© The Institution of Engineering and Technology
The authors show that two well-known and widely employed public-key encryption schemes – RSA optimal asymmetric encryption padding (RSA-OAEP) and Diffie–Hellman integrated encryption scheme (DHIES), instantiated with a one-time pad, – are secure under (the strong, simulation-based security notion of) selective opening security against chosen-ciphertext attacks in the random oracle model. Both schemes are obtained via known generic transformations that transform relatively weak primitives (with security in the sense of one-wayness) to indistinguishability (IND)-CCA secure encryption schemes. The authors also show a similar result for the well-known Fujisaki–Okamoto transformation that can generically turn a one-way secure public key encryption system and a one-time pad into a IND-CCA-secure public-key encryption system. The authors prove that selective opening security comes for free in these transformations. Both DHIES and RSA-OAEP are important building blocks in several standards for public key encryption and key exchange protocols. The Fujisaki–Okamoto transformation is very versatile and has successfully been utilised to build efficient lattice-based cryptosystems. The considered schemes are the first practical cryptosystems that meet the strong notion of simulation-based selective opening (SIM-SO-CCA) security.
References
-
-
1)
-
6. Hofheinz, D., Rupp, A.: ‘Standard versus selective opening security: separation and equivalence results’. TCC 2014, San Diego, CA, USA, 24–26 February 2014 (, 8349), pp. 591–615.
-
2)
-
25. Bellare, M., Rogaway, P.: ‘The security of triple encryption and a framework for code-based game-playing proofs’. EUROCRYPT 2006, St. Petersburg, Russia, 28 May–1 June 2006 (, 4004), pp. 409–426.
-
3)
-
14. Steinfeld, R., Baek, J., Zheng, Y.: ‘On the necessity of strong assumptions for the security of a class of asymmetric encryption schemes’. ACISP 02, Melbourne, Victoria, Australia, 3–5 July 2002 (, 2384), pp. 241–256.
-
4)
-
36. Brown, D.R.L.: ‘What hashes make RSA-OAEP secure?’. , 2006. .
-
5)
-
21. Clancy, T., Arbaugh, W.: ‘Extensible authentication protocol (EAP) password authenticated exchange’. , November 2006.
-
6)
-
20. Ramsdell, B., Turner, S.: ‘Secure/multipurpose internet mail extensions (S/MIME) version 3.2 message specification’. , January 2010.
-
7)
-
2. Beaver, D., Haber, S.: ‘Cryptographic protocols provably secure against dynamic adversaries’. EUROCRYPT'92, Balatonfüred, Hungary, 24–28 May 1992 (, 658), pp. 307–323.
-
8)
-
12. Bellare, M., Hofheinz, D., Yilek, S.: ‘Possibility and impossibility results for encryption and commitment secure under selective opening’. Joux [30], pp. 1–35.
-
9)
-
23. Raeburn, K.: ‘Encryption and Checksum Specifications for Kerberos 5’. , February 2005.
-
10)
-
40. Sakurai, K., Takagi, T.: ‘A reject timing attackon an IND-CCA2 public-key cryptosystem’. Information Security and Cryptology – ICISC 2002, 5th International Conference, Seoul, Korea, 28–29 November 2002 (, 2587), pp. 359–373.
-
11)
-
1. Beaver, D.: ‘Plug and play encryption’. , Kaliski Jr. [32], Lecture Notes in Computer Science, pp. 75–89.
-
12)
-
41. Okamoto, T., Uchiyama, S.: ‘A new public-key cryptosystem as secure as factoring’. Advances in Cryptology – EUROCRYPT ‘98, International Conference on the Theory and Application of Cryptographic Techniques, Espoo, Finland, 31 May–4 June 1998 (, 1403), pp. 308–318.
-
13)
-
33. Lai, J., Deng, R.H., Liu, S., et al: ‘Identity-based encryption secure against selective opening chosen-ciphertext attack’. EUROCRYPT 2014, Copenhagen, Denmark, 11–15 May 2014 (, 8441), pp. 77–92.
-
14)
-
7. Bellare, M., Dowsley, R., Waters, B., et al: ‘Standard security does not imply security against selective-opening’. Pointcheval and Johansson [42], pp. 645–662.
-
15)
-
34. Shoup, V.: ‘OAEP reconsidered’, Journal of Cryptology, 2002, 15, (4), pp. 223–249.
-
16)
-
46. Shoup, V.: ‘Sequences of games: a tool for taming complexity in security proofs’, 2004. .
-
17)
-
4. Canetti, R., Feige, U., Goldreich, O., et al: ‘Adaptively secure multi-party computation’. 28th ACM STOC, Philadephia, Pennsylvania, USA, 22–24 May 1996, pp. 639–648.
-
18)
-
43. Cramer, R., Shoup, V.: ‘Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack’, SIAM J. Comput., 2003, 33, (1), pp. 167–226.
-
19)
-
13. Abdalla, M., Bellare, M., Rogaway, P.: ‘The oracle Diffie-Hellman assumptions and an analysis of DHIES’. Naccache [36], pp. 143–158.
-
20)
-
28. Fujisaki, E., Okamoto, T.: ‘Secure integration of asymmetric and symmetric encryption schemes’, Journal of Cryptology, 2013, 26, (1), pp. 80–101.
