http://iet.metastore.ingenta.com
1887

Selective opening security of practical public-key encryption schemes

Selective opening security of practical public-key encryption schemes

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

The authors show that two well-known and widely employed public-key encryption schemes – RSA optimal asymmetric encryption padding (RSA-OAEP) and Diffie–Hellman integrated encryption scheme (DHIES), instantiated with a one-time pad, – are secure under (the strong, simulation-based security notion of) selective opening security against chosen-ciphertext attacks in the random oracle model. Both schemes are obtained via known generic transformations that transform relatively weak primitives (with security in the sense of one-wayness) to indistinguishability (IND)-CCA secure encryption schemes. The authors also show a similar result for the well-known Fujisaki–Okamoto transformation that can generically turn a one-way secure public key encryption system and a one-time pad into a IND-CCA-secure public-key encryption system. The authors prove that selective opening security comes for free in these transformations. Both DHIES and RSA-OAEP are important building blocks in several standards for public key encryption and key exchange protocols. The Fujisaki–Okamoto transformation is very versatile and has successfully been utilised to build efficient lattice-based cryptosystems. The considered schemes are the first practical cryptosystems that meet the strong notion of simulation-based selective opening (SIM-SO-CCA) security.

References

    1. 1)
      • 1. Beaver, D.: ‘Plug and play encryption’. Advances in Cryptology – CRYPTO ‘97, Volume 1294 of the series, Kaliski Jr. [32], Lecture Notes in Computer Science, pp. 7589.
    2. 2)
      • 2. Beaver, D., Haber, S.: ‘Cryptographic protocols provably secure against dynamic adversaries’. EUROCRYPT'92, Balatonfüred, Hungary, 24–28 May 1992 (LNCS, 658), pp. 307323.
    3. 3)
      • 3. Canetti, R., Dwork, C., Naor, M., et al: ‘Deniable encryption’. Kaliski Jr. [32], Advances in Cryptology – CRYPTO ‘97, Volume 1294 of the series, Lecture Notes in Computer Science, pp. 90104.
    4. 4)
      • 4. Canetti, R., Feige, U., Goldreich, O., et al: ‘Adaptively secure multi-party computation’. 28th ACM STOC, Philadephia, Pennsylvania, USA, 22–24 May 1996, pp. 639648.
    5. 5)
      • 5. Canetti, R., Halevi, S., Katz, J.: ‘Adaptively-secure, non-interactive public-key encryption’. TCC 2005, Cambridge, MA, USA, 10–12 February 2005 (LNCS, 3378), pp. 150168.
    6. 6)
      • 6. Hofheinz, D., Rupp, A.: ‘Standard versus selective opening security: separation and equivalence results’. TCC 2014, San Diego, CA, USA, 24–26 February 2014 (LNCS, 8349), pp. 591615.
    7. 7)
      • 7. Bellare, M., Dowsley, R., Waters, B., et al: ‘Standard security does not imply security against selective-opening’. Pointcheval and Johansson [42], pp. 645662.
    8. 8)
      • 8. Böhl, F., Hofheinz, D., Kraschewski, D.: ‘On definitions of selective opening security’. PKC 2012, Darmstadt, Germany, 21–23 May 2012 (LNCS, 7293), pp. 522539.
    9. 9)
      • 9. Fehr, S., Hofheinz, D., Kiltz, E., et al: ‘Encryption schemes secure against chosen-ciphertext selective opening attacks’. EUROCRYPT 2010, French Riviera, 30 May–3 June 2010 (LNCS, 6110), pp. 381402.
    10. 10)
