## Relations among notions of security for public-key
encryption schemes

** Authors: M. Bellare, A. Desai, D. Pointcheval and
P. Rogaway**
** Abstract: ** We compare the relative strengths of popular notions of
security for public key encryption schemes. We consider the goals of
indistinguishability and non-malleability, each under chosen plaintext attack
and two kinds of chosen ciphertext attack. For each of the resulting pairs of
definitions we prove either an implication (every scheme meeting one notion
must meet the other) or a separation (there is a scheme meeting one notion but
not the other, assuming the first notion can be met at all). We similarly
treat plaintext awareness, a notion of security in the random oracle model. An
additional contribution of this paper is a new definition of non-malleability
which we believe is simpler than the previous one.

** Ref:** Extended abstract in Advances in Cryptology - Crypto 98
Proceedings, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed,
Springer-Verlag, 1998. Full paper available below.

** Full paper: ** Available as compressed
postscript, postscript, or pdf. ( Help if
this doesn't work).