Paper 2001/079

Authenticated Encryption in the Public-Key Setting: Security Notions and Analyses

Jee Hea An

Abstract

This paper addresses the security of authenticated encryption schemes in the public key setting. We present two new notions of authenticity that are stronger than the integrity notions given in the symmetric setting \cite{bn00}. We also show that chosen-ciphertext attack security (IND-CCA) in the public key setting is not obtained in general from the combination of chosen-plaintext security (IND-CPA) and integrity of ciphertext (INT-CTXT), which is in contrast to the results shown in the symmetric setting \cite{ky00,bn00}. We provide security analyses of authenticated encryption schemes constructed by combining a given public key encryption scheme and a given digital signature scheme in a ``generic'' manner ---namely, Encrypt-and-Sign, Sign-then-Encrypt, and Encrypt-then-Sign--- and show that none of them, in general, provide security under all notions defined in this paper. We then present a scheme called {\em ESSR} that meets all security notions defined here. We also give security analyses on an efficient Diffie-Hellman based scheme called {\em DHETM}, which can be thought of as a transform of the encryption scheme ``DHIES'' \cite{abr01} into an {\em authenticated} encryption scheme in the public key setting.

Metadata
Available format(s)
PS
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Public key settingAuthenticated encryptionPrivacyAuthenticityUnforgeability
Contact author(s)
jeehea @ cs ucsd edu
History
2001-09-12: received
Short URL
https://ia.cr/2001/079
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2001/079,
      author = {Jee Hea An},
      title = {Authenticated Encryption in the Public-Key Setting: Security Notions and Analyses},
      howpublished = {Cryptology ePrint Archive, Paper 2001/079},
      year = {2001},
      note = {\url{https://eprint.iacr.org/2001/079}},
      url = {https://eprint.iacr.org/2001/079}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.