Why not consider modification in ciphertext part in identity-based encryption

Asked Jul 08 '16 at 04:19

Active Jul 13 '16 at 14:46

Viewed 43 times

In identity-based broadcast encryption system, the ciphertext is

$$ C=<c1,c2,...,cn,U,V,W>$$

There can be a man-in-the-middle who can modify one or all of the $c1,c2,...,cn$ values so that the receiver can not get the correct plaintext.

Why isn’t such a situation considered? (Maybe my thinking is somewhat awkward.)

edited Jul 13 '16 at 14:46

e-sushi

asked Jul 08 '16 at 04:19

La Yate May

Any scheme that is not CCA-secure has the same limitation. Asking why the authors decided to publish a supposedly only CPA-secure scheme can be achieved by writing an e-mail to (one of) the authors and asking them. How would we know? Anyway, I'm guessing they wanted to publish something and decided to publish not a "fully secure" scheme. Note that most schemes have this limitation. – Artjom B. Jul 08 '16 at 20:46
@ArtjomB. I ask here because I think some other people will know about something that I don't know or something I have wrongly misunderstood. Main point is why they do not consider and not why they publish. Just querying my thinking. – La Yate May Jul 10 '16 at 08:39

0 Answers0