Ontology type: schema:Chapter Open Access: True
2021-05-01
AUTHORSChristian Badertscher , Ueli Maurer , Christopher Portmann , Guilherme Rito
ABSTRACTThis paper takes a fresh approach to systematically characterizing, comparing, and understanding CCA-type security definitions for public-key encryption (PKE), a topic with a long history. The justification for a concrete security definition X is relative to a benchmark application (e.g. confidential communication): Does the use of a PKE scheme satisfying X imply the security of the application? Because unnecessarily strong definitions may lead to unnecessarily inefficient schemes or unnecessarily strong computational assumptions, security definitions should be as weak as possible, i.e. as close as possible to (but above) the benchmark. Understanding the hierarchy of security definitions, partially ordered by the implication (i.e. at least as strong) relation, is hence important, as is placing the relevant applications as benchmark levels within the hierarchy.CCA-2 security is apparently the strongest notion, but because it is arguably too strong, Canetti, Krawczyk, and Nielsen (Crypto 2003) proposed the relaxed notions of Replayable CCA security (RCCA) as perhaps the weakest meaningful definition, and they investigated the space between CCA and RCCA security by proposing two versions of Detectable RCCA (d-RCCA) security which are meant to ensure that replays of ciphertexts are either publicly or secretly detectable (and hence preventable).The contributions of this paper are three-fold. First, following the work of Coretti, Maurer, and Tackmann (Asiacrypt 2013), we formalize the three benchmark applications of PKE that serve as the natural motivation for security notions, namely the construction of certain types of (possibly replay-protected) confidential channels (from an insecure and an authenticated communication channel). Second, we prove that RCCA does not achieve the confidentiality benchmark and, contrary to previous belief, that the proposed d-RCCA notions are not even relaxations of CCA-2 security. Third, we propose the natural security notions corresponding to the three benchmarks: an appropriately strengthened version of RCCA to ensure confidentiality, as well as two notions for capturing public and secret replay detectability. More... »
PAGES173-202
Public-Key Cryptography – PKC 2021
ISBN
978-3-030-75247-7
978-3-030-75248-4
http://scigraph.springernature.com/pub.10.1007/978-3-030-75248-4_7
DOIhttp://dx.doi.org/10.1007/978-3-030-75248-4_7
DIMENSIONShttps://app.dimensions.ai/details/publication/pub.1137654854
JSON-LD is the canonical representation for SciGraph data.
TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT
[
{
"@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json",
"about": [
{
"id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08",
"inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/",
"name": "Information and Computing Sciences",
"type": "DefinedTerm"
},
{
"id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804",
"inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/",
"name": "Data Format",
"type": "DefinedTerm"
}
],
"author": [
{
"affiliation": {
"alternateName": "IOHK, Zurich, Switzerland",
"id": "http://www.grid.ac/institutes/None",
"name": [
"IOHK, Zurich, Switzerland"
],
"type": "Organization"
},
"familyName": "Badertscher",
"givenName": "Christian",
"id": "sg:person.010232721040.24",
"sameAs": [
"https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010232721040.24"
],
"type": "Person"
},
{
"affiliation": {
"alternateName": "ETH Zurich, Zurich, Switzerland",
"id": "http://www.grid.ac/institutes/grid.5801.c",
"name": [
"ETH Zurich, Zurich, Switzerland"
],
"type": "Organization"
},
"familyName": "Maurer",
"givenName": "Ueli",
"id": "sg:person.01316567627.91",
"sameAs": [
"https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01316567627.91"
],
"type": "Person"
},
{
"affiliation": {
"alternateName": "ETH Zurich, Zurich, Switzerland",
"id": "http://www.grid.ac/institutes/grid.5801.c",
"name": [
"ETH Zurich, Zurich, Switzerland"
],
"type": "Organization"
},
"familyName": "Portmann",
"givenName": "Christopher",
"id": "sg:person.012175151063.55",
"sameAs": [
"https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012175151063.55"
],
"type": "Person"
},
{
"affiliation": {
"alternateName": "ETH Zurich, Zurich, Switzerland",
"id": "http://www.grid.ac/institutes/grid.5801.c",
"name": [
"ETH Zurich, Zurich, Switzerland"
],
"type": "Organization"
},
"familyName": "Rito",
"givenName": "Guilherme",
"id": "sg:person.013404447221.98",
"sameAs": [
"https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404447221.98"
