Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free Selective opening security of practical public-key encryption schemes

© The Institution of Engineering and Technology
Received 06/11/2015, Accepted 23/03/2016, Revised 22/03/2016, Published 07/04/2016

The authors show that two well-known and widely employed public-key encryption schemes – RSA optimal asymmetric encryption padding (RSA-OAEP) and Diffie–Hellman integrated encryption scheme (DHIES), instantiated with a one-time pad, – are secure under (the strong, simulation-based security notion of) selective opening security against chosen-ciphertext attacks in the random oracle model. Both schemes are obtained via known generic transformations that transform relatively weak primitives (with security in the sense of one-wayness) to indistinguishability (IND)-CCA secure encryption schemes. The authors also show a similar result for the well-known Fujisaki–Okamoto transformation that can generically turn a one-way secure public key encryption system and a one-time pad into a IND-CCA-secure public-key encryption system. The authors prove that selective opening security comes for free in these transformations. Both DHIES and RSA-OAEP are important building blocks in several standards for public key encryption and key exchange protocols. The Fujisaki–Okamoto transformation is very versatile and has successfully been utilised to build efficient lattice-based cryptosystems. The considered schemes are the first practical cryptosystems that meet the strong notion of simulation-based selective opening (SIM-SO-CCA) security.

Inspec keywords: public key cryptography; cryptographic protocols; computer network security

Other keywords: RSA optimal asymmetric encryption padding; indistinguishability-CCA secure encryption scheme; Diffie-Hellman integrated encryption scheme; RSA-OAEP; random oracle model; IND-CCA secure public key encryption system; DHIES; generic transformation; lattice-based cryptosystem; chosen-ciphertext attack; practical one way public key encryption scheme; key exchange protocol; Fujisaki-Okamoto transformation; SIM-SO-CCA; simulation-based selective opening security

