3
$\begingroup$

Although this question maybe looks silly, I have searched similar questions in this forum and googled it but got no desired answers.

IND-CCA security has already been deeply studied in public cryptography. And it is also known that some symmetric constructions (e.g. CBC model) are not IND-CCA secure (for example, see this chapter). However, I didn't find so many results about IND-CCA secure symmetric encryption. The only construction I found is the one provided by Desai in Crypto2000

I was wondering, are there any other well-known constructions of IND-CCA secure symmetric encryption (classical secure)?

Besides, could they still be easily converted to a post-quantum version (for example, by double the length of the secret key)?

Improve this question
$\endgroup$
3
  • 3
    $\begingroup$ Aren't authenticated encryption CCA-secure? $\endgroup$ Commented Nov 28, 2020 at 6:19
  • 1
    $\begingroup$ Many thanks! I just realized that every authenticated encryption achieves CCA security. $\endgroup$ Commented Nov 28, 2020 at 7:29
  • $\begingroup$ What’s the intuition for every AEAD scheme having CCA? Simply that AEAD == no malleability which limits CCA flexibility? $\endgroup$ Commented Nov 30, 2020 at 10:51

1 Answer 1

Reset to default
3
$\begingroup$

In Authenticated Encryption, the authors explained the framework and constructions for Authentication Encryption in detail.

In particular, In Theorem 3.2 they stated that "INT-CTXT" security together with "IND-CPA" security implies "IND-CCA" security.

Then, they introduced a general approach to an "Encrypt-then-MAC" construction that achieves both "INT-CTXT" and "IND-CPA" security, which further implies "IND-CCA" security.

Lastly, thanks for the comment given by @DannyNiu.

Improve this answer
$\endgroup$

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.