Topic
Optimal asymmetric encryption padding
About: Optimal asymmetric encryption padding is a research topic. Over the lifetime, 299 publications have been published within this topic receiving 43101 citations. The topic is also known as: OAEP.
Papers published on a yearly basis
Papers
More filters
TL;DR: Two variants of Rebalanced-RSA are introduced in which the public exponent e is much smaller than the modulus, thus reducing the encryption costs, while still maintaining low decryption costs.
15 citations
16 Aug 2015
TL;DR: These constructions of several fundamental cryptographic primitives based on a new encryption primitive that combines circular security for bit encryption with the so-called reproducibility property demonstrate a new set of applications of circularly-secure encryption beyond fully-homomorphic encryption and symbolic soundness.
Abstract: We give generic constructions of several fundamental cryptographic primitives based on a new encryption primitive that combines circular security for bit encryption with the so-called reproducibility property (Bellare et al. PKC 2003). At the heart of our constructions is a novel technique which gives a way of de-randomizing reproducible public-key bit-encryption schemes and also a way of reducing one-wayness conditions of a constructed trapdoor-function family (TDF) to circular security of the base scheme. The main primitives that we build from our encryption primitive include k-wise one-way TDFs (Rosen and Segev TCC 2009), CCA2-secure encryption and deterministic encryption. Our results demonstrate a new set of applications of circularly-secure encryption beyond fully-homomorphic encryption and symbolic soundness. Finally, we show the plausibility of our assumptions by showing that the DDH-based circularly-secure scheme of Boneh et al. (Crypto 2008) and the subgroup indistinguishability based scheme of Brakerski and Goldwasser (Crypto 2010) are both reproducible.
14 citations
18 Feb 2002
TL;DR: This paper shows how to securely combine a simple encryption scheme with a proof of knowledge made noninteractive with a hash function to create encryption schemes that offer security against adaptive chosen ciphertext attacks.
Abstract: To create encryption schemes that offer security against adaptive chosen ciphertext attacks, this paper shows how to securely combine a simple encryption scheme with a proof of knowledge made noninteractive with a hash function. A typical example would be combining the ElGamal encryption scheme with the Schnorr signature scheme. While the straightforward combination will fail to provide security in the random oracle model, we present a class of encryption schemes that uses a proof of knowledge where the security can be proven based on the random oracle assumption and the number theoretic assumptions. The resulting schemes are useful as any casual party can be assured of the (in)validity of the ciphertexts.
14 citations
TL;DR: A framework for studying the security of deterministic public-key encryption schemes with respect to auxiliary inputs is formalized and two schemes are proposed based on the d-linear assumption for any d≥1 (including, in particular, the decisional Diffie–Hellman assumption), and a rather general class of subgroup indistinguishability assumptions.
Abstract: Deterministic public-key encryption, introduced by Bellare, Boldyreva, and O'Neill (CRYPTO '07), provides an alternative to randomized public-key encryption in various scenarios where the latter exhibits inherent drawbacks. A deterministic encryption algorithm, however, cannot satisfy any meaningful notion of security when the plaintext is distributed over a small set. Bellare et al. addressed this difficulty by requiring semantic security to hold only when the plaintext has high min-entropy from the adversary's point of view.
In many applications, however, an adversary may obtain auxiliary information that is related to the plaintext. Specifically, when deterministic encryption is used as a building block of a larger system, it is rather likely that plaintexts do not have high min-entropy from the adversary's point of view. In such cases, the framework of Bellare et al. might fall short from providing robust security guarantees.
We formalize a framework for studying the security of deterministic public-key encryption schemes with respect to auxiliary inputs. Given the trivial requirement that the plaintext should not be efficiently recoverable from the auxiliary input, we focus on hard-to-invert auxiliary inputs. Within this framework, we propose two schemes: the first is based on the d-linear assumption for any d?1 (including, in particular, the decisional Diffie---Hellman assumption), and the second is based on a rather general class of subgroup indistinguishability assumptions (including, in particular, the quadratic residuosity assumption and Paillier's composite residuosity assumption). Our schemes are secure with respect to any auxiliary input that is subexponentially hard to invert (assuming the standard hardness of the underlying computational assumptions).
In addition, our first scheme is secure even in the multi-user setting where related plaintexts may be encrypted under multiple public keys. Constructing a scheme that is secure in the multi-user setting (even without considering auxiliary inputs) was identified by Bellare et al. as an important open problem.
14 citations
02 Apr 2009
TL;DR: A new practical construction of certificateless public key encryption scheme without paring is presented, in the random oracle model, provably secure under the assumption that the RSA problem is intractable.
Abstract: Certificateless Public Key Cryptography was first introduced by Al-Riyami and Paterson in order to eliminate the inherent key-escrow problem of Identity-Based Cryptography. In this paper, we present a new practical construction of certificateless public key encryption scheme without paring. Our scheme is, in the random oracle model, provably secure under the assumption that the RSA problem is intractable.
13 citations