Nonmalleable cryptography

Danny Dolev; Cynthia Dwork; Moni Naor

doi:10.1137/S0097539795291562

Nonmalleable cryptography

Danny Dolev^*, Cynthia Dwork, Moni Naor

^*Corresponding author for this work

The Rachel and Selim Benin School of Engineering and Computer Science

Research output: Contribution to journal › Article › peer-review

605 Scopus citations

Abstract

The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. The same concept makes sense in the contexts of string commitment and zero-knowledge proofs of possession of knowledge. Nonmalleable schemes for each of these three problems are presented. The schemes do not assume a trusted center; a user need not know anything about the number or identity of other system users. Our cryptosystem is the first proven to be secure against a strong type of chosen ciphertext attack proposed by Rackoff and Simon, in which the attacker knows the ciphertext she wishes to break and can query the decryption oracle on any ciphertext other than the target.

Original language	English
Pages (from-to)	391-437
Number of pages	47
Journal	SIAM Journal on Computing
Volume	30
Issue number	2
DOIs	https://doi.org/10.1137/S0097539795291562
State	Published - 2000

Keywords

Auction protocols
Authentication
Chosen ciphertext security
Commitment schemes
Cryptanalysis
Cryptography
Encryption
Nonmalleability
Randomized algorithms
Zero-knowledge

Access to Document

10.1137/S0097539795291562

Cite this

@article{fba1e5c82c274c9fb2245109865e8e17,

title = "Nonmalleable cryptography",

abstract = "The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. The same concept makes sense in the contexts of string commitment and zero-knowledge proofs of possession of knowledge. Nonmalleable schemes for each of these three problems are presented. The schemes do not assume a trusted center; a user need not know anything about the number or identity of other system users. Our cryptosystem is the first proven to be secure against a strong type of chosen ciphertext attack proposed by Rackoff and Simon, in which the attacker knows the ciphertext she wishes to break and can query the decryption oracle on any ciphertext other than the target.",

keywords = "Auction protocols, Authentication, Chosen ciphertext security, Commitment schemes, Cryptanalysis, Cryptography, Encryption, Nonmalleability, Randomized algorithms, Zero-knowledge",

author = "Danny Dolev and Cynthia Dwork and Moni Naor",

year = "2000",

doi = "10.1137/S0097539795291562",

language = "אנגלית",

volume = "30",

pages = "391--437",

journal = "SIAM Journal on Computing",

issn = "0097-5397",

publisher = "Society for Industrial and Applied Mathematics Publications",

number = "2",

}

TY - JOUR

T1 - Nonmalleable cryptography

AU - Dolev, Danny

AU - Dwork, Cynthia

AU - Naor, Moni

PY - 2000

Y1 - 2000

N2 - The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. The same concept makes sense in the contexts of string commitment and zero-knowledge proofs of possession of knowledge. Nonmalleable schemes for each of these three problems are presented. The schemes do not assume a trusted center; a user need not know anything about the number or identity of other system users. Our cryptosystem is the first proven to be secure against a strong type of chosen ciphertext attack proposed by Rackoff and Simon, in which the attacker knows the ciphertext she wishes to break and can query the decryption oracle on any ciphertext other than the target.

AB - The notion of nonmalleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. The same concept makes sense in the contexts of string commitment and zero-knowledge proofs of possession of knowledge. Nonmalleable schemes for each of these three problems are presented. The schemes do not assume a trusted center; a user need not know anything about the number or identity of other system users. Our cryptosystem is the first proven to be secure against a strong type of chosen ciphertext attack proposed by Rackoff and Simon, in which the attacker knows the ciphertext she wishes to break and can query the decryption oracle on any ciphertext other than the target.

KW - Auction protocols

KW - Authentication

KW - Chosen ciphertext security

KW - Commitment schemes

KW - Cryptanalysis

KW - Cryptography

KW - Encryption

KW - Nonmalleability

KW - Randomized algorithms

KW - Zero-knowledge

UR - http://www.scopus.com/inward/record.url?scp=0343337504&partnerID=8YFLogxK

U2 - 10.1137/S0097539795291562

DO - 10.1137/S0097539795291562

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:0343337504

SN - 0097-5397

VL - 30

SP - 391

EP - 437

JO - SIAM Journal on Computing

JF - SIAM Journal on Computing

IS - 2

ER -

Nonmalleable cryptography

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this