PA1 and IND-CCA2 Do Not Guarantee PA2: Brief Examples

We give several examples to show that PA1 and IND-CCA2 together do not guarantee PA2 in the absence of random oracles, for both statistical and computational PA. In the statistical case, we use the Desmedt-Phan hybrid encryption scheme as the first example. If the DEM of the Desmedt-Phan hybrid encryption is an IND-CCA2 symmetric encryption without MAC, then the Desmedt-Phan hybrid is IND-CCA2 and statistical PA1 but not statistical PA2. Extend the result to the Cramer-Shoup hybrid encryption scheme, we find that even statistical PA1+ and IND-CCA2 together could not reach statistical PA2. In the computational case, we give an artificial example to show that neither statistical nor computational PA1 together with IND-CCA2 could guarantee computational PA2.

[1]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[2]  Alexander W. Dent The Hardness of the DHK Problem in the Generic Group Model , 2006, IACR Cryptol. ePrint Arch..

[3]  Yvo Desmedt,et al.  A CCA Secure Hybrid Damgård's ElGamal Encryption , 2008, ProvSec.

[4]  Hugo Krawczyk,et al.  Deniable authentication and key exchange , 2006, CCS '06.

[5]  Isamu Teranishi,et al.  Relationship between Standard Model Plaintext Awareness and Message Hiding , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[6]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[7]  Mihir Bellare,et al.  Optimal Asymmetric Encryption-How to Encrypt with RSA , 1995 .

[8]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[9]  Mihir Bellare,et al.  Towards Plaintext-Aware Public-Key Encryption Without Random Oracles , 2004, ASIACRYPT.

[10]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[11]  David Pointcheval,et al.  About the Security of Ciphers (Semantic Security and Pseudo-Random Permutations) , 2004, Selected Areas in Cryptography.

[12]  Silvio Micali,et al.  Plaintext Awareness via Key Registration , 2003, CRYPTO.

[13]  Aggelos Kiayias,et al.  Advances in Cryptology - EUROCRYPT 2004 , 2004 .

[14]  Eiichiro Fujisaki Plaintext Simulatability , 2004, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[15]  Pil Joong Lee,et al.  Advances in Cryptology — ASIACRYPT 2001 , 2001, Lecture Notes in Computer Science.

[16]  Alexander W. Dent,et al.  Relations Among Notions of Plaintext Awareness , 2008, Public Key Cryptography.

[17]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[18]  Huaxiong Wang,et al.  Plaintext-Awareness of Hybrid Encryption , 2010, CT-RSA.

[19]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[20]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[21]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[22]  Isamu Teranishi,et al.  Cramer-Shoup Satisfies a Stronger Plaintext Awareness under a Weaker Assumption , 2008, SCN.

[23]  Alexander W. Dent,et al.  The Cramer-Shoup Encryption Scheme is Plaintext Aware in the Standard Model , 2006, IACR Cryptol. ePrint Arch..

[24]  Anand Desai,et al.  New Paradigms for Constructing Symmetric Encryption Schemes Secure against Chosen-Ciphertext Attack , 2000, CRYPTO.

[25]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[26]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.