Showing papers on "Optimal asymmetric encryption padding published in 2013"

Secure Integration of Asymmetric and Symmetric Encryption Schemes

Abstract: This paper presents a generic conversion from weak asymmetric and symmetric encryption schemes to an asymmetric encryption scheme that is chosen-ciphertext secure in the random oracle model. Our conversion is the first generic transformation from an arbitrary one-way asymmetric encryption scheme to a chosen-ciphertext secure asymmetric encryption scheme in the random oracle model.

Instantiating Random Oracles via UCEs

Abstract: This paper provides a (standard-model) notion of security for (keyed) hash functions, called UCE, that we show enables instantiation of random oracles (ROs) in a fairly broad and systematic way. Goals and schemes we consider include deterministic PKE; message-locked encryption; hardcore functions; point-function obfuscation; OAEP; encryption secure for key-dependent messages; encryption secure under related-key attack; proofs of storage; and adaptively-secure garbled circuits with short tokens. We can take existing, natural and efficient ROM schemes and show that the instantiated scheme resulting from replacing the RO with a UCE function is secure in the standard model. In several cases this results in the first standard-model schemes for these goals. The definition of UCE-security itself is quite simple, asking that outputs of the function look random given some “leakage,” even if the adversary knows the key, as long as the leakage does not permit the adversary to compute the inputs.

Simple Matrix Scheme for Encryption

Abstract: There are several attempts to build asymmetric pubic key encryption schemes based on multivariate polynomials of degree two over a finite field. However, most of them are insecure. The common defect in many of them comes from the fact that certain quadratic forms associated with their central maps have low rank, which makes them vulnerable to the MinRank attack. We propose a new simple and efficient multivariate pubic key encryption scheme based on matrix multiplication, which does not have such a low rank property. The new scheme will be called Simple Matrix Scheme or ABC in short. We also propose some parameters for practical and secure implementation.

A Framework for Automated Security Proof and its Application to OAEP

Abstract: OAEP is a widely used public-key encryption scheme based on trapdoor permutation. Its security proof has been scrutinized and amended repeatedly. In this paper we present a automatically proof for IND-CCA2 security of OAEP, which is completed by a framework for mechanized security proof, without any human intervention. The framework is built on the base of probabilistic polynomial-time process calculus, and capable of dealing with padding-based encryption schemes. We provide an overview of the proof instance and explain several crucial steps of the game transformation.

An enhanced encryption algorithm for video based on multiple Huffman tables

Abstract: Encryption is one of the fundamental technologies that is used in the security of multimedia data. Unlike ordinary computer applications, multimedia applications generate large amount of data that has to be processed in real time. This work investigates the problem of efficient multimedia data encryption. A scheme known as the Randomized Huffman Table scheme was recently proposed to achieve encryption along with compression. Though this scheme has several advantages it cannot overcome the chosen plaintext attack. An enhancement of this Huffman scheme is proposed in this work which essentially overcomes the attack and improves the security. The proposed encryption approach consists of two modules. The first module is the Randomized Huffman Table module, the output of which is fed to the second XOR module to enhance the performance. Security analysis shows that the proposed scheme can withstand the chosen plaintext attack. The efficiency and security of the proposed scheme makes it an ideal choice for real time secure multimedia applications.

Black-box construction of a more than non-malleable CCA1 encryption scheme from plaintext awareness

Abstract: We construct a Non-Malleable Chosen Ciphertext Attack NM-CCA1 encryption scheme from any encryption scheme that is also plaintext aware and weakly simulatable. We believe this is the first construction of a NM-CCA1 scheme that follows strictly from encryption schemes with seemingly weaker or incomparable security definitions to NM-CCA1.Previously, the statistical Plaintext Awareness #1 PA1 notion was only known to imply CCA1. Our result is therefore novel because unlike the case of Chosen Plaintext Attack CPA and Chosen Chiphertext Attack CCA2, it is unknown whether a CCA1 scheme can be transformed into an NM-CCA1 scheme. Additionally, we show both the Damgard Elgamal Scheme DEG [in: CRYPTO, J. Feigenbaum, ed., Lecture Notes in Computer Science, Vol. 576, Springer, 1991, pp. 445--456] and the Cramer--Shoup Lite Scheme CS-Lite [SIAM J. Comput. 331 2003, 167--226] are weakly simulatable under the DDH assumption. Since both are known to be statistical Plaintext Aware 1 PA1 under the Diffie--Hellman Knowledge DHK assumption, they instantiate our scheme securely.Furthermore, in response to a question posed by Matsuda and Matsuura [in: Public Key Cryptography, D. Catalano, N. Fazio, R. Gennaro and A. Nicolosi, eds, Lecture Notes in Computer Science, Vol. 6571, Springer, 2011, pp. 246--264], we define cNM-CCA1-security in which an NM-CCA1-adversary is permitted to ask a c≥1 number of parallel queries after receiving the challenge ciphertext. We extend our construction to yield a cNM-CCA1 scheme for any constant c. All of our constructions are black-box.

