Showing papers on "Optimal asymmetric encryption padding published in 2008"
17 Aug 2008
TL;DR: This work proposes a slightly weaker notion of security, saying that no partial information about encrypted messages should be leaked as long as each message is a-priori hard-to-guess given the others, and shows equivalence of this definition to single-message and indistinguishability-based ones, which are easier to work with.
Abstract: The study of deterministic public-key encryption was initiated by Bellare et al. (CRYPTO '07), who provided the "strongest possible" notion of security for this primitive (called PRIV) and constructions in the random oracle (RO) model. We focus on constructing efficient deterministic encryption schemes withoutrandom oracles. To do so, we propose a slightly weaker notion of security, saying that no partial information about encrypted messages should be leaked as long as each message is a-priori hard-to-guess given the others(while PRIV did not have the latter restriction). Nevertheless, we argue that this version seems adequate for many practical applications. We show equivalence of this definition to single-message and indistinguishability-based ones, which are easier to work with. Then we give general constructions of both chosen-plaintext (CPA) and chosen-ciphertext-attack (CCA) secure deterministic encryption schemes, as well as efficient instantiations of them under standard number-theoretic assumptions. Our constructions build on the recently-introduced framework of Peikert and Waters (STOC '08) for constructing CCA-secure probabilisticencryption schemes, extending it to the deterministic-encryption setting as well.
257 citations
17 Aug 2008
TL;DR: In this article, the authors strengthen the foundations of deterministic public-key encryption via definitional equivalences and standard-model constructs based on general assumptions, and show relations between deterministic and standard (randomized) encryption.
Abstract: We strengthen the foundations of deterministic public-key encryption via definitional equivalences and standard-model constructs based on general assumptions. Specifically we consider seven notions of privacy for deterministic encryption, including six forms of semantic security and an indistinguishability notion, and show them all equivalent. We then present a deterministic scheme for the secure encryption of uniformly and independently distributed messages based solely on the existence of trapdoor one-way permutations. We show a generalization of the construction that allows secure deterministic encryption of independent high-entropy messages. Finally we show relations between deterministic and standard (randomized) encryption.
188 citations
07 Dec 2008
TL;DR: It is shown that the OAEP encryption scheme (using a partial-domain one-way function) satisfies the strong notion of adKDM security in the random oracle model and constitutes a suitable candidate for implementating symbolic abstractions of encryption schemes in a computationally sound manner under active adversaries.
Abstract: Key-dependent message security, short KDM security, was introduced by Black, Rogaway and Shrimpton to address the case where key cycles occur among encryptions, e.g., a key is encrypted with itself. We extend this definition to include the cases of adaptive corruptions and arbitrary active attacks, called adKDM security incorporating several novel design choices and substantially differing from prior definitions for public-key security. We also show that the OAEP encryption scheme (using a partial-domain one-way function) satisfies the strong notion of adKDM security in the random oracle model.The OAEP construction thus constitutes a suitable candidate for implementating symbolic abstractions of encryption schemes in a computationally sound manner under active adversaries.
47 citations
27 Oct 2008
TL;DR: An automated procedure for analyzing generic asymmetric encryption schemes in the random oracle model is presented and it has been applied to several examples of encryption schemes among which the construction of Bellare-Rogaway 1993, of Pointcheval at PKC'2000 and REACT.
Abstract: Chosen-ciphertext security is by now a standard security property for asymmetric encryption. Many generic constructions for building secure cryptosystems from primitives with lower level of security have been proposed. Providing security proofs has also become standard practice. There is, however, a lack of automated verification procedures that analyze such cryptosystems and provide security proofs. This paper presents an automated procedure for analyzing generic asymmetric encryption schemes in the random oracle model. It has been applied to several examples of encryption schemes among which the construction of Bellare-Rogaway 1993, of Pointcheval at PKC'2000 and REACT.
46 citations
07 Apr 2008
TL;DR: The proposed RSA encryption scheme is based on linear group over the ring of integer mod a composite modulus n which is the product of two distinct prime numbers and is claimed to be efficient, scalable and dynamic.
