Topic
Optimal asymmetric encryption padding
About: Optimal asymmetric encryption padding is a research topic. Over the lifetime, 299 publications have been published within this topic receiving 43101 citations. The topic is also known as: OAEP.
Papers published on a yearly basis
Papers
More filters
05 Dec 2004
TL;DR: The OAEP construction is already 10 years old and well-established in many practical applications, but for the main application (with the RSA permutation family) this intractability assumption is equivalent to the classical (full-domain) one-wayness, but at the cost of an extra quadratic-time reduction.
Abstract: The OAEP construction is already 10 years old and well-established in many practical applications. But after some doubts about its actual security level, four years ago, the first efficient and provably IND-CCA1 secure encryption padding was formally and fully proven to achieve the expected IND-CCA2 security level, when used with any trapdoor permutation. Even if it requires the partial-domain one-wayness of the permutation, for the main application (with the RSA permutation family) this intractability assumption is equivalent to the classical (full-domain) one-wayness, but at the cost of an extra quadratic-time reduction. The security proof which was already not very tight to the RSA problem is thus much worse.
44 citations
16 Apr 2007
TL;DR: This paper provides the first realization of parallel key-insulated encryption without the random oracle idealization, and describes the relationships between two seemingly unrelated primitives using bilinear maps.
Abstract: Key-insulated cryptography is a crucial technique for protecting private keys. To strengthen the security of key-insulated protocols, Hanaoka, Hanaoka and Imai recently introduced the idea of parallel key-insulated encryption (PKIE) where distinct physically-secure devices (called helpers) are independently used in key updates. Their motivation was to reduce the risk of exposure for helpers by decreasing the frequency of their connections to insecure environments. Hanaoka et al. showed that it was non-trivial to achieve a PKIE scheme fitting their model and proposed a construction based on the Boneh-Franklin identity-based encryption (IBE) scheme. The security of their system was only analyzed in the idealized random oracle model. In this paper, we provide a fairly efficient scheme which is secure in the standard model (i.e. without random oracles). To do so, we first show the existence of a relation between PKIE and the notion of aggregate signatures (AS) suggested by Boneh et al. We then describe our random oracle-free construction using bilinear maps. Thus, our contributions are both on the concrete side, namely the first realization of parallel key-insulated encryption without the random oracle idealization, and on the conceptual side revealing the relationships between two seemingly unrelated primitives.
43 citations
TL;DR: This paper successfully broke the scheme with the chosen plaintext attack method and showed that all kinds of DNA encoding and decoding schemes used in this encryption scheme are equivalent to each other, which makes it a confusion-only encryption scheme.
42 citations
04 May 2003
TL;DR: Concerns about methods from provable security, that had been developped for the last twenty years within the research community, and the fact that proofs themselves need time to be validated through public discussion was somehow overlooked are discussed.
Abstract: Recently, methods from provable security, that had been developped for the last twenty years within the research community, have been extensively used to support emerging standards. This in turn has led researchers as well as practitioners to raise some concerns about this methodology. Should provable security be restricted to the standard computational model or can it rely on the so-called random oracle model? In the latter case, what is the practical meaning of security estimates obtained using this model? Also, the fact that proofs themselves need time to be validated through public discussion was somehow overlooked. Building on two case studies, we discuss these concerns. One example covers the public key encryption formatting scheme OAEP originally proposed in [3]. The other comes from the area of signature schemes and is related to the security proof of ESIGN [43]. Both examples show that provable security is more subtle than it at first appears.
41 citations
07 Apr 2008
TL;DR: The proposed RSA encryption scheme is based on linear group over the ring of integer mod a composite modulus n which is the product of two distinct prime numbers and is claimed to be efficient, scalable and dynamic.
Abstract: In this paper, we propose an efficient RSA public key encryption scheme, which is improved version of original RSA scheme. The proposed RSA encryption scheme is based on linear group over the ring of integer mod a composite modulus n which is the product of two distinct prime numbers. In the proposed scheme the original message and the encrypted message are h x h square matrices with entities in zn indicated via l(h, zn) . Since the original RSA Scheme is a block cipher in which the original message and cipher message are integer in the interval [0, n -1] for some integer modulus n. Therefore, in this paper, we generalize RSA encryption scheme in order to be implemented in the general linear group on the ring of integer mod n. Furthermore, the suggested encryption scheme has no restriction in encryption and decryption order and is claimed to be efficient, scalable and dynamic.
40 citations