Subjects: Cryptography; Data security; Protocols; Computer communications

References

    1. 1)
      • 6. Hofheinz, D., Rupp, A.: ‘Standard versus selective opening security: separation and equivalence results’. TCC 2014, San Diego, CA, USA, 24–26 February 2014 (LNCS, 8349), pp. 591615.
    2. 2)
      • 25. Bellare, M., Rogaway, P.: ‘The security of triple encryption and a framework for code-based game-playing proofs’. EUROCRYPT 2006, St. Petersburg, Russia, 28 May–1 June 2006 (LNCS, 4004), pp. 409426.
    3. 3)
      • 14. Steinfeld, R., Baek, J., Zheng, Y.: ‘On the necessity of strong assumptions for the security of a class of asymmetric encryption schemes’. ACISP 02, Melbourne, Victoria, Australia, 3–5 July 2002 (LNCS, 2384), pp. 241256.
    4. 4)
      • 36. Brown, D.R.L.: ‘What hashes make RSA-OAEP secure?’. Cryptology ePrint Archive, Report 2006/223, 2006. http://eprint.iacr.org/.
    5. 5)
      • 21. Clancy, T., Arbaugh, W.: ‘Extensible authentication protocol (EAP) password authenticated exchange’. RFC 4746 (Informational), November 2006.
    6. 6)
      • 20. Ramsdell, B., Turner, S.: ‘Secure/multipurpose internet mail extensions (S/MIME) version 3.2 message specification’. RFC 5751 (Proposed Standard), January 2010.
    7. 7)
      • 2. Beaver, D., Haber, S.: ‘Cryptographic protocols provably secure against dynamic adversaries’. EUROCRYPT'92, Balatonfüred, Hungary, 24–28 May 1992 (LNCS, 658), pp. 307323.
    8. 8)
      • 12. Bellare, M., Hofheinz, D., Yilek, S.: ‘Possibility and impossibility results for encryption and commitment secure under selective opening’. Joux [30], pp. 135.
    9. 9)
      • 23. Raeburn, K.: ‘Encryption and Checksum Specifications for Kerberos 5’. RFC 3961 (Proposed Standard), February 2005.
    10. 10)
      • 40. Sakurai, K., Takagi, T.: ‘A reject timing attackon an IND-CCA2 public-key cryptosystem’. Information Security and Cryptology – ICISC 2002, 5th International Conference, Seoul, Korea, 28–29 November 2002 (LNCS, 2587), pp. 359373.
    11. 11)
      • 1. Beaver, D.: ‘Plug and play encryption’. Advances in Cryptology – CRYPTO ‘97, Volume 1294 of the series, Kaliski Jr. [32], Lecture Notes in Computer Science, pp. 7589.
    12. 12)
      • 41. Okamoto, T., Uchiyama, S.: ‘A new public-key cryptosystem as secure as factoring’. Advances in Cryptology – EUROCRYPT ‘98, International Conference on the Theory and Application of Cryptographic Techniques, Espoo, Finland, 31 May–4 June 1998 (LNCS, 1403), pp. 308318.
    13. 13)
      • 33. Lai, J., Deng, R.H., Liu, S., et al: ‘Identity-based encryption secure against selective opening chosen-ciphertext attack’. EUROCRYPT 2014, Copenhagen, Denmark, 11–15 May 2014 (LNCS, 8441), pp. 7792.
    14. 14)
      • 7. Bellare, M., Dowsley, R., Waters, B., et al: ‘Standard security does not imply security against selective-opening’. Pointcheval and Johansson [42], pp. 645662.
    15. 15)
      • 34. Shoup, V.: ‘OAEP reconsidered’, Journal of Cryptology, 2002, 15, (4), pp. 223249.
    16. 16)
      • 46. Shoup, V.: ‘Sequences of games: a tool for taming complexity in security proofs’, 2004. [email protected] 13166 received 30 November 2004, last revised 18 January 2006.
    17. 17)
      • 4. Canetti, R., Feige, U., Goldreich, O., et al: ‘Adaptively secure multi-party computation’. 28th ACM STOC, Philadephia, Pennsylvania, USA, 22–24 May 1996, pp. 639648.
    18. 18)
      • 43. Cramer, R., Shoup, V.: ‘Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack’, SIAM J. Comput., 2003, 33, (1), pp. 167226.
    19. 19)
      • 13. Abdalla, M., Bellare, M., Rogaway, P.: ‘The oracle Diffie-Hellman assumptions and an analysis of DHIES’. Naccache [36], pp. 143158.
    20. 20)
      • 28. Fujisaki, E., Okamoto, T.: ‘Secure integration of asymmetric and symmetric encryption schemes’, Journal of Cryptology, 2013, 26, (1), pp. 80101.
    21. 21)
      • 44. Shoup, V.: ‘ISO 18033-2: An emerging standard for public-key encryption’, December 2004. Final Committee Draft. http://shoup.net/iso/std6.pdf.
    22. 22)
      • 22. Nadeau, T., Srinivasan, C., Farrel, A.: ‘Multiprotocol label switching (MPLS) management overview’. RFC 4221 (Informational), November 2005.
    23. 23)
      • 17. Rescorla, E.: ‘Preventing the million message attack on cryptographic message syntax’. RFC 3218 (Informational), January 2002.
    24. 24)