Abstract: In this paper, we propose an efficient RSA public key encryption scheme, which is improved version of original RSA scheme. The proposed RSA encryption scheme is based on linear group over the ring of integer mod a composite modulus n which is the product of two distinct prime numbers. In the proposed scheme the original message and the encrypted message are h x h square matrices with entities in zn indicated via l(h, zn) . Since the original RSA Scheme is a block cipher in which the original message and cipher message are integer in the interval [0, n -1] for some integer modulus n. Therefore, in this paper, we generalize RSA encryption scheme in order to be implemented in the general linear group on the ring of integer mod n. Furthermore, the suggested encryption scheme has no restriction in encryption and decryption order and is claimed to be efficient, scalable and dynamic.
40 citations
10 Sep 2008
TL;DR: New security models and proofs for CBC mode (with padding) in the chosen-plaintext setting are developed and it is shown that an existing padding method, OZ-PAD, provably resists Vaudenay's original attack, even though it does not attain the indistinguishability notion.
Abstract: Padding oracle attacks against CBC mode encryption were introduced by Vaudenay They are a powerful class of side-channel, plaintext recovering attacks which have been shown to work in practice against CBC mode when it is implemented in specific ways in software In particular, padding oracle attacks have been demonstrated for certain implementations of SSL/TLS and IPsec In this paper, we extend the theory of provable security for symmetric encryption to incorporate padding oracle attacks We develop new security models and proofs for CBC mode (with padding) in the chosen-plaintext setting These models show how to select padding schemes which provably provide a strong security notion (indistinguishability of encryptions) in the face of padding oracle attacks We also show that an existing padding method, OZ-PAD, that is recommended for use with CBC mode in ISO/IEC 10116:2006, provably resists Vaudenay's original attack, even though it does not attain our indistinguishability notion
19 citations
22 Apr 2008
TL;DR: A novel key exchange protocol based on RSA-OAEP cryptosystem was presented, which is efficient in computation and communication and can provide mutual authentication, forward secrecy and key freshness, which are standard security attributes that key exchange protocols should have.
Abstract: Optimal asymmetric encryption padding (OAEP) is widely accepted because of its provable security and practicability. In this paper, a novel key exchange protocol based on RSA-OAEP cryptosystem was presented. The protocol is efficient in computation and communication. It is secure against known key attack and eavesdrop attack. It also can provide mutual authentication, forward secrecy and key freshness, which are standard security attributes that key exchange protocols should have.
8 citations
TL;DR: Through the simulation of software, the encryption transmission of binary image is realized and the improvement of the RSA iterative encryption effect is validated.
Abstract: Based on the RSA public key cryptosystem, in this article, we put forward one sort of iterative encryption scheme based on RSA. The multiple keys can make attackers’ attacks to the system more difficult and further enhance the security of the key. Through the simulation of software, we realize the encryption transmission of binary image and validate the improvement of the RSA iterative encryption effect.
3 citations
24 Apr 2008
TL;DR: In this article, a revision of the security proof is presented to fix the flaw in the original security proof by Bellare and Rogaway, and compared with some existing improved prove methods, the revised proof is applicable for the underlying trapdoor permutation being a general case.
Abstract: OAEP is widely accepted because of its provable security and practicability. However, there was a twist in the security proof in the random oracle model. Shoup revealed a flaw in the original security proof by Bellare and Rogaway. In this paper, a revision of the security proof is presented to fix the flaw. Furthermore, compared with some existing improved prove methods, the revised proof is applicable for the underlying trapdoor permutation being a general case.
2 citations
TL;DR: It is shown that with the padding scheme the simple CBC encryption mode becomes strong to defeat the padding oracle attacks.
Abstract: We propose a new random padding scheme for symmetric key block encryption. In the padding scheme, a padding string is key-dependent and almost random. Thus, the padding string causes extreme low information leakage to the adversary with ciphertext-only manner. The intention to collect plaintext-ciphertext pairs relating to the underlying secret key from padding strings becomes very difficult. We also show that with the padding scheme the simple CBC encryption mode becomes strong to defeat the padding oracle attacks.
1 citations
Journal Article•
TL;DR: Under the full domain one wayness assumption of NTRU, EPN had been proved indistinguishable from adaptive chosen ciphertext attack by using the Game-Hopping technology in the random oracle model.
Abstract: Known as the fastest public key cryptosystem available now,the provable security of NTRU has not been solved well.an encryption padding,called EPN was designed,for NTRU.Under the full domain one wayness assumption of NTRU,EPN had been proved indistinguishable from adaptive chosen ciphertext attack by using the Game-Hopping technology in the random oracle model.Compared with present NAEP available,implement efficiency of EPN improves by 25%.
