{"title":"Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security","authors":"A. Sahai","doi":"10.1109/SFFCS.1999.814628","DOIUrl":null,"url":null,"abstract":"We introduce the notion of non-malleable non-interactive zero-knowledge (NIZK) proof systems. We show how to transform any ordinary NIZK proof system into one that has strong non-malleability properties. We then show that the elegant encryption scheme of Naor and Yung (1990) can be made secure against the strongest form of chosen-ciphertext attack by using a non-malleable NIZK proof instead of a standard NIZK proof. Our encryption scheme is simple to describe and works in the standard cryptographic model under, general assumptions. The encryption scheme can be realized assuming the existence of trapdoor permutations.","PeriodicalId":385047,"journal":{"name":"40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1999-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"573","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SFFCS.1999.814628","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 573
Abstract
We introduce the notion of non-malleable non-interactive zero-knowledge (NIZK) proof systems. We show how to transform any ordinary NIZK proof system into one that has strong non-malleability properties. We then show that the elegant encryption scheme of Naor and Yung (1990) can be made secure against the strongest form of chosen-ciphertext attack by using a non-malleable NIZK proof instead of a standard NIZK proof. Our encryption scheme is simple to describe and works in the standard cryptographic model under, general assumptions. The encryption scheme can be realized assuming the existence of trapdoor permutations.