],
"type": "Person"
}
],
"datePublished": "2021-05-01",
"datePublishedReg": "2021-05-01",
"description": "This paper takes a fresh approach to systematically characterizing, comparing, and understanding CCA-type security definitions for public-key encryption (PKE), a topic with a long history. The justification for a concrete security definition X is relative to a benchmark application (e.g. confidential communication): Does the use of a PKE scheme satisfying X imply the security of the application? Because unnecessarily strong definitions may lead to unnecessarily inefficient schemes or unnecessarily strong computational assumptions, security definitions should be as weak as possible, i.e. as close as possible to (but above) the benchmark. Understanding the hierarchy of security definitions, partially ordered by the implication (i.e. at least as strong) relation, is hence important, as is placing the relevant applications as benchmark levels within the hierarchy.CCA-2 security is apparently the strongest notion, but because it is arguably too strong, Canetti, Krawczyk, and Nielsen (Crypto 2003) proposed the relaxed notions of Replayable CCA security (RCCA) as perhaps the weakest meaningful definition, and they investigated the space between CCA and RCCA security by proposing two versions of Detectable RCCA (d-RCCA) security which are meant to ensure that replays of ciphertexts are either publicly or secretly detectable (and hence preventable).The contributions of this paper are three-fold. First, following the work of Coretti, Maurer, and Tackmann (Asiacrypt 2013), we formalize the three benchmark applications of PKE that serve as the natural motivation for security notions, namely the construction of certain types of (possibly replay-protected) confidential channels (from an insecure and an authenticated communication channel). Second, we prove that RCCA does not achieve the confidentiality benchmark and, contrary to previous belief, that the proposed d-RCCA notions are not even relaxations of CCA-2 security. Third, we propose the natural security notions corresponding to the three benchmarks: an appropriately strengthened version of RCCA to ensure confidentiality, as well as two notions for capturing public and secret replay detectability.",
"editor": [
{
"familyName": "Garay",
"givenName": "Juan A.",
"type": "Person"
}
],
"genre": "chapter",
"id": "sg:pub.10.1007/978-3-030-75248-4_7",
"inLanguage": "en",
"isAccessibleForFree": true,
"isPartOf": {
"isbn": [
"978-3-030-75247-7",
"978-3-030-75248-4"
],
"name": "Public-Key Cryptography \u2013 PKC 2021",
"type": "Book"
},
"keywords": [
"benchmark applications",
"stronger computational assumptions",
"relaxed notion",
"natural motivation",
"scheme",
"computational assumptions",
"relevant applications",
"stronger notion",
"implication relations",
"meaningful definition",
"certain types",
"security definitions",
"applications",
"stronger definition",
"inefficient schemes",
"benchmarks",
"notion",
"space",
"version",
"definition",
"assumption",
"hierarchy",
"Krawczyk",
"security notions",
"relaxation",
"approach",
"Maurer",
"detectability",
"fresh approach",
"public key encryption",
"justification",
"Nielsen",
"work",
"construction",
"confidential channel",
"channels",
"previous belief",
"topic",
"security",
"relation",
"Canetti",
"contribution",
"three-fold",
"encryption",
"long history",
"PKE scheme",
"ciphertext",
"motivation",
"types",
"use",
"replay",
"replay protection",
"levels",
"Replayable CCA (RCCA) security",
"CCA",
"confidentiality",
"benchmark levels",
"CCA security",
"RCCA security",
"history",
"Tackmann",
"beliefs",
"protection",
"paper"
],
"name": "Revisiting (R)CCA Security and Replay Protection",
"pagination": "173-202",
"productId": [
{
"name": "dimensions_id",
"type": "PropertyValue",
"value": [
"pub.1137654854"
]
},
{
"name": "doi",
"type": "PropertyValue",
"value": [
"10.1007/978-3-030-75248-4_7"
]
}
],
"publisher": {
"name": "Springer Nature",
"type": "Organisation"
},
"sameAs": [
"https://doi.org/10.1007/978-3-030-75248-4_7",
"https://app.dimensions.ai/details/publication/pub.1137654854"
],
"sdDataset": "chapters",
"sdDatePublished": "2022-05-20T07:44",
"sdLicense": "https://scigraph.springernature.com/explorer/license/",
"sdPublisher": {
"name": "Springer Nature - SN SciGraph project",
"type": "Organization"
},
"sdSource": "s3://com-springernature-scigraph/baseset/20220519/entities/gbq_results/chapter/chapter_256.jsonl",
"type": "Chapter",
"url": "https://doi.org/10.1007/978-3-030-75248-4_7"
}
]Download the RDF metadata as: json-ld nt turtle xml License info
JSON-LD is a popular format for linked data which is fully compatible with JSON.
curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-75248-4_7'
N-Triples is a line-based linked data format ideal for batch operations.
curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-75248-4_7'
Turtle is a human-readable linked data format.
curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-75248-4_7'
RDF/XML is a standard XML format for linked data.
curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-75248-4_7'
This table displays all metadata directly associated to this object as RDF triples.
148 TRIPLES
23 PREDICATES
89 URIs
82 LITERALS
7 BLANK NODES
| Subject | Predicate | Object | |
|---|---|---|---|
| 1 | sg:pub.10.1007/978-3-030-75248-4_7 | schema:about | anzsrc-for:08 |
| 2 | ″ | ″ | anzsrc-for:0804 |
| 3 | ″ | schema:author | Nd7fdc445098542f39c98daaa0c218d04 |
| 4 | ″ | schema:datePublished | 2021-05-01 |
| 5 | ″ | schema:datePublishedReg | 2021-05-01 |
| 6 | ″ | schema:description | This paper takes a fresh approach to systematically characterizing, comparing, and understanding CCA-type security definitions for public-key encryption (PKE), a topic with a long history. The justification for a concrete security definition X is relative to a benchmark application (e.g. confidential communication): Does the use of a PKE scheme satisfying X imply the security of the application? Because unnecessarily strong definitions may lead to unnecessarily inefficient schemes or unnecessarily strong computational assumptions, security definitions should be as weak as possible, i.e. as close as possible to (but above) the benchmark. Understanding the hierarchy of security definitions, partially ordered by the implication (i.e. at least as strong) relation, is hence important, as is placing the relevant applications as benchmark levels within the hierarchy.CCA-2 security is apparently the strongest notion, but because it is arguably too strong, Canetti, Krawczyk, and Nielsen (Crypto 2003) proposed the relaxed notions of Replayable CCA security (RCCA) as perhaps the weakest meaningful definition, and they investigated the space between CCA and RCCA security by proposing two versions of Detectable RCCA (d-RCCA) security which are meant to ensure that replays of ciphertexts are either publicly or secretly detectable (and hence preventable).The contributions of this paper are three-fold. First, following the work of Coretti, Maurer, and Tackmann (Asiacrypt 2013), we formalize the three benchmark applications of PKE that serve as the natural motivation for security notions, namely the construction of certain types of (possibly replay-protected) confidential channels (from an insecure and an authenticated communication channel). Second, we prove that RCCA does not achieve the confidentiality benchmark and, contrary to previous belief, that the proposed d-RCCA notions are not even relaxations of CCA-2 security. Third, we propose the natural security notions corresponding to the three benchmarks: an appropriately strengthened version of RCCA to ensure confidentiality, as well as two notions for capturing public and secret replay detectability. |
| 7 | ″ | schema:editor | N2f5d3611186342f39593e537155caa27 |
| 8 | ″ | schema:genre | chapter |
| 9 | ″ | schema:inLanguage | en |
