Open AccessProceedings Article
Optimal Asymmetric Encryption-How to Encrypt with RSA
Reads0
Chats0
TLDR
A slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which the adversary knows the corresponding plaintexts, and is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack.Abstract:
Given an arbitrary k-bit to k-bit trapdoor permutation f and a hash function, we exhibit an encryption scheme for which (i) any string x of length slightly less than k bits can be encrypted as f(rx), where rx is a simple probabilistic encoding of x depending on the hash function; and (ii) the scheme can be proven semantically secure assuming the hash function is “ideal.” Moreover, a slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which she “knows” the corresponding plaintexts—such a scheme is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack. Department of Computer Science & Engineering, Mail Code 0114, University of California at San Diego, 9500 Gilman Drive, La Jolla, CA 92093. E-mail: mihir@cs.ucsd.edu † Department of Computer Science, University of California at Davis, Davis, CA 95616, USA. E-mail: rogaway@cs.ucdavis.eduread more
Citations
More filters
Journal ArticleDOI
Multirecipient Encryption Schemes: How to Save on Bandwidth and Computation Without Sacrificing Security
TL;DR: A way to avoid ad hoc analyses is shown by providing a general test that can be applied to a standard encryption scheme to determine whether the associated randomness reusing MRES is secure.
Posted Content
The Random Oracle Model: A Twenty-Year Retrospective.
Neal Koblitz,Alfred Menezes +1 more
TL;DR: In this paper, the authors argue that there is no evidence that the need for the random oracle assumption in a proof indicates the presence of a real-world security weakness in the corresponding protocol.
Patent
Cryptographic method and apparatus
TL;DR: In this article, an identifier-based encryption process is used to encrypt a message with an identifier string that specifies conditions to be checked by a trusted entity before providing a decrypted form of the encrypted message, or enabling its decryption.
Journal ArticleDOI
Secure password-based cipher suite for TLS
TL;DR: In this paper, the integration of password-based key exchange protocol (DH-EKE) in the TLS protocol is proposed, which provides secure mutual authentication and key establishment over an insecure channel.
Journal ArticleDOI
A computational interpretation of Dolev-Yao adversaries
TL;DR: The Dolev-Yao model is a simple and useful framework in which to analyze security protocols, but it assumes that the adversary is extremely limited as discussed by the authors, and it is possible for the results of this model to remain valid even if the adversary was given additional power.
References
More filters
Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Proceedings ArticleDOI
Random oracles are practical: a paradigm for designing efficient protocols
Mihir Bellare,Phillip Rogaway +1 more
TL;DR: It is argued that the random oracles model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice, and yields protocols much more efficient than standard ones while retaining many of the advantages of provable security.
Proceedings Article
The MD5 Message-Digest Algorithm
TL;DR: This document describes the MD5 message-digest algorithm, which takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.
Journal ArticleDOI
A digital signature scheme secure against adaptive chosen-message attacks
TL;DR: A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message.
Related Papers (5)
Random oracles are practical: a paradigm for designing efficient protocols
Mihir Bellare,Phillip Rogaway +1 more
A method for obtaining digital signatures and public-key cryptosystems
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
Ronald Cramer,Victor Shoup +1 more