- Plaintext-aware encryption
Plaintext-awareness is a notion of security for
public-key encryption. A cryptosystemis plaintext-aware if it is difficult for any efficient algorithmto come up with a valid ciphertextwithout being aware of the corresponding plaintext.
From a lay point of view, this is a strange property. Normally, a ciphertext is computed by encrypting a plaintext. If a ciphertext is created this way, its creator would be aware, in some sense, of the plaintext. However, many cryptosystems are "not" plaintext-aware. As an example, consider the RSA cryptosystem. In the RSA cryptosystem, plaintexts and ciphertexts are both values modulo N (the modulus). Therefore, RSA is not plaintext aware: one way of generating a ciphertext without knowing the plaintext is to simply choose a random number modulo N.
In fact, plaintext-awareness is a very strong property. Any cryptosystem that is semantically secure and is plaintext-aware is actually secure against a
chosen-ciphertext attack, since any adversary that chooses ciphertexts would already know the plaintexts associated with them.
The concept of plaintext-aware encryption was developed by
Mihir Bellareand Phillip Rogawayin their paper on optimal asymmetric encryption [M. Bellare and P. Rogaway. "Optimal Asymmetric Encryption -- How to encrypt with RSA". Extended abstract in Advances in Cryptology - Eurocrypt'94 Proceedings, Lecture Notes in Computer Science Vol. 950, A. De Santis ed, Springer-Verlag, 1995. [http://www-cse.ucsd.edu/users/mihir/papers/oae.pdf full version (pdf)] ] , as a method to prove that a cryptosystem is chosen-ciphertext secure.
Limited research on plaintext-aware encryption has been done since Bellare and Rogaway's paper. Although several papers have applied the plaintext-aware technique in proving encryption schemes are chosen-ciphertext secure, only three papers revisit the concept of plaintext-aware encryption itself, both focussed on the definition given by Bellare and Rogaway that inherently require
random oracles. Plaintext-aware encryption is known to exist when a public-key infrastructure is assumed. [J. Herzog, M. Liskov, and S. Micali. "Plaintext Awareness via Key Registration". In Advances in Cryptology -- CRYPTO2003 Proceedings, Lecture Notes in Computer Science Vol. 2729, Springer-Verlag, 2003. [http://www.cs.wm.edu/~mliskov/pubs/helimi.pdf (pdf)] ] Also, it has been shown that weaker forms of plaintext-awareness exist under the knowledge of exponent assumption, a non-standard assumption about Diffie-Hellmantriples. [M. Bellare and A. Palacio. "Towards Plaintext-Aware Public-Key Encryption without Random Oracles". In Advances in Cryptology -- ASIACRYPT2004, Lecture Notes in Computer Science Vol. 3329, Springer-Verlag, 2004. [http://eprint.iacr.org/2004/221.pdf full version (pdf)] ] Finally a variant of the Cramer Shoup encryption scheme was shown to be fully plaintext aware in the standard model under the knowledge of exponent assumption. [A. W. Dent "The Cramer-Shoup Encryption Scheme Is Plaintext Aware in the Standard Model". In Advances in Cryptology -- EUROCRYPT 2006, Lecture Notes in Computer Science Vol. 4004, Springer-Verlag, 2006. [http://eprint.iacr.org/2005/261.pdf full version (pdf)] ]
Topics in cryptography
Wikimedia Foundation. 2010.
Look at other dictionaries:
cryptology — cryptologist, n. cryptologic /krip tl oj ik/, cryptological, adj. /krip tol euh jee/, n. 1. cryptography. 2. the science and study of cryptanalysis and cryptography. [1635 45; < NL cryptologia. See CRYPTO , LOGY] * * * Introduction … Universalium
Cryptography — Secret code redirects here. For the Aya Kamiki album, see Secret Code. Symmetric key cryptography, where the same key is used both for encryption and decryption … Wikipedia
Encrypting File System — The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem level encryption. The technology enables files to be transparently encrypted to protect confidential data from… … Wikipedia
Onion routing — is a technique for anonymous communication over a computer network. Messages are repeatedly encrypted and then sent through several network nodes called onion routers. Like someone unpeeling an onion, each onion router removes a layer of… … Wikipedia
Differential cryptanalysis — is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at… … Wikipedia
One-way compression function — In cryptography, a one way compression function is a function that transforms two fixed length inputs to an output of the same size as one of the inputs. The transformation is one way , meaning that it is difficult given a particular output to… … Wikipedia
Pretty Good Privacy — Original author(s) Phil Zimmermann Developer(s) Phil Zimmermann Initial release In 1991 Written in Multi language … Wikipedia
ZIP (file format) — unzip redirects here. For the program, see Info ZIP. ZIP Filename extension .zip .zipx (newer compression algorithms) Internet media type application/zip Uniform Type Identifier com.pkware.zip archive Magic … Wikipedia
Steganography — is the art and science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message. By contrast, cryptography obscures the meaning of a message, but it does not conceal … Wikipedia
Voynich manuscript — The Voynich manuscript is a mysterious illustrated book written in an indecipherable text. It is thought to have been written between 1450 and 1520. The author, script and language of the manuscript remain unknown.Over its recorded existence, the … Wikipedia