http://iet.metastore.ingenta.com
1887

Selective opening security of practical public-key encryption schemes

Selective opening security of practical public-key encryption schemes

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

The authors show that two well-known and widely employed public-key encryption schemes – RSA optimal asymmetric encryption padding (RSA-OAEP) and Diffie–Hellman integrated encryption scheme (DHIES), instantiated with a one-time pad, – are secure under (the strong, simulation-based security notion of) selective opening security against chosen-ciphertext attacks in the random oracle model. Both schemes are obtained via known generic transformations that transform relatively weak primitives (with security in the sense of one-wayness) to indistinguishability (IND)-CCA secure encryption schemes. The authors also show a similar result for the well-known Fujisaki–Okamoto transformation that can generically turn a one-way secure public key encryption system and a one-time pad into a IND-CCA-secure public-key encryption system. The authors prove that selective opening security comes for free in these transformations. Both DHIES and RSA-OAEP are important building blocks in several standards for public key encryption and key exchange protocols. The Fujisaki–Okamoto transformation is very versatile and has successfully been utilised to build efficient lattice-based cryptosystems. The considered schemes are the first practical cryptosystems that meet the strong notion of simulation-based selective opening (SIM-SO-CCA) security.

References

    1. 1)
      • D. Beaver .
        1. Beaver, D.: ‘Plug and play encryption’. Advances in Cryptology – CRYPTO ‘97, Volume 1294 of the series, Kaliski Jr. [32], Lecture Notes in Computer Science, pp. 7589.
        . Kaliski Jr. [32] , 75 - 89
    2. 2)
      • D. Beaver , S. Haber .
        2. Beaver, D., Haber, S.: ‘Cryptographic protocols provably secure against dynamic adversaries’. EUROCRYPT'92, Balatonfüred, Hungary, 24–28 May 1992 (LNCS, 658), pp. 307323.
        . EUROCRYPT'92 , 307 - 323
    3. 3)
      • R. Canetti , C. Dwork , M. Naor .
        3. Canetti, R., Dwork, C., Naor, M., et al: ‘Deniable encryption’. Kaliski Jr. [32], Advances in Cryptology – CRYPTO ‘97, Volume 1294 of the series, Lecture Notes in Computer Science, pp. 90104.
        . Kaliski Jr. [32] , 90 - 104
    4. 4)
      • R. Canetti , U. Feige , O. Goldreich .
        4. Canetti, R., Feige, U., Goldreich, O., et al: ‘Adaptively secure multi-party computation’. 28th ACM STOC, Philadephia, Pennsylvania, USA, 22–24 May 1996, pp. 639648.
        . 28th ACM STOC , 639 - 648
    5. 5)
      • R. Canetti , S. Halevi , J. Katz .
        5. Canetti, R., Halevi, S., Katz, J.: ‘Adaptively-secure, non-interactive public-key encryption’. TCC 2005, Cambridge, MA, USA, 10–12 February 2005 (LNCS, 3378), pp. 150168.
        . TCC 2005 , 150 - 168
    6. 6)
      • D. Hofheinz , A. Rupp .
        6. Hofheinz, D., Rupp, A.: ‘Standard versus selective opening security: separation and equivalence results’. TCC 2014, San Diego, CA, USA, 24–26 February 2014 (LNCS, 8349), pp. 591615.
        . TCC 2014 , 591 - 615
    7. 7)
      • M. Bellare , R. Dowsley , B. Waters .
        7. Bellare, M., Dowsley, R., Waters, B., et al: ‘Standard security does not imply security against selective-opening’. Pointcheval and Johansson [42], pp. 645662.
