Revisiting (R)CCA Security and Replay Protection View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2021-05-01

AUTHORS

Christian Badertscher , Ueli Maurer , Christopher Portmann , Guilherme Rito

ABSTRACT

This paper takes a fresh approach to systematically characterizing, comparing, and understanding CCA-type security definitions for public-key encryption (PKE), a topic with a long history. The justification for a concrete security definition X is relative to a benchmark application (e.g. confidential communication): Does the use of a PKE scheme satisfying X imply the security of the application? Because unnecessarily strong definitions may lead to unnecessarily inefficient schemes or unnecessarily strong computational assumptions, security definitions should be as weak as possible, i.e. as close as possible to (but above) the benchmark. Understanding the hierarchy of security definitions, partially ordered by the implication (i.e. at least as strong) relation, is hence important, as is placing the relevant applications as benchmark levels within the hierarchy.CCA-2 security is apparently the strongest notion, but because it is arguably too strong, Canetti, Krawczyk, and Nielsen (Crypto 2003) proposed the relaxed notions of Replayable CCA security (RCCA) as perhaps the weakest meaningful definition, and they investigated the space between CCA and RCCA security by proposing two versions of Detectable RCCA (d-RCCA) security which are meant to ensure that replays of ciphertexts are either publicly or secretly detectable (and hence preventable).The contributions of this paper are three-fold. First, following the work of Coretti, Maurer, and Tackmann (Asiacrypt 2013), we formalize the three benchmark applications of PKE that serve as the natural motivation for security notions, namely the construction of certain types of (possibly replay-protected) confidential channels (from an insecure and an authenticated communication channel). Second, we prove that RCCA does not achieve the confidentiality benchmark and, contrary to previous belief, that the proposed d-RCCA notions are not even relaxations of CCA-2 security. Third, we propose the natural security notions corresponding to the three benchmarks: an appropriately strengthened version of RCCA to ensure confidentiality, as well as two notions for capturing public and secret replay detectability. More... »

PAGES

173-202

Book

TITLE

Public-Key Cryptography – PKC 2021

ISBN

978-3-030-75247-7
978-3-030-75248-4

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-030-75248-4_7

DOI

http://dx.doi.org/10.1007/978-3-030-75248-4_7

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1137654854


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "IOHK, Zurich, Switzerland", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "IOHK, Zurich, Switzerland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Badertscher", 
        "givenName": "Christian", 
        "id": "sg:person.010232721040.24", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010232721040.24"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "ETH Zurich, Zurich, Switzerland", 
          "id": "http://www.grid.ac/institutes/grid.5801.c", 
          "name": [
            "ETH Zurich, Zurich, Switzerland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Maurer", 
        "givenName": "Ueli", 
        "id": "sg:person.01316567627.91", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01316567627.91"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "ETH Zurich, Zurich, Switzerland", 
          "id": "http://www.grid.ac/institutes/grid.5801.c", 
          "name": [
            "ETH Zurich, Zurich, Switzerland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Portmann", 
        "givenName": "Christopher", 
        "id": "sg:person.012175151063.55", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012175151063.55"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "ETH Zurich, Zurich, Switzerland", 
          "id": "http://www.grid.ac/institutes/grid.5801.c", 
          "name": [
            "ETH Zurich, Zurich, Switzerland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Rito", 
        "givenName": "Guilherme", 
        "id": "sg:person.013404447221.98", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404447221.98"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2021-05-01", 
    "datePublishedReg": "2021-05-01", 
    "description": "This paper takes a fresh approach to systematically characterizing, comparing, and understanding CCA-type security definitions for public-key encryption (PKE), a topic with a long history. The justification for a concrete security definition X is relative to a benchmark application (e.g. confidential communication): Does the use of a PKE scheme satisfying X imply the security of the application? Because unnecessarily strong definitions may lead to unnecessarily inefficient schemes or unnecessarily strong computational assumptions, security definitions should be as weak as possible, i.e. as close as possible to (but above) the benchmark. Understanding the hierarchy of security definitions, partially ordered by the implication (i.e. at least as strong) relation, is hence important, as is placing the relevant applications as benchmark levels within the hierarchy.CCA-2 security is apparently the strongest notion, but because it is arguably too strong, Canetti, Krawczyk, and Nielsen (Crypto 2003) proposed the relaxed notions of Replayable CCA security (RCCA) as perhaps the weakest meaningful definition, and they investigated the space between CCA and RCCA security by proposing two versions of Detectable RCCA (d-RCCA) security which are meant to ensure that replays of ciphertexts are either publicly or secretly detectable (and hence preventable).The contributions of this paper are three-fold. First, following the work of Coretti, Maurer, and Tackmann (Asiacrypt 2013), we formalize the three benchmark applications of PKE that serve as the natural motivation for security notions, namely the construction of certain types of (possibly replay-protected) confidential channels (from an insecure and an authenticated communication channel). Second, we prove that RCCA does not achieve the confidentiality benchmark and, contrary to previous belief, that the proposed d-RCCA notions are not even relaxations of CCA-2 security. Third, we propose the natural security notions corresponding to the three benchmarks: an appropriately strengthened version of RCCA to ensure confidentiality, as well as two notions for capturing public and secret replay detectability.", 
    "editor": [
      {
        "familyName": "Garay", 
        "givenName": "Juan A.", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-030-75248-4_7", 
    "inLanguage": "en", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-030-75247-7", 
        "978-3-030-75248-4"
      ], 
      "name": "Public-Key Cryptography \u2013 PKC 2021", 
      "type": "Book"
    }, 
    "keywords": [
      "benchmark applications", 
      "stronger computational assumptions", 
      "relaxed notion", 
      "natural motivation", 
      "scheme", 
      "computational assumptions", 
      "relevant applications", 
      "stronger notion", 
      "implication relations", 
      "meaningful definition", 
      "certain types", 
      "security definitions", 
      "applications", 
      "stronger definition", 
      "inefficient schemes", 
      "benchmarks", 
      "notion", 
      "space", 
      "version", 
      "definition", 
      "assumption", 
      "hierarchy", 
      "Krawczyk", 
      "security notions", 
      "relaxation", 
      "approach", 
      "Maurer", 
      "detectability", 
      "fresh approach", 
      "public key encryption", 
      "justification", 
      "Nielsen", 
      "work", 
      "construction", 
      "confidential channel", 
      "channels", 
      "previous belief", 
      "topic", 
      "security", 
      "relation", 
      "Canetti", 
      "contribution", 
      "three-fold", 
      "encryption", 
      "long history", 
      "PKE scheme", 
      "ciphertext", 
      "motivation", 
      "types", 
      "use", 
      "replay", 
      "replay protection", 
      "levels", 
      "Replayable CCA (RCCA) security", 
      "CCA", 
      "confidentiality", 
      "benchmark levels", 
      "CCA security", 
      "RCCA security", 
      "history", 
      "Tackmann", 
      "beliefs", 
      "protection", 
      "paper"
    ], 
    "name": "Revisiting (R)CCA Security and Replay Protection", 
    "pagination": "173-202", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1137654854"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-030-75248-4_7"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-030-75248-4_7", 
      "https://app.dimensions.ai/details/publication/pub.1137654854"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-05-20T07:44", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220519/entities/gbq_results/chapter/chapter_256.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-030-75248-4_7"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-75248-4_7'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-75248-4_7'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-75248-4_7'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-75248-4_7'


