You have a software for an asymmetric encryption scheme AE = (K,E,D) that is known to be IND-CCA secure under some reasonable assumptions

Subject:Computer SciencePrice:2.87 Bought7

Share With

You have a software for an asymmetric encryption scheme AE = (K,E,D) that is known to be IND-CCA secure under some reasonable assumptions. But the message space for this scheme is only the set of messages up to 1MB long. At some point you needed to encrypt messages of length more than 1MB but less than 2MB. So you decide to use the existing software from now on in the following way. To encrypt a message M, break it into equal parts M1, M2 (for simplicity let's assume that all messages have even length) and let a ciphertext be computed as Epk(M1)?Epk(M2), for any public key pk. Here ? denotes concatenation. The decryption algorithm de- crypts both halves of the ciphertext as M1 ← Dsk(C1), M2 ← Dsk(C2) and returns M1?M2 if neither decryption rejected. If either decryption rejects, then the output is rejection. Let's call the modified scheme AE′ = (K, E′, D′). Do you think AE′ is IND-CPA? IND-CCA? Justify your answers.