        . Pointcheval and Johansson [42] , 645 - 662
    8. 8)
      • F. Böhl , D. Hofheinz , D. Kraschewski .
        8. Böhl, F., Hofheinz, D., Kraschewski, D.: ‘On definitions of selective opening security’. PKC 2012, Darmstadt, Germany, 21–23 May 2012 (LNCS, 7293), pp. 522539.
        . PKC 2012 , 522 - 539
    9. 9)
      • S. Fehr , D. Hofheinz , E. Kiltz .
        9. Fehr, S., Hofheinz, D., Kiltz, E., et al: ‘Encryption schemes secure against chosen-ciphertext selective opening attacks’. EUROCRYPT 2010, French Riviera, 30 May–3 June 2010 (LNCS, 6110), pp. 381402.
        . EUROCRYPT 2010 , 381 - 402
    10. 10)
      • B. Hemenway , B. Libert , R. Ostrovsky .
        10. Hemenway, B., Libert, B., Ostrovsky, R., et al: ‘Lossy encryption: Constructions from general assumptions and efficient selective opening chosen ciphertext security’. ASIACRYPT 2011, Seoul, South Korea, 4–8 December 2011 (LNCS, 7073), pp. 7088.
        . ASIACRYPT 2011 , 70 - 88
    11. 11)
      • D. Hofheinz .
        11. Hofheinz, D.: ‘All-but-many lossy trapdoor functions’. Pointcheval and Johansson [42], pp. 209227.
        . Pointcheval and Johansson [42] , 209 - 227
    12. 12)
      • M. Bellare , D. Hofheinz , S. Yilek .
        12. Bellare, M., Hofheinz, D., Yilek, S.: ‘Possibility and impossibility results for encryption and commitment secure under selective opening’. Joux [30], pp. 135.
        . Joux [30] , 1 - 35
    13. 13)
      • M. Abdalla , M. Bellare , P. Rogaway .
        13. Abdalla, M., Bellare, M., Rogaway, P.: ‘The oracle Diffie-Hellman assumptions and an analysis of DHIES’. Naccache [36], pp. 143158.
        . Naccache [36] , 143 - 158
    14. 14)
      • R. Steinfeld , J. Baek , Y. Zheng .
        14. Steinfeld, R., Baek, J., Zheng, Y.: ‘On the necessity of strong assumptions for the security of a class of asymmetric encryption schemes’. ACISP 02, Melbourne, Victoria, Australia, 3–5 July 2002 (LNCS, 2384), pp. 241256.
        . ACISP 02 , 241 - 256
    15. 15)
      • M. Bellare , P. Rogaway .
        15. Bellare, M., Rogaway, P.: ‘Optimal asymmetric encryption’. EUROCRYPT'94, Perugia, Italy, 9–12 May 1994 (LNCS, 950), pp. 92111.
        . EUROCRYPT'94 , 92 - 111
    16. 16)
      • T. Dierks , E. Rescorla .
        16. Dierks, T., Rescorla, E.: ‘The transport layer security (TLS) protocol version 1.2’. RFC 5246 (Proposed Standard), August 2008. Updated by RFCs 5746, 5878, 6176.
        .
    17. 17)
      • E. Rescorla .
        17. Rescorla, E.: ‘Preventing the million message attack on cryptographic message syntax’. RFC 3218 (Informational), January 2002.
        .
    18. 18)
      • B. Harris .
        18. Harris, B.: ‘RSA key exchange for the secure shell (SSH) transport layer protocol’. RFC 4432 (Proposed Standard), March 2006.
        .
    19. 19)
      • R. Housley .
        19. Housley, R.: ‘Use of the RSAES-OAEP key transport algorithm in cryptographic message syntax (CMS)’. RFC 3560 (Proposed Standard), July 2003.
        .
    20. 20)
      • B. Ramsdell , S. Turner .
        20. Ramsdell, B., Turner, S.: ‘Secure/multipurpose internet mail extensions (S/MIME) version 3.2 message specification’. RFC 5751 (Proposed Standard), January 2010.
        .
    21. 21)
      • T. Clancy , W. Arbaugh .
        21. Clancy, T., Arbaugh, W.: ‘Extensible authentication protocol (EAP) password authenticated exchange’. RFC 4746 (Informational), November 2006.
