From Surf Wiki (app.surf) — the open knowledge base
Plaintext-aware encryption
Plaintext-awareness is a notion of security for public-key encryption. A cryptosystem is plaintext-aware if it is difficult for any efficient algorithm to come up with a valid ciphertext without being aware of the corresponding plaintext.
From a lay point of view, this is a strange property. Normally, a ciphertext is computed by encrypting a plaintext. If a ciphertext is created this way, its creator would be aware, in some sense, of the plaintext. However, many cryptosystems are not plaintext-aware. As an example, consider the RSA cryptosystem without padding. In the RSA cryptosystem, plaintexts and ciphertexts are both values modulo N (the modulus). Therefore, RSA is not plaintext aware: one way of generating a ciphertext without knowing the plaintext is to simply choose a random number modulo N.
In fact, plaintext-awareness is a very strong property. Any cryptosystem that is semantically secure and is plaintext-aware is actually secure against a chosen-ciphertext attack, since any adversary that chooses ciphertexts would already know the plaintexts associated with them.
History
The concept of plaintext-aware encryption was developed by Mihir Bellare and Phillip Rogaway in their paper on optimal asymmetric encryption, as a method to prove that a cryptosystem is chosen-ciphertext secure.
Further research
Limited research on plaintext-aware encryption has been done since Bellare and Rogaway's paper. Although several papers have applied the plaintext-aware technique in proving encryption schemes are chosen-ciphertext secure, only three papers revisit the concept of plaintext-aware encryption itself, both focussed on the definition given by Bellare and Rogaway that inherently require random oracles. Plaintext-aware encryption is known to exist when a public-key infrastructure is assumed. Also, it has been shown that weaker forms of plaintext-awareness exist under the knowledge of exponent assumption, a non-standard assumption about Diffie-Hellman triples. Finally a variant of the Cramer Shoup encryption scheme was shown to be fully plaintext aware in the standard model under the knowledge of exponent assumption.
References
References
- M. Bellare and P. Rogaway. ''Optimal Asymmetric Encryption -- How to encrypt with RSA''. Extended abstract in Advances in Cryptology – [[Eurocrypt]] '94 Proceedings, [[Lecture Notes in Computer Science]] Vol. 950, A. De Santis ed, [[Springer-Verlag]], 1995. [http://www-cse.ucsd.edu/users/mihir/papers/oae.pdf full version (pdf)]
- J. Herzog, M. Liskov, and [[S. Micali]]. ''Plaintext Awareness via Key Registration''. In Advances in Cryptology – [[CRYPTO]] 2003 Proceedings, Lecture Notes in Computer Science Vol. 2729, Springer-Verlag, 2003. [http://www.cs.wm.edu/~mliskov/pubs/helimi.pdf (pdf)]
- M. Bellare and A. Palacio. ''Towards Plaintext-Aware Public-Key Encryption without Random Oracles''. In Advances in Cryptology – [[ASIACRYPT]] 2004, Lecture Notes in Computer Science Vol. 3329, Springer-Verlag, 2004. [http://eprint.iacr.org/2004/221.pdf full version (pdf)]
- A. W. Dent ''The Cramer-Shoup Encryption Scheme Is Plaintext Aware in the Standard Model''. In Advances in Cryptology – EUROCRYPT 2006, Lecture Notes in Computer Science Vol. 4004, Springer-Verlag, 2006. [http://eprint.iacr.org/2005/261.pdf full version (pdf)]
This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page.
Ask Mako anything about Plaintext-aware encryption — get instant answers, deeper analysis, and related topics.
Research with MakoFree with your Surf account
Create a free account to save articles, ask Mako questions, and organize your research.
Sign up freeThis content may have been generated or modified by AI. CloudSurf Software LLC is not responsible for the accuracy, completeness, or reliability of AI-generated content. Always verify important information from primary sources.
Report