University of Brighton
The authors introduce and study a new notion of Enhanced Chosen-Ciphertext security (ECCA) for publickey encryption. Loosely speaking, in ECCA, when the decryption oracle returns a plaintext to the adversary, it also provides coins under which the returned plaintext encrypts to the queried ciphertext (when they exist). Their results mainly concern the case where such coins can also be recovered efficiently. They provide constructions of ECCA encryption from adaptive trapdoor functions as defined by Kiltz et al. (EUROCRYPT 2010), resulting in ECCA encryption from standard number-theoretic assumptions.