      • 10. Hemenway, B., Libert, B., Ostrovsky, R., et al: ‘Lossy encryption: Constructions from general assumptions and efficient selective opening chosen ciphertext security’. ASIACRYPT 2011, Seoul, South Korea, 4–8 December 2011 (LNCS, 7073), pp. 7088.
    11. 11)
      • 11. Hofheinz, D.: ‘All-but-many lossy trapdoor functions’. Pointcheval and Johansson [42], pp. 209227.
    12. 12)
      • 12. Bellare, M., Hofheinz, D., Yilek, S.: ‘Possibility and impossibility results for encryption and commitment secure under selective opening’. Joux [30], pp. 135.
    13. 13)
      • 13. Abdalla, M., Bellare, M., Rogaway, P.: ‘The oracle Diffie-Hellman assumptions and an analysis of DHIES’. Naccache [36], pp. 143158.
    14. 14)
      • 14. Steinfeld, R., Baek, J., Zheng, Y.: ‘On the necessity of strong assumptions for the security of a class of asymmetric encryption schemes’. ACISP 02, Melbourne, Victoria, Australia, 3–5 July 2002 (LNCS, 2384), pp. 241256.
    15. 15)
      • 15. Bellare, M., Rogaway, P.: ‘Optimal asymmetric encryption’. EUROCRYPT'94, Perugia, Italy, 9–12 May 1994 (LNCS, 950), pp. 92111.
    16. 16)
      • 16. Dierks, T., Rescorla, E.: ‘The transport layer security (TLS) protocol version 1.2’. RFC 5246 (Proposed Standard), August 2008. Updated by RFCs 5746, 5878, 6176.
    17. 17)
      • 17. Rescorla, E.: ‘Preventing the million message attack on cryptographic message syntax’. RFC 3218 (Informational), January 2002.
    18. 18)
      • 18. Harris, B.: ‘RSA key exchange for the secure shell (SSH) transport layer protocol’. RFC 4432 (Proposed Standard), March 2006.
    19. 19)
      • 19. Housley, R.: ‘Use of the RSAES-OAEP key transport algorithm in cryptographic message syntax (CMS)’. RFC 3560 (Proposed Standard), July 2003.
    20. 20)
      • 20. Ramsdell, B., Turner, S.: ‘Secure/multipurpose internet mail extensions (S/MIME) version 3.2 message specification’. RFC 5751 (Proposed Standard), January 2010.
    21. 21)
      • 21. Clancy, T., Arbaugh, W.: ‘Extensible authentication protocol (EAP) password authenticated exchange’. RFC 4746 (Informational), November 2006.
    22. 22)
      • 22. Nadeau, T., Srinivasan, C., Farrel, A.: ‘Multiprotocol label switching (MPLS) management overview’. RFC 4221 (Informational), November 2005.
    23. 23)
      • 23. Raeburn, K.: ‘Encryption and Checksum Specifications for Kerberos 5’. RFC 3961 (Proposed Standard), February 2005.
    24. 24)
      • 24. Fujisaki, E., Okamoto, T., Pointcheval, D., et al: ‘RSA-OAEP is secure under the RSA assumption’. CRYPTO 2001, Santa Barbara, CA, USA, 19–23 August 2001 (LNCS, 2139), pp. 260274.
    25. 25)
      • 25. Bellare, M., Rogaway, P.: ‘The security of triple encryption and a framework for code-based game-playing proofs’. EUROCRYPT 2006, St. Petersburg, Russia, 28 May–1 June 2006 (LNCS, 4004), pp. 409426.
    26. 26)
      • 26. Backes, M., Dürmuth, M., Unruh, D.: ‘OAEP is secure under key-dependent messages’. ASIACRYPT 2008, Melbourne, Australia, 7–11 December 2008 (LNCS, 5350), pp. 506523.
    27. 27)
      • 27. Boldyreva, A., Fischlin, M.: ‘On the security of OAEP’. ASIACRYPT 2006, Shanghai, China, 3–7 December 2006 (LNCS, 4284), pp. 210225.
    28. 28)
      • 28. Fujisaki, E., Okamoto, T.: ‘Secure integration of asymmetric and symmetric encryption schemes’, Journal of Cryptology, 2013, 26, (1), pp. 80101.
    29. 29)
      • 29. Peikert, C.: ‘Lattice cryptography for the internet’. Post-Quantum Cryptography – 6th International Workshop, PQCrypto 2014, Waterloo, ON, Canada, 1–3 October 2014 (LNCS, 8772), pp. 197219.
