Optimal asymmetric encryption padding

About: Optimal asymmetric encryption padding is a research topic. Over the lifetime, 299 publications have been published within this topic receiving 43101 citations. The topic is also known as: OAEP.

Better security for deterministic public-key encryption: the auxiliary-input setting

Abstract: Deterministic public-key encryption, introduced by Bellare, Boldyreva, and O'Neill (CRYPTO '07), provides an alternative to randomized public-key encryption in various scenarios where the latter exhibits inherent drawbacks. A deterministic encryption algorithm, however, cannot satisfy any meaningful notion of security when the plaintext is distributed over a small set. Bellare et al. addressed this difficulty by requiring semantic security to hold only when the plaintext has high min-entropy from the adversary's point of view. In many applications, however, an adversary may obtain auxiliary information that is related to the plaintext. Specifically, when deterministic encryption is used as a building block of a larger system, it is rather likely that plaintexts do not have high min-entropy from the adversary's point of view. In such cases, the framework of Bellare et al. might fall short from providing robust security guarantees. We formalize a framework for studying the security of deterministic public-key encryption schemes with respect to auxiliary inputs. Given the trivial requirement that the plaintext should not be efficiently recoverable from the auxiliary input, we focus on hard-to-invert auxiliary inputs. Within this framework, we propose two schemes: the first is based on the decisional Diffie-Hellman (and, more generally, on the d-linear) assumption, and the second is based on a rather general class of subgroup indistinguishability assumptions (including, in particular, quadratic residuosity and Paillier's composite residuosity). Our schemes are secure with respect to any auxiliary input that is subexponentially hard to invert (assuming the standard hardness of the underlying computational assumptions). In addition, our first scheme is secure even in the multi-user setting where related plaintexts may be encrypted under multiple public keys. Constructing a scheme that is secure in the multi-user setting (even without considering auxiliary inputs) was identified by Bellare et al. as an important open problem.

Asymmetric cryptography with S-Boxes

Abstract: In this paper, we study some new “candidate” asymmetric cryptosystems based on the idea of hiding one or two rounds of small S-box computations with secret functions of degree one or two. The C” scheme of [10] (when its n i values are small can be seen as a very special case of these schemes. This C” scheme was broken in [11] due to unexpected algebraic properties. In the new schemes, those algebraic properties generally do not exist. Nevertheless, we will see that most of the “new” algorithms can also be broken and we deduce some very different cryptanalysis of C”.

On the security properties of OAEP as an All-or-Nothing transform

Abstract: This paper studies All-or-Nothing Transforms (AONTs). which have been proposed by Rivest as a mode of operation for block ciphers. An AONT is an unkeyed, invertible, randomized transformation, with the property that it is hard to invert unless all of the output is tion, with the property that it is hard to invert unless all of the output is known. Applications of AONTs mclude improving the security and speed of encryption. We give several formal definitions of security for AONTs that are stronger and more suited to practical applications than the original definitions. We then prove that Optimal Asymmetric Encryption Padding (OAEP) satisfies these definitions (in the random oracle model). This is the first construction of an AONT that has been proven secure in the strong sense. Our bound on the adversary's advantage is nearly optimal, in the sense that no adversary can do substantially better against the OAEP than by exliaustive search We also show that no AONT can achieve substantially better security than OAEP.

Construction of a non-malleable encryption scheme from any semantically secure one

Abstract: There are several candidate semantically secure encryption schemes, yet in many applications non-malleability of encryptions is crucial. We show how to transform any semantically secure encryption scheme into one that is non-malleable for arbitrarily many messages.

A Secure Channel Free Public Key Encryption with Keyword Search Scheme without Random Oracle

Abstract: The public key encryption with keyword Search (PEKS) scheme, proposed by Boneh, Di Crescenzo, Ostrovsky and Persiano, enables one to search for encrypted keywords without compromising the security of the original data. Baek et al. noticed that the original notion of PEKS requires the existence of a secure channel, and they further extended this notion by proposing an efficient secure channel free public key encryption scheme with keyword search in the random oracle model. In this paper, we take one step forward by adopting Baek et al. 's model and propose a new and efficient scheme that does not require any secure channels, and furthermore, its security does not use random oracles.