Characterization of Security Notions for Probabilistic Private-Key Encryption

The development of precise definitions of security for encryption, as well as a detailed understanding of their relationships, has been a major area of research in modern cryptography. Here, we focus on the case of private-key encryption. Extending security notions from the public-key setting, we define security in the sense of both indistinguishability and non-malleability against chosen-plaintext and chosen-ciphertext attacks, considering both non-adaptive (i.e., ``lunchtime'') and adaptive oracle access (adaptive here refers to an adversary's ability to interact with a given oracle even after viewing the challenge ciphertext). We then characterize the 18 resulting security notions in two ways. First, we construct a complete hierarchy of security notions; that is, for every pair of definitions we show whether one definition is stronger than the other, whether the definitions are equivalent, or whether they are incomparable. Second, we partition these notions of security into two classes (computational or information-theoretic) depending on whether one-way functions are necessary in order for encryption schemes satisfying the definition to exist. Perhaps our most surprising result is that security against adaptive chosen-plaintext attack is (polynomially) equivalent to security against non-adaptive chosen-plaintext attack. On the other hand, the ability of an adversary to mount a (non-adaptive) chosen-plaintext attack is the key feature distinguishing computational and information-theoretic notions of security. These results hold for all security notions considered here.