## Non-Malleable Cryptography

### Danny Dolev, Cynthia Dwork and Moni Naor

### Abstract:

The notion of *non-malleable* cryptography, an extension
of semantically secure cryptography, is defined. Informally, in the context
of encryption the additional requirement is that given the ciphertext it
is impossible to generate a *different* ciphertext so that the
respective plaintexts are related. The same concept makes sense in the
contexts of string commitment and zero-knowledge proofs of possession of
knowledge. Non-malleable schemes for each of these three problems are presented.
The schemes do not assume a trusted center; a user need not know anything
about the number or identity of other system users.

Our cryptosystem is the first proven to be secure against a strong type
of chosen ciphertext attack proposed by Rackoff and Simon, in which the
attacker knows the ciphertext she wishes to break and can query the decryption
oracle on any ciphertext other than the target.

Postscript , gzipped Postscript
.

##### Related On-Line Papers:

Back to On-Line Publications

Back Home