Name
Abstract | ||
|---|---|---|
The notion of plaintext awareness ( $${\mathsf{PA}}$$ PA ) has many applications in public key cryptography: it offers unique, stand-alone security guarantees for public key encryption schemes, has been used as a sufficient condition for proving indistinguishability against adaptive chosen-ciphertext attacks ( $${\mathsf{IND}\hbox {-}{\mathsf{CCA}}}$$ IND - CCA ), and can be used to construct privacy-preserving protocols such as deniable authentication. Unlike many other security notions, plaintext awareness is very fragile when it comes to differences between the random oracle and standard models; for example, many implications involving $${\mathsf{PA}}$$ PA in the random oracle model are not valid in the standard model and vice versa. Similarly, strategies for proving $${\mathsf{PA}}$$ PA of schemes in one model cannot be adapted to the other model. Existing research addresses $${\mathsf{PA}}$$ PA in detail only in the public key setting. This paper gives the first formal exploration of plaintext awareness in the identity-based setting and, as initial work, proceeds in the random oracle model. The focus is laid mainly on identity-based key encapsulation mechanisms (IB-KEMs), for which the paper presents the first definitions of plaintext awareness, highlights the role of $${\mathsf{PA}}$$ PA in proof strategies of $${\mathsf{IND}\hbox {-}{\mathsf{CCA}}}$$ IND - CCA security, and explores relationships between $${\mathsf{PA}}$$ PA and other security properties. On the practical side, our work offers the first, highly efficient, general approach for building IB-KEMs that are simultaneously plaintext-aware and $${\mathsf{IND}\hbox {-}{\mathsf{CCA}}}$$ IND - CCA -secure. Our construction is inspired by the Fujisaki-Okamoto (FO) transform, but demands weaker and more natural properties of its building blocks. This result comes from a new look at the notion of $$\gamma $$ ¿ - uniformity that was inherent in the original FO transform. We show that for IB-KEMs (and PK-KEMs), this assumption can be replaced with a weaker computational notion, which is in fact implied by one-wayness. Finally, we give the first concrete IB-KEM scheme that is $${\mathsf{PA}}$$ PA and $${\mathsf{IND}\hbox {-}{\mathsf{CCA}}}$$ IND - CCA -secure by applying our construction to a popular IB-KEM and optimizing it for better performance. |
Year | DOI | Venue |
|---|---|---|
2014 | 10.1007/s10207-013-0218-5 | International Journal of Information Security |
Keywords | DocType | Volume |
Plaintext awareness, Identity-based encryption, Key encapsulation mechanism, Generic transformation | Journal | 13 |
Issue | ISSN | Citations |
1 | 1615-5270 | 1 |
PageRank | References | Authors |
0.35 | 35 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Mark Manulis | 1 | 636 | 50.11 |
| Bertram Poettering | 2 | 223 | 18.74 |
| Douglas Stebila | 3 | 578 | 48.66 |