Showing papers on "Optimal asymmetric encryption padding published in 1998"

Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1

Abstract: This paper introduces a new adaptive chosen ciphertext attack against certain protocols based on RSA. We show that an RSA private-key operation can be performed if the attacker has access to an oracle that, for any chosen ciphertext, returns only one bit telling whether the ciphertext corresponds to some unknown block of data encrypted using PKCS #1. An example of a protocol susceptible to our attack is SSL V.3.0.

Relations Among Notions of Security for Public-Key Encryption Schemes

Abstract: We compare the relative strengths of popular notions of security for public key encryption schemes. We consider the goals of privacy and non-malleability, each under chosen plaintext attack and two kinds of chosen ciphertext attack. For each of the resulting pairs of definitions we prove either an implication (every scheme meeting one notion must meet the other) or a separation (there is a scheme meeting one notion but not the other, assuming the first notion can be met at all). We similarly treat plaintext awareness, a notion of security in the random oracle model. An additional contribution of this paper is a new definition of non-malleability which we believe is simpler than the previous one.

PKCS #1: RSA Encryption Version 1.5

Abstract: This document describes a method for encrypting data using the RSA public-key cryptosystem. This memo provides information for the Internet community. It does not specify an Internet standard of any kind.

Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1

Abstract: This paper introduces a new adaptive chosen ciphertext attack against certain protocols based on RSA. We show that an RSA private-key operation can be performed if the attacker has access to an oracle that, for any chosen ciphertext, returns only one bit telling whether the ciphertext corresponds to some unknown block of data encrypted using PKCS #1. An example of a protocol susceptible to our attack is SSL V.3.0.

EPOC: Efficient Probabilistic Public-Key Encryption (Submission to P1363a)

Abstract: We describe a novel public-key cryptosystem, EPOC (Efficient Probabilistic Public-Key Encryption), which has two versions: EPOC-1 and EPOC-2. EPOC-1 is a public-key encryption system that uses a one-way trapdoor function and a random function (hash function). EPOC-2 is a public-key encryption system that uses a one-way trapdoor function, two random functions (hash functions) and a symmetric-key encryption (e.g., one-time padding and block-ciphers). EPOC has several outstanding properties as follows: 1. EPOC-1 is semantically secure or non-malleable against chosen ciphertext attacks (IND-CCA2 or NM-CCA2) in the random oracle model under the p-subgroup assumption, which is comparable to the quadratic residue and higher degree residue assumptions. 2. EPOC-2 with one-time padding is semantically secure or non-malleable against chosen ciphertext attacks (IND-CCA2 or NM-CCA2) in the random oracle model under the factoring assumption. 3. EPOC-2 with symmetric encryption is semantically secure or non-malleable against chosen ciphertext attacks (IND-CCA2 or NM-CCA2) in the random oracle model under the factoring assumption, if the underlying symmetric encryption is secure against passive attacks. 4. The trapdoor technique with EPOC is fundamentally different from any other previous scheme including RSA-Rabin and Diffie-Hellman-ElGamal. 5. Under the most practical environment in which public-key cryptosystems would be used, the encryption and decryption speeds of EPOC are comparable (several times slower) to those of elliptic curve cryptosystems. Compared with OAEP (RSA) with small e (e.g.,2 + 1), although the encryption speed of EPOC is slower than that of OAEP, the decryption speed is faster than that of OAEP. The encryption scheme described in this contribution is obtained by combining three results: one [25] on the trapdoor function technique is by Okamoto and Uchiyama, and the others [13, 14] on conversion techniques using random functions are by Fujisaki and Okamoto.