-
21)
-
44. Shoup, V.: ‘ISO 18033-2: An emerging standard for public-key encryption’, December 2004. .
-
22)
-
22. Nadeau, T., Srinivasan, C., Farrel, A.: ‘Multiprotocol label switching (MPLS) management overview’. , November 2005.
-
23)
-
17. Rescorla, E.: ‘Preventing the million message attack on cryptographic message syntax’. , January 2002.
-
24)
-
24. Fujisaki, E., Okamoto, T., Pointcheval, D., et al: ‘RSA-OAEP is secure under the RSA assumption’. CRYPTO 2001, Santa Barbara, CA, USA, 19–23 August 2001 (, 2139), pp. 260–274.
-
25)
-
32. Bellare, M., Waters, B., Yilek, S.: ‘Identity-based encryption secure against selective opening attack’. TCC 2011, Providence, RI, USA, 28–30 March 2011 (, 6597), pp. 235–252.
-
26)
-
3. Canetti, R., Dwork, C., Naor, M., et al: ‘Deniable encryption’. Kaliski Jr. [32], , Lecture Notes in Computer Science, pp. 90–104.
-
27)
-
38. Fujisaki, E., Okamoto, T.: ‘Secure integration of asymmetric and symmetric encryption schemes’. CRYPTO'99, Santa Barbara, CA, USA, 15–19 August 1999 (, 1666), pp. 537–554.
-
28)
-
19. Housley, R.: ‘Use of the RSAES-OAEP key transport algorithm in cryptographic message syntax (CMS)’. , July 2003.
-
29)
-
37. Kiltz, E., Pietrzak, K.: ‘On the security of padding-based encryption schemes – or – why we cannot prove OAEP secure in the standard model’. Joux [30], pp. 389–406.
-
30)
-
27. Boldyreva, A., Fischlin, M.: ‘On the security of OAEP’. ASIACRYPT 2006, Shanghai, China, 3–7 December 2006 (, 4284), pp. 210–225.
-
31)
-
5. Canetti, R., Halevi, S., Katz, J.: ‘Adaptively-secure, non-interactive public-key encryption’. TCC 2005, Cambridge, MA, USA, 10–12 February 2005 (, 3378), pp. 150–168.
-
32)
-
18. Harris, B.: ‘RSA key exchange for the secure shell (SSH) transport layer protocol’. , March 2006.
-
33)
-
16. Dierks, T., Rescorla, E.: ‘The transport layer security (TLS) protocol version 1.2’. , August 2008. .
-
34)
-
39. Joye, M., Quisquater, J.-J., Yung, M.: ‘On the power of misbehaving adversaries and security analysis of the original EPOC’. Naccache [36], pp. 208–222.
-
35)
-
15. Bellare, M., Rogaway, P.: ‘Optimal asymmetric encryption’. EUROCRYPT'94, Perugia, Italy, 9–12 May 1994 (, 950), pp. 92–111.
-
36)
-
26. Backes, M., Dürmuth, M., Unruh, D.: ‘OAEP is secure under key-dependent messages’. ASIACRYPT 2008, Melbourne, Australia, 7–11 December 2008 (, 5350), pp. 506–523.
-
37)
-
10. Hemenway, B., Libert, B., Ostrovsky, R., et al: ‘Lossy encryption: Constructions from general assumptions and efficient selective opening chosen ciphertext security’. ASIACRYPT 2011, Seoul, South Korea, 4–8 December 2011 (, 7073), pp. 70–88.
-
38)
-
30. Peikert, C., Waters, B.: ‘Lossy trapdoor functions and their applications’. 40th ACM STOC, Victoria, British Columbia, Canada, 17–20 May 2008, pp. 187–196.
-
39)
-
35. Kiltz, E., O'Neill, A., Smith, A.: ‘Instantiability of RSA-OAEP under chosen-plaintext attack’. CRYPTO 2010, Santa Barbara, CA, USA, 15–19 August 2010 (, 6223), pp. 295–313.
-
40)
-
45. Bellare, M., Rogaway, P.: ‘Random oracles are practical: a paradigm for designing efficient protocols’. ACM CCS 93, Fairfax, Virginia, USA, 3–5 November 1993, pp. 62–73.
-
41)
-
11. Hofheinz, D.: ‘All-but-many lossy trapdoor functions’. Pointcheval and Johansson [42], pp. 209–227.
-
42)
-
29. Peikert, C.: ‘Lattice cryptography for the internet’. Post-Quantum Cryptography – 6th International Workshop, PQCrypto 2014, Waterloo, ON, Canada, 1–3 October 2014 (, 8772), pp. 197–219.
-
43)
-
8. Böhl, F., Hofheinz, D., Kraschewski, D.: ‘On definitions of selective opening security’. PKC 2012, Darmstadt, Germany, 21–23 May 2012 (, 7293), pp. 522–539.
-
44)
-
31. Fujisaki, E.: ‘All-but-many encryptions: A new framework for fully-equipped UC commitments’. , 2012. .
-
45)
-
9. Fehr, S., Hofheinz, D., Kiltz, E., et al: ‘Encryption schemes secure against chosen-ciphertext selective opening attacks’. EUROCRYPT 2010, French Riviera, 30 May–3 June 2010 (, 6110), pp. 381–402.
-
46)
-
42. Okamoto, T., Pointcheval, D.: ‘REACT: rapid enhanced-security asymmetric cryptosystem transform’. Naccache [36], pp. 159–175.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2015.0507
Related content
content/journals/10.1049/iet-ifs.2015.0507
pub_keyword,iet_inspecKeyword,pub_concept
6
6