TL;DR: The partial and full instantiations of random oracles in optimal asymmetric encryption padding implemented by pseudorandom functions are described and the resulted schemes are proven to be indistinguishable secure against adaptive chosen ciphertext attack (IND-CCA2) secure.
Abstract: This paper focuses on the instantiation of random oracles in public key encryption schemes. A misunderstanding in the former instantiations is pointed out and analyzed. A method of using this primitive as a substitution of random oracles is also proposed. The partial and full instantiations of random oracles in optimal asymmetric encryption padding (OAEP) implemented by pseudorandom functions are described and the resulted schemes are proven to be indistinguishable secure against adaptive chosen ciphertext attack (IND-CCA2) secure. Using this method, one can transform a practical public key encryption scheme secure in the random oracle model into a standard-model secure scheme. The security of the scheme is based on computational assumptions, which is weaker than decisional assumptions used in Cramer-Shoup like schemes.
TL;DR: Two new constructions of chosen-ciphertext secure fuzzy identity-based encryption (fuzzy-IBE) schemes without random oracle are proposed.
Abstract: Two new constructions of chosen-ciphertext secure fuzzy identity-based encryption (fuzzy-IBE) schemes without random oracle are proposed. The first scheme combines the modification of chosen-plaintext secure Sahai and Waters’ “large universe” construction and authenticated symmetric encryption, and uses consistency checking to handle with ill-formed ciphertexts to achieve chosen-ciphertext security in the selective ID model. The second scheme improves the efficiency of first scheme by eliminating consistency checking. This improved scheme is more efficient than existing chosen-ciphertext secure fuzzy-IBE scheme in the standard model.
Journal Article•
TL;DR: A method used in the transmission system is proposed, based on RSA algorithm and symmetric encryption algorithm, which meets the requirement of security level and computation speed.
Posted Content•
TL;DR: In the random oracle model, this article proposed an IND-CCA secure scheme whose ciphertext overhead matches the generic lower bound up to a small constant, where the difference between the length of a ciphertext and the embedded message is called the ciphertext overheads.
Abstract: Every public-key encryption scheme has to incorporate a certain amount of randomness into its ciphertexts to provide semantic security against chosen ciphertext attacks (IND-CCA). The difference between the length of a ciphertext and the embedded message is called the ciphertext overhead. While a generic brute-force adversary running in 2 steps gives a theoretical lower bound of t bits on the ciphertext overhead for IND-CPA security, the best known IND-CCA secure schemes demand roughly 2t bits even in the random oracle model. Is the t-bit gap essential for achieving IND-CCA security? We close the gap by proposing an IND-CCA secure scheme whose ciphertext overhead matches the generic lower bound up to a small constant. Our scheme uses a variation of a four-round Feistel network in the random oracle model and hence belongs to the family of OAEP-based schemes. Maybe of independent interest is a new efficient method to encrypt long messages exceeding the length of the permutation while retaining the minimal overhead.
01 Jan 2008
TL;DR: This paper presents an automated procedure for analysing generic asymmetric encryption schemes in the random oracle model and applies it to several examples of encryption schemes.
Abstract: Chosen-ciphertext security is by now a standard security property for asymmetric encryption. Many generic constructions for building secure cryptosystems from primitives with lower level of security have been proposed. Providing security proofs has also become standard practice. There is, however, a lack of automated verification procedures that analyse such crypto systems and provide security proofs. This paper presents an automated procedure for analysing generic asymmetric encryption schemes in the random oracle model. It has been applied to several examples of encryption schemes.
18 Nov 2008
TL;DR: A new identity-based encryption scheme, which has short system parameters and is provably secure in the random oracle model is built, and it is shown that the scheme is efficient too.
Abstract: In this paper we build a new identity-based encryption scheme, which has short system parameters and is provably secure in the random oracle model. Comparing with the identity-based encryption scheme proposed by gentry, we all has short system parameters, but in contrast the security of our identity-based encryption scheme based on a stronger and commonly used assumption, namely bilinear decision Diffie-HelIman assumption. So informally, our identity-based encryption scheme is more secure. At last, by comparing the degree of reduction with the identity-based encryption scheme proposed by Boneh and Franklin, we can show that our scheme is efficient too.