 

This table displays all metadata directly associated to this object as RDF triples.

148 TRIPLES      23 PREDICATES      89 URIs      82 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-030-75248-4_7 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author Nd7fdc445098542f39c98daaa0c218d04
4 schema:datePublished 2021-05-01
5 schema:datePublishedReg 2021-05-01
6 schema:description This paper takes a fresh approach to systematically characterizing, comparing, and understanding CCA-type security definitions for public-key encryption (PKE), a topic with a long history. The justification for a concrete security definition X is relative to a benchmark application (e.g. confidential communication): Does the use of a PKE scheme satisfying X imply the security of the application? Because unnecessarily strong definitions may lead to unnecessarily inefficient schemes or unnecessarily strong computational assumptions, security definitions should be as weak as possible, i.e. as close as possible to (but above) the benchmark. Understanding the hierarchy of security definitions, partially ordered by the implication (i.e. at least as strong) relation, is hence important, as is placing the relevant applications as benchmark levels within the hierarchy.CCA-2 security is apparently the strongest notion, but because it is arguably too strong, Canetti, Krawczyk, and Nielsen (Crypto 2003) proposed the relaxed notions of Replayable CCA security (RCCA) as perhaps the weakest meaningful definition, and they investigated the space between CCA and RCCA security by proposing two versions of Detectable RCCA (d-RCCA) security which are meant to ensure that replays of ciphertexts are either publicly or secretly detectable (and hence preventable).The contributions of this paper are three-fold. First, following the work of Coretti, Maurer, and Tackmann (Asiacrypt 2013), we formalize the three benchmark applications of PKE that serve as the natural motivation for security notions, namely the construction of certain types of (possibly replay-protected) confidential channels (from an insecure and an authenticated communication channel). Second, we prove that RCCA does not achieve the confidentiality benchmark and, contrary to previous belief, that the proposed d-RCCA notions are not even relaxations of CCA-2 security. Third, we propose the natural security notions corresponding to the three benchmarks: an appropriately strengthened version of RCCA to ensure confidentiality, as well as two notions for capturing public and secret replay detectability.
7 schema:editor N2f5d3611186342f39593e537155caa27
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree true
11 schema:isPartOf Nb8ce478a86ea47b6af4c9a435c4811fe
12 schema:keywords CCA
13 CCA security
14 Canetti
15 Krawczyk
16 Maurer
17 Nielsen
18 PKE scheme
19 RCCA security
20 Replayable CCA (RCCA) security
21 Tackmann
22 applications
23 approach
24 assumption
25 beliefs
26 benchmark applications
27 benchmark levels
28 benchmarks
29 certain types
30 channels
31 ciphertext
32 computational assumptions
33 confidential channel
34 confidentiality
35 construction
36 contribution
37 definition
38 detectability
39 encryption
40 fresh approach
41 hierarchy
42 history
43 implication relations
44 inefficient schemes
45 justification
46 levels
47 long history
48 meaningful definition
49 motivation
50 natural motivation
51 notion
52 paper
53 previous belief
54 protection
55 public key encryption
56 relation
57 relaxation
58 relaxed notion
59 relevant applications
60 replay
61 replay protection
62 scheme
63 security
64 security definitions
65 security notions
66 space