Padding Oracle Attack on PKCS#1 v1.5: Can Non-standard Implementation Act as a Shelter?

Abstract: In the past decade, Padding Oracle Attacks (POAs) have become a major threat to PKCS#1 v1.5. Although the updated scheme (OAEP) has solved this problem, PKCS#1 v1.5 is still widely deployed in various real-life applications. Among these applications, it is not hard to find that some implementations do not follow PKCS#1 v1.5 step-by-step. Some of these non-standard implementations provide different padding oracles, which causes standard POA to fail. In this paper, we show that although these implementations can avoid the threat of standard POA, they may still be vulnerable to POA in some way. Our study mainly focuses on two cases of non-standard implementations. The first one only performs the "0x00 separator" check in the decryption process; while the other one does not check for the second byte. Although standard POA cannot be directly applied, we can still build efficient padding oracle attacks on these implementations. Moreover, we give the mathematical analysis of the correctness and performance of our attacks. Experiments show that, one of our attacks only takes about 13 000 oracle calls to crack a valid ciphertext under a 1024-bit RSA key, which is even more efficient than attacks on standard PKCS#1 v1.5 implementation. We hope our work could serve as a warning for security engineers: secure implementation requires joint efforts from all participants, rather than simple implementation tricks.

Identity-Based Mediated RSA Revisited

Abstract: In SSYM 2001, Boneh, Ding, Tsudik and Wong presented encryption and signature schemes based on the identity-based mediated RSA (ID-MRSA), in which the users are not allowed to decrypt/sign messages without the permission of a security mediator (the SEM). This allows a simple key revocation. Subsequently, in CT-RSA 2003, Ding and Tsudik presented a security proof for these schemes. In particular, they stated that 'IB-mRSA/OAEP encryption offers equivalent the semantic security to RSA/OAEP against adaptive chosen ciphertext attacks in the random oracle model if the key generation function is division intractable'. To make the key generation function division intractable, Ding and Tsudik used a division intractable hash function to generate division intractable public keys. In this paper, we show that using a division intractable hash function does not necessarily mean that the key generation function is division intractable. We also modify the ID-MRSA so that the generated keys are always division intractable. We also show that these modifications do not passively affect the efficiency of the ID-MRSA.

Chosen plaintext attacking "cryptanalysis of hyper-chaotic image encryption algorithm and its improved version"

Abstract: This paper introduced chosen plaintext attack.The target of the attack was an image encryption algorithm based on a hyper chaotic system whose disadvantages were vulnerable encryption methods of choosing elementary transformation and exclusive-or operation.Attack algorithm in which three characteristic plaintext matrices were given and the encryption key was unknown was utilized to attack the target algorithm.According to the result,chosen plaintext attack can decode this algorithm.

Generic Construction of Strongly Secure Timed-Release Public-Key Encryption

Abstract: This paper provides a sufficient condition to construct timedrelease public-key encryption (TRPKE), where the constructed TRPKE scheme guarantees strong security against malicious time servers, proposed by Chow et al., and strong security against malicious receivers, defined by Cathalo et al., in the random oracle model if the component IBE scheme is IND-ID-CPA secure, the component PKE scheme is IND-CPA secure, and the PKE scheme satisfies negligible ?-uniformity for every public key. Chow et al. proposed a strongly secure TRPKE scheme, which is concrete in the standard model. To the best of our knowledge, the proposed construction is the first generic one for TRPKE that guarantees strong security even in the random oracle model.

Algorithm Based on Arnold and RSA for Optimal Selection of Large Prime Numbers in Image Encryption

Abstract: An algorithm based on Arnold and RSA for optimal selection of large prime numbers in image encryption is proposed,including the Arnold transform and the RSA encryption algorithm.On the basis of the traditional RSA algorithm,this method proposed a scheme of the random selection of large prime numbers using the passage of time as the seed.Experimental results show that this method has high security,the decrypted image has a certain degree of robustness to additive noise attack.

