#### DMCA

## Standard Security Does Imply Security Against Selective Opening for Markov Distributions

### Citations

95 | Adaptively secure multi-party computation
- Canetti, Feige, et al.
- 1996
(Show Context)
Citation Context ...ption scheme in the standard model was given in [2] based on lossy encryption. Selective opening secure encryption can be constructed from deniable encryption [6] as well as non-committing encryption =-=[7]-=-. Bellare et al. [3, 1] separated SIM-SO-CPA 3 from IND-CPA security and showed that IND-CPA security implies weak IND-SO-CPA security if the messages are (basically) sampled independently. The same r... |

73 | Magic functions
- Dwork, Naor, et al.
- 1999
(Show Context)
Citation Context ...ious messages. Thus, corrupting some parties might already leak some information on messages sent by parties that have not been corrupted. Until today, the only result in the standard model, given in =-=[8, 3]-=-, shows that IND-CPA implies selective opening security for the special case of a product distribution, i.e., when all messages m1, . . . ,mn are sampled independently from each other. Intuitively, th... |

70 | Deniable encryption
- Canetti, Dwork, et al.
- 1997
(Show Context)
Citation Context ...mpling. The first IND-SO-CPA-secure encryption scheme in the standard model was given in [2] based on lossy encryption. Selective opening secure encryption can be constructed from deniable encryption =-=[6]-=- as well as non-committing encryption [7]. Bellare et al. [3, 1] separated SIM-SO-CPA 3 from IND-CPA security and showed that IND-CPA security implies weak IND-SO-CPA security if the messages are (bas... |

58 | Possibility and impossibility results for encryption and commitment secure under selective opening.
- Bellare, Hofheinz, et al.
- 2009
(Show Context)
Citation Context ... be resampled conditioned on opened messages, there are two notions based on indistinguishability: Weak IND-SO restricts to distributions that support efficient conditional resampling. Bellare et al. =-=[2]-=- gave an indistinguishability-based notion for passive adversaries, usually referred to as IND-SO-CPA. Full IND-SO allows for arbitrary distributions on the messages and is due to Böhl et al. [4], wh... |

16 | Standard security does not imply security against selective-opening.
- Bellare, Dowsley, et al.
- 2012
(Show Context)
Citation Context ... Note that a positive result on “weak” IND-SO-CPA security for all IND-CPA-secure encryption schemes for certain distributions is the best we can hope for due to the negative result of Bellare et al. =-=[1]-=- ruling out such an implication for SIM-SO-CPA security. Details. Think of a vector of n messages sampled from some distribution D as a graph G on n vertices {1, . . . , n} where we have an edge from ... |

12 | On definitions of selective opening security.
- Bohl, Hofheinz, et al.
- 2012
(Show Context)
Citation Context ...ssage distributions with few dependencies. Here IND-SO-CPA security refers to the indistinguishability-based definition of selective opening security sometimes referred to as weak IND-SO-CPA security =-=[4]-=-. IND-SO-CPA requires that a passive adversary that obtains ciphertexts (c1, . . . , cn) and has access to a ciphertext opening oracle, revealing the underlying message mi of some ciphertext ci and th... |

11 |
Inequalities for the incomplete gamma function,
- Natalini, Palumbo
- 2000
(Show Context)
Citation Context ...s end one bounds the sum of binomial coefficients in (1) in terms of the incomplete upper gamma function Γ to get B∑ i=1 ( n i ) ≤ B∑ i=1 ni i! = enΓ(B + 1, n) B! − 1 . Using a nice bound on Γ due to =-=[11]-=- that can be found in [5] we obtain a bound for B(G) < n. Think of a direct reduction for proving Corollary 3.10 as implicitly guessing Ck+1 via guessing N(Ck+1) by picking up to B(G) vertices inG and... |

8 | Encryption schemes secure under selective opening attack. IACR ePrint Archive
- Bellare, Yilek
- 2009
(Show Context)
Citation Context ...ious messages. Thus, corrupting some parties might already leak some information on messages sent by parties that have not been corrupted. Until today, the only result in the standard model, given in =-=[8, 3]-=-, shows that IND-CPA implies selective opening security for the special case of a product distribution, i.e., when all messages m1, . . . ,mn are sampled independently from each other. Intuitively, th... |

6 | Standard versus Selective Opening Security: Separation and Equivalence Results
- Hofheinz, Rupp
- 2014
(Show Context)
Citation Context ...ositive result that shows that IND-CPA implies weak IND-SO-CPA in the standard model. Full IND-SO-CPA and SIM-SO-CPA security were separated in [4]; neither of them implies the other. Hofheinz et al. =-=[10]-=- proved that IND-CPA implies weak IND-SO-CPA in the generic group model for a certain class of encryption schemes and separated IND-CCA from weak IND-SO-CCA security. Recently, Hofheinz et al. [9] con... |

3 | Uniform bounds for the complementary incomplete gamma function
- Borwein, Chan
- 2009
(Show Context)
Citation Context ...f binomial coefficients in (1) in terms of the incomplete upper gamma function Γ to get B∑ i=1 ( n i ) ≤ B∑ i=1 ni i! = enΓ(B + 1, n) B! − 1 . Using a nice bound on Γ due to [11] that can be found in =-=[5]-=- we obtain a bound for B(G) < n. Think of a direct reduction for proving Corollary 3.10 as implicitly guessing Ck+1 via guessing N(Ck+1) by picking up to B(G) vertices inG and guessing one of at most ... |

1 | Standard security does not imply indistinguishability under selective opening. Cryptology ePrint Archive
- Hofheinz, Rao, et al.
- 2015
(Show Context)
Citation Context ...l. [10] proved that IND-CPA implies weak IND-SO-CPA in the generic group model for a certain class of encryption schemes and separated IND-CCA from weak IND-SO-CCA security. Recently, Hofheinz et al. =-=[9]-=- constructed the first (even IND-CCA-secure) PKE that is not weakly IND-SO-CPA secure. Their result relies on the existence of public-coin differing-inputs obfuscation and certain correlation intracta... |