At TCC 2005, Backes and Cachin proposed a new and very strong notion of security for public key steganography: secrecy against adaptive chosen covertext attack (SS-CCA); and posed the question of whether SS-CCA security was achievable for any covertext channel. We resolve this question in the affirmative: SS-CCA security is possible for any channel that admits a secure stegosystem against the standard and weaker "chosen hiddentext attack" in the standard model of computation. Our construction requires a public-key encryption scheme with ciphertexts that remain indistinguishable from random bits under adaptive chosen-ciphertext attack. We show that a scheme with this property can be constructed under the Decisional Diffie-Hellman assumption. This encryption scheme, which modifies a scheme proposed by Kurosawa and Desmedt, also resolves an open question posed by von Ahn and Hopper at Eurocrypt 2004.
|Original language||English (US)|
|Number of pages||13|
|Journal||Lecture Notes in Computer Science|
|State||Published - 2005|
|Event||32nd International Colloquium on Automata, Languages and Programming, ICALP 2005 - Lisbon, Portugal|
Duration: Jul 11 2005 → Jul 15 2005