this paper is to investigate the relationships between these variations and the original problem. To this extent we conclude that the problems are equivalent; this can be seen either as a strengthening of the matching Diffie-Hellman assumptions, or as a weakening of the decision Diffie-Hellman assumption. Since our reduction techniques for deriving this equivalence are general, they can be applied to other settings in order to transform matching oracles to decision oracles. One such setting is the setting of secure encryption, i.e., the concept of indistinguishability of encryptions. In this context we show, under a specific assumption about the encryption scheme, that distinguishability of encryptions allows us to decide whether a given plaintext corresponds to a given ciphertext. Loosely speaking, this direction enhances the relationship between indistinguishability and semantic security in the sense that it provides, even if only 3 for a limited set of cryptosystems, a specific kind of information that can be retrieved about a ciphertext, if the encryption is not secure in the sense of indistinguishability. In the course of defining the properties that we require from a cryptosystem that allows this "attack," we propose a new definition, that of universally malleable cryptosystems. Intuitively, these are encryption schemes in which, without knowledge of the secret key, one can randomize, independently, both the message and the ciphertext. Typically this property is derived from the random self-reducibility of some underlying problem. Examples of such systems are the ElGamal cryptosystem [ElG85], the Okamoto-Uchiyama factoring-based cryptosystem [OU98], the Naccache-Stern higher-order residue cryptosystem [NS98], and the Goldwasser-Micali quadratic-residue cryptosys..
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.