| 10 | ″ | schema:isAccessibleForFree | true |
| 11 | ″ | schema:isPartOf | Nb8ce478a86ea47b6af4c9a435c4811fe |
| 12 | ″ | schema:keywords | CCA |
| 13 | ″ | ″ | CCA security |
| 14 | ″ | ″ | Canetti |
| 15 | ″ | ″ | Krawczyk |
| 16 | ″ | ″ | Maurer |
| 17 | ″ | ″ | Nielsen |
| 18 | ″ | ″ | PKE scheme |
| 19 | ″ | ″ | RCCA security |
| 20 | ″ | ″ | Replayable CCA (RCCA) security |
| 21 | ″ | ″ | Tackmann |
| 22 | ″ | ″ | applications |
| 23 | ″ | ″ | approach |
| 24 | ″ | ″ | assumption |
| 25 | ″ | ″ | beliefs |
| 26 | ″ | ″ | benchmark applications |
| 27 | ″ | ″ | benchmark levels |
| 28 | ″ | ″ | benchmarks |
| 29 | ″ | ″ | certain types |
| 30 | ″ | ″ | channels |
| 31 | ″ | ″ | ciphertext |
| 32 | ″ | ″ | computational assumptions |
| 33 | ″ | ″ | confidential channel |
| 34 | ″ | ″ | confidentiality |
| 35 | ″ | ″ | construction |
| 36 | ″ | ″ | contribution |
| 37 | ″ | ″ | definition |
| 38 | ″ | ″ | detectability |
| 39 | ″ | ″ | encryption |
| 40 | ″ | ″ | fresh approach |
| 41 | ″ | ″ | hierarchy |
| 42 | ″ | ″ | history |
| 43 | ″ | ″ | implication relations |
| 44 | ″ | ″ | inefficient schemes |
| 45 | ″ | ″ | justification |
| 46 | ″ | ″ | levels |
| 47 | ″ | ″ | long history |
| 48 | ″ | ″ | meaningful definition |
| 49 | ″ | ″ | motivation |
| 50 | ″ | ″ | natural motivation |
| 51 | ″ | ″ | notion |
| 52 | ″ | ″ | paper |
| 53 | ″ | ″ | previous belief |
| 54 | ″ | ″ | protection |
| 55 | ″ | ″ | public key encryption |
| 56 | ″ | ″ | relation |
| 57 | ″ | ″ | relaxation |
| 58 | ″ | ″ | relaxed notion |
| 59 | ″ | ″ | relevant applications |
| 60 | ″ | ″ | replay |
| 61 | ″ | ″ | replay protection |
| 62 | ″ | ″ | scheme |
| 63 | ″ | ″ | security |
| 64 | ″ | ″ | security definitions |
| 65 | ″ | ″ | security notions |
| 66 | ″ | ″ | space |
| 67 | ″ | ″ | stronger computational assumptions |
| 68 | ″ | ″ | stronger definition |
| 69 | ″ | ″ | stronger notion |
| 70 | ″ | ″ | three-fold |
| 71 | ″ | ″ | topic |
| 72 | ″ | ″ | types |
| 73 | ″ | ″ | use |
| 74 | ″ | ″ | version |
| 75 | ″ | ″ | work |
| 76 | ″ | schema:name | Revisiting (R)CCA Security and Replay Protection |
| 77 | ″ | schema:pagination | 173-202 |
| 78 | ″ | schema:productId | N14ea7eb6983746e88114a492738f959a |
| 79 | ″ | ″ | Nadb6f912c20148dc99e84b9c87c02fb9 |
| 80 | ″ | schema:publisher | N5ca225326b00415d8cbfc02194c9aa60 |
| 81 | ″ | schema:sameAs | https://app.dimensions.ai/details/publication/pub.1137654854 |
| 82 | ″ | ″ | https://doi.org/10.1007/978-3-030-75248-4_7 |
| 83 | ″ | schema:sdDatePublished | 2022-05-20T07:44 |
| 84 | ″ | schema:sdLicense | https://scigraph.springernature.com/explorer/license/ |
| 85 | ″ | schema:sdPublisher | N11dd210dfd494e4c8b0be19c27cfc19e |
| 86 | ″ | schema:url | https://doi.org/10.1007/978-3-030-75248-4_7 |
| 87 | ″ | sgo:license | sg:explorer/license/ |
| 88 | ″ | sgo:sdDataset | chapters |
| 89 | ″ | rdf:type | schema:Chapter |
| 90 | N11dd210dfd494e4c8b0be19c27cfc19e | schema:name | Springer Nature - SN SciGraph project |
| 91 | ″ | rdf:type | schema:Organization |
| 92 | N14ea7eb6983746e88114a492738f959a | schema:name | doi |
| 93 | ″ | schema:value | 10.1007/978-3-030-75248-4_7 |
| 94 | ″ | rdf:type | schema:PropertyValue |
