Relaxing IND-CCA: Indistinguishability against Chosen Ciphertext Verification Attack

  • Sumit Kumar Pandey
  • Santanu Sarkar
  • Mahabir Prasad Jhanwar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7644)


The definition of IND-CCA security model for public key encryption allows an adversary to obtain (adaptively) decryption of ciphertexts of its choice. That is, the adversary is given oracle access to the decryption function corresponding to the decryption key in use. The adversary may make queries that do not correspond to a valid ciphertext, and the answer will be accordingly (i.e., a special “failure” symbol).

In this article, we investigate the case where we restrict the oracle to only determine if the query made is a valid ciphertext or not. That is, the oracle will output 1 if the query string is a valid ciphertext (do not output the corresponding plaintext) and output 0 otherwise. We call this oracle as “ciphertext verification oracle” and the corresponding security model as Indistinguishability against chosen ciphertext verification attack (IND-CCVA). We point out that this seemingly weaker security model is meaningful, clear and useful to the extent where we motivate that certain cryptographic functionalities can be achieved by ensuring the IND-CCVA security where as IND-CPA is not sufficient and IND-CCA provides more than necessary. We support our claim by providing nontrivial construction (existing/new) of:

  • public key encryption schemes that are IND-CCVA secure but not IND-CCA secure,

  • public key encryption schemes that are IND-CPA secure but not IND-CCVA secure.

  • public key encryption schemes that are IND-CCA1 secure but not IND-CCVA secure.

Our discoveries are another manifestation of the subtleties that make the study of security notions for public key encryption schemes so attractive and are important towards achieving the definitional clarity of the target security.


PKE security notions IND-CPA IND-CCA IND-CCVA 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alexi, W., Chor, B., Goldreich, O., Schnorr, P.: Bit security of RSA and Rabin functions. SIAM Journal of Computing 17(2), 194–209 (1988)zbMATHMathSciNetCrossRefGoogle Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Optimal Asymmetric Encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Bleichenbacher, D.: Chosen Ciphertext Attacks against Protocols Based on the RSA Encryption Standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Cramer, R., Shoup, V.: A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  6. 6.
    Cramer, R., Shoup, V.: Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Elkind, E., Sahai, A.: A Unified Methodology For Constructing Public-Key Encryption Schemes Secure Against Adaptive Chosen-Ciphertext Attack,
  8. 8.
    Dolev, D., Dwork, C., Naor, M.: Non-Malleable Cryptography. SIAM J. Computing 30(2), 391–437 (2000)zbMATHMathSciNetCrossRefGoogle Scholar
  9. 9.
    Freier, A.O., Karlton, P., Kocher, P.C.: The SSL Protocol. Version 3.0Google Scholar
  10. 10.
    Goldreich, O.: A Uniform Complexity Treatment of Encryption and Zero-Knowledge. J. Cryptology 6(1), 21–35 (1993)zbMATHMathSciNetCrossRefGoogle Scholar
  11. 11.
    Goldreich, O.: Foundations of Cryptography. Basic Applications, vol. 2. Cambridge University Press (2004)Google Scholar
  12. 12.
    Goldwasser, S., Micalli, S.: Probabilistic encryption. Journal of Computer and System Sciences 28(2), 270–299 (1984)zbMATHMathSciNetCrossRefGoogle Scholar
  13. 13.
    Goldwasser, S., Micali, S., Tong, P.: Why and how to establish a private code on a public network. In: Proc. 23rd IEEE Symp. on Foundations of Comp. Science, Chicago, pp. 134–144 (1982)Google Scholar
  14. 14.
    Håstad, J., Näslund, M.: The security of individual RSA bits (1998) (manuscript)Google Scholar
  15. 15.
    Loftus, J., May, A., Smart, N.P., Vercauteren, F.: On CCA-Secure Somewhat Homomorphic Encryption. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 55–72. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Naor, M., Yung, M.: Public-key cryptosystem provably secure against chosen ciphertext attacks. In: Proc. STOC, pp. 427–437 (1990)Google Scholar
  17. 17.
    Public-Key Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography Standard. RSA Security Inc. (2002)Google Scholar
  18. 18.
    Rackoff, C., Simon, D.: Non-interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
  19. 19.
    RSA Data Security, Inc. PKCS #1: RSA Encryption Standard. Redwood City, CA. Version 1.5 (November 1993)Google Scholar
  20. 20.
    Shoup, V.: Why chosen ciphertext security matters. Technical Report RZ 3076, IBM Zurich (1998)Google Scholar
  21. 21.
    Vivek, S., Deva Selvi, S., Pandu Rangan, C.: CCA Secure Certificateless Encryption Schemes based on RSA. In: Proc. Secrypt 2011, pp. 208–217 (2011)Google Scholar
  22. 22.
    Vivek, S., Deva Selvi, S., Pandu Rangan, C.: Stronger Public Key Encryption Schemes Withstanding RAM Scraper Like Attacks. ePrint Archive: Report 2012/118 (2012)Google Scholar
  23. 23.
    Hofheinz, D., Kiltz, E.: Secure Hybrid Encryption from Weakened Key Encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Hohenberger, S., Lewko, A., Waters, B.: Detecting Dangerous Queries: A New Approach for Chosen Ciphertext Security. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 663–681. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  25. 25.
    Cramer, R., Hanaoka, G., Hofheinz, D., Imai, H., Kiltz, E., Pass, R., Shelat, A., Vaikuntanathan, V.: Bounded CCA2-Secure Encryption. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 502–518. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Sumit Kumar Pandey
    • 1
  • Santanu Sarkar
    • 1
  • Mahabir Prasad Jhanwar
    • 2
  1. 1.Applied Statistics UnitIndian Statistical InstituteKolkataIndia
  2. 2.C R RAO AIMSCSHyderabadIndia

Personalised recommendations