        .
    22. 22)
      • T. Nadeau , C. Srinivasan , A. Farrel .
        22. Nadeau, T., Srinivasan, C., Farrel, A.: ‘Multiprotocol label switching (MPLS) management overview’. RFC 4221 (Informational), November 2005.
        .
    23. 23)
      • K. Raeburn .
        23. Raeburn, K.: ‘Encryption and Checksum Specifications for Kerberos 5’. RFC 3961 (Proposed Standard), February 2005.
        .
    24. 24)
      • E. Fujisaki , T. Okamoto , D. Pointcheval .
        24. Fujisaki, E., Okamoto, T., Pointcheval, D., et al: ‘RSA-OAEP is secure under the RSA assumption’. CRYPTO 2001, Santa Barbara, CA, USA, 19–23 August 2001 (LNCS, 2139), pp. 260274.
        . CRYPTO 2001 , 260 - 274
    25. 25)
      • M. Bellare , P. Rogaway .
        25. Bellare, M., Rogaway, P.: ‘The security of triple encryption and a framework for code-based game-playing proofs’. EUROCRYPT 2006, St. Petersburg, Russia, 28 May–1 June 2006 (LNCS, 4004), pp. 409426.
        . EUROCRYPT 2006 , 409 - 426
    26. 26)
      • M. Backes , M. Dürmuth , D. Unruh .
        26. Backes, M., Dürmuth, M., Unruh, D.: ‘OAEP is secure under key-dependent messages’. ASIACRYPT 2008, Melbourne, Australia, 7–11 December 2008 (LNCS, 5350), pp. 506523.
        . ASIACRYPT 2008 , 506 - 523
    27. 27)
      • A. Boldyreva , M. Fischlin .
        27. Boldyreva, A., Fischlin, M.: ‘On the security of OAEP’. ASIACRYPT 2006, Shanghai, China, 3–7 December 2006 (LNCS, 4284), pp. 210225.
        . ASIACRYPT 2006 , 210 - 225
    28. 28)
      • E. Fujisaki , T. Okamoto .
        28. Fujisaki, E., Okamoto, T.: ‘Secure integration of asymmetric and symmetric encryption schemes’, Journal of Cryptology, 2013, 26, (1), pp. 80101.
        . Journal of Cryptology , 1 , 80 - 101
    29. 29)
      • C. Peikert .
        29. Peikert, C.: ‘Lattice cryptography for the internet’. Post-Quantum Cryptography – 6th International Workshop, PQCrypto 2014, Waterloo, ON, Canada, 1–3 October 2014 (LNCS, 8772), pp. 197219.
        . Post-Quantum Cryptography – 6th International Workshop, PQCrypto 2014 , 197 - 219
    30. 30)
      • C. Peikert , B. Waters .
        30. Peikert, C., Waters, B.: ‘Lossy trapdoor functions and their applications’. 40th ACM STOC, Victoria, British Columbia, Canada, 17–20 May 2008, pp. 187196.
        . 40th ACM STOC , 187 - 196
    31. 31)
      • E. Fujisaki .
        31. Fujisaki, E.: ‘All-but-many encryptions: A new framework for fully-equipped UC commitments’. Cryptology ePrint Archive, Report 2012/379, 2012. http://eprint.iacr.org/.
        .
    32. 32)
      • M. Bellare , B. Waters , S. Yilek .
        32. Bellare, M., Waters, B., Yilek, S.: ‘Identity-based encryption secure against selective opening attack’. TCC 2011, Providence, RI, USA, 28–30 March 2011 (LNCS, 6597), pp. 235252.
        . TCC 2011 , 235 - 252
    33. 33)
      • J. Lai , R.H. Deng , S. Liu .
        33. Lai, J., Deng, R.H., Liu, S., et al: ‘Identity-based encryption secure against selective opening chosen-ciphertext attack’. EUROCRYPT 2014, Copenhagen, Denmark, 11–15 May 2014 (LNCS, 8441), pp. 7792.
        . EUROCRYPT 2014 , 77 - 92
    34. 34)
      • V. Shoup .
        34. Shoup, V.: ‘OAEP reconsidered’, Journal of Cryptology, 2002, 15, (4), pp. 223249.
        . Journal of Cryptology , 4 , 223 - 249
    35. 35)
