Sciweavers

PKC
2004
Springer

On the Security of Multiple Encryption or CCA-security+CCA-security=CCA-security?

13 years 9 months ago
On the Security of Multiple Encryption or CCA-security+CCA-security=CCA-security?
In a practical system, a message is often encrypted more than once by different encryptions, here called multiple encryption, to enhance its security. Additionally, new features may be achieved by multiple encrypting a message for a scheme, such as the key-insulated cryptosystems [13] and anonymous channels [8]. Intuitively, a multiple encryption should remain “secure”, whenever there is one component cipher unbreakable in it. In NESSIE’s latest Portfolio of recommended cryptographic primitives (Feb. 2003), it is suggested to use multiple encryption with component ciphers based on different assumptions to acquire long term security. However, in this paper we show this needs careful discussion. Especially, this may not be true according to (adaptive) chosen ciphertext attack (CCA), even with all component ciphers CCA secure. We define an extended version of CCA called chosen ciphertext attack for multiple encryption (MECCA) to emulate real world partial breaking of assumptions...
Rui Zhang 0002, Goichiro Hanaoka, Junji Shikata, H
Added 02 Jul 2010
Updated 02 Jul 2010
Type Conference
Year 2004
Where PKC
Authors Rui Zhang 0002, Goichiro Hanaoka, Junji Shikata, Hideki Imai
Comments (0)