67 stronger computational assumptions
68 stronger definition
69 stronger notion
70 three-fold
71 topic
72 types
73 use
74 version
75 work
76 schema:name Revisiting (R)CCA Security and Replay Protection
77 schema:pagination 173-202
78 schema:productId N14ea7eb6983746e88114a492738f959a
79 Nadb6f912c20148dc99e84b9c87c02fb9
80 schema:publisher N5ca225326b00415d8cbfc02194c9aa60
81 schema:sameAs https://app.dimensions.ai/details/publication/pub.1137654854
82 https://doi.org/10.1007/978-3-030-75248-4_7
83 schema:sdDatePublished 2022-05-20T07:44
84 schema:sdLicense https://scigraph.springernature.com/explorer/license/
85 schema:sdPublisher N11dd210dfd494e4c8b0be19c27cfc19e
86 schema:url https://doi.org/10.1007/978-3-030-75248-4_7
87 sgo:license sg:explorer/license/
88 sgo:sdDataset chapters
89 rdf:type schema:Chapter
90 N11dd210dfd494e4c8b0be19c27cfc19e schema:name Springer Nature - SN SciGraph project
91 rdf:type schema:Organization
92 N14ea7eb6983746e88114a492738f959a schema:name doi
93 schema:value 10.1007/978-3-030-75248-4_7
94 rdf:type schema:PropertyValue
95 N2f5d3611186342f39593e537155caa27 rdf:first N6155b04c092e4325929e7eff8568a452
96 rdf:rest rdf:nil
97 N5ca225326b00415d8cbfc02194c9aa60 schema:name Springer Nature
98 rdf:type schema:Organisation
99 N6155b04c092e4325929e7eff8568a452 schema:familyName Garay
100 schema:givenName Juan A.
101 rdf:type schema:Person
102 N79c97d3ee7ba4f2e86a62e2efeca68f5 rdf:first sg:person.012175151063.55
103 rdf:rest Ncd76c5a2499c4147aa72caaa0d61dbce
104 N7a7ac80098d04ea3a90df8e36d789046 rdf:first sg:person.01316567627.91
105 rdf:rest N79c97d3ee7ba4f2e86a62e2efeca68f5
106 Nadb6f912c20148dc99e84b9c87c02fb9 schema:name dimensions_id
107 schema:value pub.1137654854
108 rdf:type schema:PropertyValue
109 Nb8ce478a86ea47b6af4c9a435c4811fe schema:isbn 978-3-030-75247-7
110 978-3-030-75248-4
111 schema:name Public-Key Cryptography – PKC 2021
112 rdf:type schema:Book
113 Ncd76c5a2499c4147aa72caaa0d61dbce rdf:first sg:person.013404447221.98
114 rdf:rest rdf:nil
115 Nd7fdc445098542f39c98daaa0c218d04 rdf:first sg:person.010232721040.24
116 rdf:rest N7a7ac80098d04ea3a90df8e36d789046
117 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
118 schema:name Information and Computing Sciences
119 rdf:type schema:DefinedTerm
120 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
121 schema:name Data Format
122 rdf:type schema:DefinedTerm
123 sg:person.010232721040.24 schema:affiliation grid-institutes:None
124 schema:familyName Badertscher
125 schema:givenName Christian
126 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010232721040.24
127 rdf:type schema:Person
128 sg:person.012175151063.55 schema:affiliation grid-institutes:grid.5801.c
129 schema:familyName Portmann
130 schema:givenName Christopher
131 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012175151063.55
132 rdf:type schema:Person
133 sg:person.01316567627.91 schema:affiliation grid-institutes:grid.5801.c
134 schema:familyName Maurer
135 schema:givenName Ueli
136 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01316567627.91
137 rdf:type schema:Person
138 sg:person.013404447221.98 schema:affiliation grid-institutes:grid.5801.c
139 schema:familyName Rito
140 schema:givenName Guilherme
141 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404447221.98
142 rdf:type schema:Person
143 grid-institutes:None schema:alternateName IOHK, Zurich, Switzerland
144 schema:name IOHK, Zurich, Switzerland
145 rdf:type schema:Organization
146 grid-institutes:grid.5801.c schema:alternateName ETH Zurich, Zurich, Switzerland
147 schema:name ETH Zurich, Zurich, Switzerland
148 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...