4

I notice that in many research papers (viz. "Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption" by Cramer and Shoup) the authors showed that their cryptosystem is IND-CCA secure under standard model. What does it mean? What does an adversary have access to in a challenger-adversary game?

Actually, my aim is to get a clear idea on IND-CCA secure under standard model. I am confused on the statemant like "The given public key cryptosystem is IND-CCA secure under Diffie-Hellman assumption ". Is this statemant means that this particuler cryptosystem is IND-CCA secure under standard model?

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
Pinkimani Goswami
  • 71
  • 1
  • 5

1 Answers1

5

Your questions can be split in two:

  1. What is the meaning of IND-CCA secure? What have an adversary access in a challenger-adversary game?

This basically means that the scheme achieves the indistinguishability notion, even if an attacker has access to a decryption oracle. See Easy explanation of "IND-" security notions? for more detail on this.

  1. What is the standard model?

This simply means that no additional assumptions are made for proving the security of the scheme. You see, a lot of crypto proofs require additional assumptions. For example, one of the most used is the Random Oracle Model, which assumes the existence of an ideal hash function that guarantees uniformly-random outputs. Proofs in the standard model are therefore considered more desirable.

Community
  • 1
cygnusv
  • 5,072
  • 1
  • 23
  • 48