valid ciphertext, then the hybrid encryption scheme is simulatable. Thus the proof for the plaintext awareness of the Cramer-Shoup hybrid encryption scheme provided by Dent is still valid.

[1]  Eike Kiltz,et al.  Chosen-Ciphertext Secure Key-Encapsulation Based on Gap Hashed Diffie-Hellman , 2007, Public Key Cryptography.

[2]  Martin Stanek,et al.  On Ciphertext Undetectability , 2007, IACR Cryptol. ePrint Arch..

[3]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[4]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[5]  Mihir Bellare,et al.  Towards Plaintext-Aware Public-Key Encryption Without Random Oracles , 2004, ASIACRYPT.

[6]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[7]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[8]  Pil Joong Lee,et al.  Advances in Cryptology — ASIACRYPT 2001 , 2001, Lecture Notes in Computer Science.

[9]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[10]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[11]  Silvio Micali,et al.  Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements , 2000, EUROCRYPT.

[12]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[13]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[14]  Anand Desai,et al.  New Paradigms for Constructing Symmetric Encryption Schemes Secure against Chosen-Ciphertext Attack , 2000, CRYPTO.

[15]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[16]  Isamu Teranishi,et al.  Relationship Between Standard Model Plaintext Awareness and Message Hiding , 2006, ASIACRYPT.

[17]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[18]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[19]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[20]  Alexander W. Dent,et al.  The Cramer-Shoup Encryption Scheme is Plaintext Aware in the Standard Model , 2006, IACR Cryptol. ePrint Arch..

[21]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[22]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[23]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[24]  Hugo Krawczyk,et al.  Deniable authentication and key exchange , 2006, CCS '06.