Analysis of RSA Encryption Algorithm

Abstract: RSA algorithm can not only be used for data encryption,but also be used for digital signature,and detect the primes al gorithm,so it is one of the most influential public-key encryption algorithm,which can resist all known password-attacks.Its se curity depends on the difficulty of large prime factorization.This paper mainly introduces the principle of RSA encryption algo rithm,the encryption and decryption process,the presence of attacks,as well as the parameter selection.

Instantiating Random Oracles via UCEs.

Abstract: This paper provides a (standard-model) notion of security for (keyed) hash functions, called UCE, that we show enables instantiation of random oracles (ROs) in a fairly broad and systematic way. Goals and schemes we consider include deterministic PKE, message-locked encryption, hardcore functions, pointfunction obfuscation, OAEP, encryption secure for key-dependent messages, encryption secure under related-key attack, proofs of storage and adaptively-secure garbled circuits with short tokens. We can take existing, natural and efficient ROM schemes and show that the instantiated scheme resulting from replacing the RO with a UCE function is secure in the standard model. In several cases this results in the first standard-model schemes for these goals. The definition of UCE-security itself asks that outputs of the function look random given some “leakage,” even if the adversary knows the key, as long as the leakage is appropriately restricted. 1 Department of Computer Science & Engineering, University of California San Diego, 9500 Gilman Drive, La Jolla, California 92093, USA. Email: mihir@eng.ucsd.edu. URL: http://cseweb.ucsd.edu/~mihir/. Supported in part by NSF grants CNS-0904380, CCF-0915675, CNS-1116800 and CNS-1228890. 2 Department of Computer Science & Engineering, University of California San Diego, 9500 Gilman Drive, La Jolla, California 92093, USA. Email: vth005@eng.ucsd.edu. URL: http://csiflabs.cs.ucdavis.edu/~tvhoang/. Supported in part by NSF grants CNS-0904380, CCF-0915675, CNS-1116800 and CNS-1228890. Part of this work was done when Hoang was a Ph.D. student at University of California, Davis and supported in part by NSF grants CNS-0904380 and CNS-1228890. 3 Work done while at UCSD, supported in part by NSF grants CCF-0915675 and CNS-1116800.

RSA-OAEP is RKA Secure

Abstract: In this paper we show that RSA-OAEP is secure against related key attacks (RKA) in the random oracle model under the strong RSA (sRSA) assumption. The key related functions can be affine functions. Compared to the chosen ciphertext security proof of OAEP, we overcome two major obstacles: answering the decryption queries under related keys; and preventing the adversary from promoting queries that are corresponding to the same message with the challenge ciphertext. These two obstacles also exist in the RKA security proof of RSA-OAEP+ and RSA-SAEP\(^+\). By combining our technique and the chosen ciphertext security proofs, RSA-OAEP+ and RSA-SAEP\(^+\) can also be proved RKA secure. In our proof, the security of the scheme relies substantially on the algebraic property of the sRSA function.

Efficient CCA-secure Threshold Public-Key Encryption Scheme.

Abstract: In threshold public-key encryption, the decryption key is divided into n shares, each one of which is given to a different decryption user in order to avoid single points of failure. In this study, we propose a simple and efficient non-interactive threshold publickey encryption scheme by using the hashed Diffie-Hellman assumption in bilinear groups. Compared with the other related constructions, the proposed scheme is more efficient.

URDP: General Framework for Direct CCA2 Security from any Lattice-Based PKE Scheme

Abstract: Design efficient lattice-based cryptosystem secure against adaptive chosen ciphertext attack (IND-CCA2) is a challenge problem. To the date, full CCA2-security of all proposed lattice-based PKE schemes achieved by using a generic transformations such as either strongly unforgeable one-time signature schemes (SU-OT-SS), or a message authentication code (MAC) and weak form of commitment. The drawback of these schemes is that encryption requires "separate encryption". Therefore, the resulting encryption scheme is not sufficiently efficient to be used in practice and it is inappropriate for many applications such as small ubiquitous computing devices with limited resources such as smart cards, active RFID tags, wireless sensor networks and other embedded devices. In this work, for the first time, we introduce an efficient universal random data padding (URDP) scheme, and show how it can be used to construct a "direct" CCA2-secure encryption scheme from "any" worst-case hardness problems in (ideal) lattice in the standard model, resolving a problem that has remained open till date. This novel approach is a "black-box" construction and leads to the elimination of separate encryption, as it avoids using general transformation from CPA-secure scheme to a CCA2-secure one. IND-CCA2 security of this scheme can be tightly reduced in the standard model to the assumption that the underlying primitive is an one-way trapdoor function.