On the Security against Nonadaptive Chosen Ciphertext Attack and Key-Dependent Message Attack

抄録

In this letter, we formally present the definition of KDM-CCA1 security in public key setting, which falls in between the existing KDM-CPA and KDM-CCA2 security. We also prove that if a public key encryption scheme is CCA1 secure and has the properties of secret-key multiplication (or addition) homomorphism, and conditioned plaintext-restorability, then it is KDM-CCA1 secure w.r.t. two ensembles of functions that had been used in [15],[17], respectively. For concrete scheme, we show that the (tailored) Damgård's Elgamal scheme achieves this KDM-CCA1 security based on different assumptions.