    30. 30)
      • 30. Peikert, C., Waters, B.: ‘Lossy trapdoor functions and their applications’. 40th ACM STOC, Victoria, British Columbia, Canada, 17–20 May 2008, pp. 187196.
    31. 31)
      • 31. Fujisaki, E.: ‘All-but-many encryptions: A new framework for fully-equipped UC commitments’. Cryptology ePrint Archive, Report 2012/379, 2012. http://eprint.iacr.org/.
    32. 32)
      • 32. Bellare, M., Waters, B., Yilek, S.: ‘Identity-based encryption secure against selective opening attack’. TCC 2011, Providence, RI, USA, 28–30 March 2011 (LNCS, 6597), pp. 235252.
    33. 33)
      • 33. Lai, J., Deng, R.H., Liu, S., et al: ‘Identity-based encryption secure against selective opening chosen-ciphertext attack’. EUROCRYPT 2014, Copenhagen, Denmark, 11–15 May 2014 (LNCS, 8441), pp. 7792.
    34. 34)
      • 34. Shoup, V.: ‘OAEP reconsidered’, Journal of Cryptology, 2002, 15, (4), pp. 223249.
    35. 35)
      • 35. Kiltz, E., O'Neill, A., Smith, A.: ‘Instantiability of RSA-OAEP under chosen-plaintext attack’. CRYPTO 2010, Santa Barbara, CA, USA, 15–19 August 2010 (LNCS, 6223), pp. 295313.
    36. 36)
      • 36. Brown, D.R.L.: ‘What hashes make RSA-OAEP secure?’. Cryptology ePrint Archive, Report 2006/223, 2006. http://eprint.iacr.org/.
    37. 37)
      • 37. Kiltz, E., Pietrzak, K.: ‘On the security of padding-based encryption schemes – or – why we cannot prove OAEP secure in the standard model’. Joux [30], pp. 389406.
    38. 38)
      • 38. Fujisaki, E., Okamoto, T.: ‘Secure integration of asymmetric and symmetric encryption schemes’. CRYPTO'99, Santa Barbara, CA, USA, 15–19 August 1999 (LNCS, 1666), pp. 537554.
    39. 39)
      • 39. Joye, M., Quisquater, J.-J., Yung, M.: ‘On the power of misbehaving adversaries and security analysis of the original EPOC’. Naccache [36], pp. 208222.
    40. 40)
      • 40. Sakurai, K., Takagi, T.: ‘A reject timing attackon an IND-CCA2 public-key cryptosystem’. Information Security and Cryptology – ICISC 2002, 5th International Conference, Seoul, Korea, 28–29 November 2002 (LNCS, 2587), pp. 359373.
    41. 41)
      • 41. Okamoto, T., Uchiyama, S.: ‘A new public-key cryptosystem as secure as factoring’. Advances in Cryptology – EUROCRYPT ‘98, International Conference on the Theory and Application of Cryptographic Techniques, Espoo, Finland, 31 May–4 June 1998 (LNCS, 1403), pp. 308318.
    42. 42)
      • 42. Okamoto, T., Pointcheval, D.: ‘REACT: rapid enhanced-security asymmetric cryptosystem transform’. Naccache [36], pp. 159175.
    43. 43)
      • 43. Cramer, R., Shoup, V.: ‘Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack’, SIAM J. Comput., 2003, 33, (1), pp. 167226.
    44. 44)
      • 44. Shoup, V.: ‘ISO 18033-2: An emerging standard for public-key encryption’, December 2004. Final Committee Draft. http://shoup.net/iso/std6.pdf.
    45. 45)
      • 45. Bellare, M., Rogaway, P.: ‘Random oracles are practical: a paradigm for designing efficient protocols’. ACM CCS 93, Fairfax, Virginia, USA, 3–5 November 1993, pp. 6273.
    46. 46)
      • 46. Shoup, V.: ‘Sequences of games: a tool for taming complexity in security proofs’, 2004. shoup@cs.nyu.edu 13166 received 30 November 2004, last revised 18 January 2006.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2015.0507
Loading

Related content

content/journals/10.1049/iet-ifs.2015.0507
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address