| 95 | N2f5d3611186342f39593e537155caa27 | rdf:first | N6155b04c092e4325929e7eff8568a452 |
| 96 | ″ | rdf:rest | rdf:nil |
| 97 | N5ca225326b00415d8cbfc02194c9aa60 | schema:name | Springer Nature |
| 98 | ″ | rdf:type | schema:Organisation |
| 99 | N6155b04c092e4325929e7eff8568a452 | schema:familyName | Garay |
| 100 | ″ | schema:givenName | Juan A. |
| 101 | ″ | rdf:type | schema:Person |
| 102 | N79c97d3ee7ba4f2e86a62e2efeca68f5 | rdf:first | sg:person.012175151063.55 |
| 103 | ″ | rdf:rest | Ncd76c5a2499c4147aa72caaa0d61dbce |
| 104 | N7a7ac80098d04ea3a90df8e36d789046 | rdf:first | sg:person.01316567627.91 |
| 105 | ″ | rdf:rest | N79c97d3ee7ba4f2e86a62e2efeca68f5 |
| 106 | Nadb6f912c20148dc99e84b9c87c02fb9 | schema:name | dimensions_id |
| 107 | ″ | schema:value | pub.1137654854 |
| 108 | ″ | rdf:type | schema:PropertyValue |
| 109 | Nb8ce478a86ea47b6af4c9a435c4811fe | schema:isbn | 978-3-030-75247-7 |
| 110 | ″ | ″ | 978-3-030-75248-4 |
| 111 | ″ | schema:name | Public-Key Cryptography – PKC 2021 |
| 112 | ″ | rdf:type | schema:Book |
| 113 | Ncd76c5a2499c4147aa72caaa0d61dbce | rdf:first | sg:person.013404447221.98 |
| 114 | ″ | rdf:rest | rdf:nil |
| 115 | Nd7fdc445098542f39c98daaa0c218d04 | rdf:first | sg:person.010232721040.24 |
| 116 | ″ | rdf:rest | N7a7ac80098d04ea3a90df8e36d789046 |
| 117 | anzsrc-for:08 | schema:inDefinedTermSet | anzsrc-for: |
| 118 | ″ | schema:name | Information and Computing Sciences |
| 119 | ″ | rdf:type | schema:DefinedTerm |
| 120 | anzsrc-for:0804 | schema:inDefinedTermSet | anzsrc-for: |
| 121 | ″ | schema:name | Data Format |
| 122 | ″ | rdf:type | schema:DefinedTerm |
| 123 | sg:person.010232721040.24 | schema:affiliation | grid-institutes:None |
| 124 | ″ | schema:familyName | Badertscher |
| 125 | ″ | schema:givenName | Christian |
| 126 | ″ | schema:sameAs | https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010232721040.24 |
| 127 | ″ | rdf:type | schema:Person |
| 128 | sg:person.012175151063.55 | schema:affiliation | grid-institutes:grid.5801.c |
| 129 | ″ | schema:familyName | Portmann |
| 130 | ″ | schema:givenName | Christopher |
| 131 | ″ | schema:sameAs | https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012175151063.55 |
| 132 | ″ | rdf:type | schema:Person |
| 133 | sg:person.01316567627.91 | schema:affiliation | grid-institutes:grid.5801.c |
| 134 | ″ | schema:familyName | Maurer |
| 135 | ″ | schema:givenName | Ueli |
| 136 | ″ | schema:sameAs | https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01316567627.91 |
| 137 | ″ | rdf:type | schema:Person |
| 138 | sg:person.013404447221.98 | schema:affiliation | grid-institutes:grid.5801.c |
| 139 | ″ | schema:familyName | Rito |
| 140 | ″ | schema:givenName | Guilherme |
| 141 | ″ | schema:sameAs | https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404447221.98 |
| 142 | ″ | rdf:type | schema:Person |
| 143 | grid-institutes:None | schema:alternateName | IOHK, Zurich, Switzerland |
| 144 | ″ | schema:name | IOHK, Zurich, Switzerland |
| 145 | ″ | rdf:type | schema:Organization |
| 146 | grid-institutes:grid.5801.c | schema:alternateName | ETH Zurich, Zurich, Switzerland |
| 147 | ″ | schema:name | ETH Zurich, Zurich, Switzerland |
| 148 | ″ | rdf:type | schema:Organization |