      • 24. Fujisaki, E., Okamoto, T., Pointcheval, D., et al: ‘RSA-OAEP is secure under the RSA assumption’. CRYPTO 2001, Santa Barbara, CA, USA, 19–23 August 2001 (LNCS, 2139), pp. 260274.
    25. 25)
      • 32. Bellare, M., Waters, B., Yilek, S.: ‘Identity-based encryption secure against selective opening attack’. TCC 2011, Providence, RI, USA, 28–30 March 2011 (LNCS, 6597), pp. 235252.
    26. 26)
      • 3. Canetti, R., Dwork, C., Naor, M., et al: ‘Deniable encryption’. Kaliski Jr. [32], Advances in Cryptology – CRYPTO ‘97, Volume 1294 of the series, Lecture Notes in Computer Science, pp. 90104.
    27. 27)
      • 38. Fujisaki, E., Okamoto, T.: ‘Secure integration of asymmetric and symmetric encryption schemes’. CRYPTO'99, Santa Barbara, CA, USA, 15–19 August 1999 (LNCS, 1666), pp. 537554.
    28. 28)
      • 19. Housley, R.: ‘Use of the RSAES-OAEP key transport algorithm in cryptographic message syntax (CMS)’. RFC 3560 (Proposed Standard), July 2003.
    29. 29)
      • 37. Kiltz, E., Pietrzak, K.: ‘On the security of padding-based encryption schemes – or – why we cannot prove OAEP secure in the standard model’. Joux [30], pp. 389406.
    30. 30)
      • 27. Boldyreva, A., Fischlin, M.: ‘On the security of OAEP’. ASIACRYPT 2006, Shanghai, China, 3–7 December 2006 (LNCS, 4284), pp. 210225.
    31. 31)
      • 5. Canetti, R., Halevi, S., Katz, J.: ‘Adaptively-secure, non-interactive public-key encryption’. TCC 2005, Cambridge, MA, USA, 10–12 February 2005 (LNCS, 3378), pp. 150168.
    32. 32)
      • 18. Harris, B.: ‘RSA key exchange for the secure shell (SSH) transport layer protocol’. RFC 4432 (Proposed Standard), March 2006.
    33. 33)
      • 16. Dierks, T., Rescorla, E.: ‘The transport layer security (TLS) protocol version 1.2’. RFC 5246 (Proposed Standard), August 2008. Updated by RFCs 5746, 5878, 6176.
    34. 34)
      • 39. Joye, M., Quisquater, J.-J., Yung, M.: ‘On the power of misbehaving adversaries and security analysis of the original EPOC’. Naccache [36], pp. 208222.
    35. 35)
      • 15. Bellare, M., Rogaway, P.: ‘Optimal asymmetric encryption’. EUROCRYPT'94, Perugia, Italy, 9–12 May 1994 (LNCS, 950), pp. 92111.
    36. 36)
      • 26. Backes, M., Dürmuth, M., Unruh, D.: ‘OAEP is secure under key-dependent messages’. ASIACRYPT 2008, Melbourne, Australia, 7–11 December 2008 (LNCS, 5350), pp. 506523.
    37. 37)
      • 10. Hemenway, B., Libert, B., Ostrovsky, R., et al: ‘Lossy encryption: Constructions from general assumptions and efficient selective opening chosen ciphertext security’. ASIACRYPT 2011, Seoul, South Korea, 4–8 December 2011 (LNCS, 7073), pp. 7088.
    38. 38)
      • 30. Peikert, C., Waters, B.: ‘Lossy trapdoor functions and their applications’. 40th ACM STOC, Victoria, British Columbia, Canada, 17–20 May 2008, pp. 187196.
    39. 39)
      • 35. Kiltz, E., O'Neill, A., Smith, A.: ‘Instantiability of RSA-OAEP under chosen-plaintext attack’. CRYPTO 2010, Santa Barbara, CA, USA, 15–19 August 2010 (LNCS, 6223), pp. 295313.
    40. 40)
      • 45. Bellare, M., Rogaway, P.: ‘Random oracles are practical: a paradigm for designing efficient protocols’. ACM CCS 93, Fairfax, Virginia, USA, 3–5 November 1993, pp. 6273.
    41. 41)
      • 11. Hofheinz, D.: ‘All-but-many lossy trapdoor functions’. Pointcheval and Johansson [42], pp. 209227.
    42. 42)
      • 29. Peikert, C.: ‘Lattice cryptography for the internet’. Post-Quantum Cryptography – 6th International Workshop, PQCrypto 2014, Waterloo, ON, Canada, 1–3 October 2014 (LNCS, 8772), pp. 197219.
    43. 43)
      • 8. Böhl, F., Hofheinz, D., Kraschewski, D.: ‘On definitions of selective opening security’. PKC 2012, Darmstadt, Germany, 21–23 May 2012 (LNCS, 7293), pp. 522539.
    44. 44)
      • 31. Fujisaki, E.: ‘All-but-many encryptions: A new framework for fully-equipped UC commitments’. Cryptology ePrint Archive, Report 2012/379, 2012. http://eprint.iacr.org/.
    45. 45)
      • 9. Fehr, S., Hofheinz, D., Kiltz, E., et al: ‘Encryption schemes secure against chosen-ciphertext selective opening attacks’. EUROCRYPT 2010, French Riviera, 30 May–3 June 2010 (LNCS, 6110), pp. 381402.
    46. 46)
      • 42. Okamoto, T., Pointcheval, D.: ‘REACT: rapid enhanced-security asymmetric cryptosystem transform’. Naccache [36], pp. 159175.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2015.0507
Loading

Related content

content/journals/10.1049/iet-ifs.2015.0507
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address