Open AccessProceedings Article
Optimal Asymmetric Encryption-How to Encrypt with RSA
Reads0
Chats0
TLDR
A slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which the adversary knows the corresponding plaintexts, and is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack.Abstract:
Given an arbitrary k-bit to k-bit trapdoor permutation f and a hash function, we exhibit an encryption scheme for which (i) any string x of length slightly less than k bits can be encrypted as f(rx), where rx is a simple probabilistic encoding of x depending on the hash function; and (ii) the scheme can be proven semantically secure assuming the hash function is “ideal.” Moreover, a slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which she “knows” the corresponding plaintexts—such a scheme is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack. Department of Computer Science & Engineering, Mail Code 0114, University of California at San Diego, 9500 Gilman Drive, La Jolla, CA 92093. E-mail: mihir@cs.ucsd.edu † Department of Computer Science, University of California at Davis, Davis, CA 95616, USA. E-mail: rogaway@cs.ucdavis.eduread more
Citations
More filters
Book ChapterDOI
Another look at “provable security”. II
Neal Koblitz,Alfred Menezes +1 more
TL;DR: In this paper, the question of how to interpret reduction arguments in cryptography is discussed and some examples to show the subtlety and difficulty of this question are given to illustrate the complexity of the problem.
Journal ArticleDOI
Dual RSA and Its Security Analysis
TL;DR: New variants of an RSA whose key generation algorithms output two distinct RSA key pairs having the same public and private exponents, called dual RSA, can be used in scenarios that require two instances of RSA with the advantage of reducing the storage requirements for the keys.
Journal ArticleDOI
Portable security transaction protocol
TL;DR: The Portal Security Transaction Protocol (PSTP) is a new signature technology that adds signature semantics to one-time password technology that provides cryptographic after-the-fact evidence of a transaction event in a secured log.
Book ChapterDOI
Power analysis by exploiting chosen message and internal collisions – vulnerability of checking mechanism for RSA-Decryption
TL;DR: A new side-channel vulnerability of cryptosystems implementation based on BRIP or square-multiply-always algorithm is pointed out by exploiting specially chosen input message of order two and further extension of the proposed attack is possible to develop more powerful attacks.
Proceedings ArticleDOI
Secure anonymous database search
TL;DR: To the knowledge of this work, this work is the first to address this specific need for secure anonymous search for large collections of private data, and also to present a secureAnonymous search system that is practical for real-time querying.
References
More filters
Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Proceedings ArticleDOI
Random oracles are practical: a paradigm for designing efficient protocols
Mihir Bellare,Phillip Rogaway +1 more
TL;DR: It is argued that the random oracles model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice, and yields protocols much more efficient than standard ones while retaining many of the advantages of provable security.
Proceedings Article
The MD5 Message-Digest Algorithm
TL;DR: This document describes the MD5 message-digest algorithm, which takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.
Journal ArticleDOI
A digital signature scheme secure against adaptive chosen-message attacks
TL;DR: A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message.
Related Papers (5)
Random oracles are practical: a paradigm for designing efficient protocols
Mihir Bellare,Phillip Rogaway +1 more
A method for obtaining digital signatures and public-key cryptosystems
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
Ronald Cramer,Victor Shoup +1 more