The enhanced chosen-ciphertext security (ECCA) is motivated by the concept of randomness recovering encryption, which was presented by Dana Dachman-Soled et al. in PKC 2014 [9]. ECCA security is the enhanced version of CCA security. CCA security often appears to be somewhat too strong, so ECCA security is also too strong: there exist encryption schemes that are not ECCA secure but still have some practical application. Canetti et al. proposed a relaxed variant of CCA security called Replayable CCA (RCCA) security in CRYPTO 2003 [3]. In this paper, we propose a relaxed variant of ECCA security called Replayable security (RECCA). RECCA security is the enhanced version of RCCA security. Since RCCA security suffices for the most existing application of CCA security, RECCA security also suffices for them, too. Moreover, RECCA security provides a useful general version of security against active attacks.

Network coding signature (NCS) scheme is a cryptographic tool for network coding against pollution attacks. In [5], Chang et al. first introduced the related-key attack (RKA) to the NCS schemes and tried to give an instantiation of it. However, their instantiation is based on the random oracle (RO) model. In this letter, we present a standard-model instantiation. In particular, we prove that standard-model-based NCS scheme introduced by Boneh et al. in [4] (BFKW scheme, for short) can achieve Φ-RKA security if the underlying signature scheme is also Φ-RKA secure, where Φ is any family of functions defined on signing keys of NCS schemes.