      • E. Kiltz , A. O'Neill , A. Smith .
        35. Kiltz, E., O'Neill, A., Smith, A.: ‘Instantiability of RSA-OAEP under chosen-plaintext attack’. CRYPTO 2010, Santa Barbara, CA, USA, 15–19 August 2010 (LNCS, 6223), pp. 295313.
        . CRYPTO 2010 , 295 - 313
    36. 36)
      • D.R.L. Brown .
        36. Brown, D.R.L.: ‘What hashes make RSA-OAEP secure?’. Cryptology ePrint Archive, Report 2006/223, 2006. http://eprint.iacr.org/.
        .
    37. 37)
      • E. Kiltz , K. Pietrzak .
        37. Kiltz, E., Pietrzak, K.: ‘On the security of padding-based encryption schemes – or – why we cannot prove OAEP secure in the standard model’. Joux [30], pp. 389406.
        . Joux [30] , 389 - 406
    38. 38)
      • E. Fujisaki , T. Okamoto .
        38. Fujisaki, E., Okamoto, T.: ‘Secure integration of asymmetric and symmetric encryption schemes’. CRYPTO'99, Santa Barbara, CA, USA, 15–19 August 1999 (LNCS, 1666), pp. 537554.
        . CRYPTO'99 , 537 - 554
    39. 39)
      • M. Joye , J.-J. Quisquater , M. Yung .
        39. Joye, M., Quisquater, J.-J., Yung, M.: ‘On the power of misbehaving adversaries and security analysis of the original EPOC’. Naccache [36], pp. 208222.
        . Naccache [36] , 208 - 222
    40. 40)
      • K. Sakurai , T. Takagi .
        40. Sakurai, K., Takagi, T.: ‘A reject timing attackon an IND-CCA2 public-key cryptosystem’. Information Security and Cryptology – ICISC 2002, 5th International Conference, Seoul, Korea, 28–29 November 2002 (LNCS, 2587), pp. 359373.
        . Information Security and Cryptology – ICISC 2002, 5th International Conference , 359 - 373
    41. 41)
      • T. Okamoto , S. Uchiyama .
        41. Okamoto, T., Uchiyama, S.: ‘A new public-key cryptosystem as secure as factoring’. Advances in Cryptology – EUROCRYPT ‘98, International Conference on the Theory and Application of Cryptographic Techniques, Espoo, Finland, 31 May–4 June 1998 (LNCS, 1403), pp. 308318.
        . Advances in Cryptology – EUROCRYPT ‘98, International Conference on the Theory and Application of Cryptographic Techniques , 308 - 318
    42. 42)
      • T. Okamoto , D. Pointcheval .
        42. Okamoto, T., Pointcheval, D.: ‘REACT: rapid enhanced-security asymmetric cryptosystem transform’. Naccache [36], pp. 159175.
        . Naccache [36] , 159 - 175
    43. 43)
      • R. Cramer , V. Shoup .
        43. Cramer, R., Shoup, V.: ‘Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack’, SIAM J. Comput., 2003, 33, (1), pp. 167226.
        . SIAM J. Comput. , 1 , 167 - 226
    44. 44)
      • V. Shoup .
        44. Shoup, V.: ‘ISO 18033-2: An emerging standard for public-key encryption’, December 2004. Final Committee Draft. http://shoup.net/iso/std6.pdf.
        .
    45. 45)
      • M. Bellare , P. Rogaway .
        45. Bellare, M., Rogaway, P.: ‘Random oracles are practical: a paradigm for designing efficient protocols’. ACM CCS 93, Fairfax, Virginia, USA, 3–5 November 1993, pp. 6273.
        . ACM CCS 93 , 62 - 73
    46. 46)
      • V. Shoup .
        46. Shoup, V.: ‘Sequences of games: a tool for taming complexity in security proofs’, 2004. shoup@cs.nyu.edu 13166 received 30 November 2004, last revised 18 January 2006.
        .
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2015.0507
Loading

Related content

content/journals/10.1049/iet-ifs.2015.0507
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address