Optimal asymmetric encryption padding

About: Optimal asymmetric encryption padding is a research topic. Over the lifetime, 299 publications have been published within this topic receiving 43101 citations. The topic is also known as: OAEP.

Security of Cryptosystems Using Merkle-Damgård in the Random Oracle Model

Abstract: Since the Merkle-Damgard hash function (denoted by MDFH) that uses a fixed input length random oracle as a compression function is not indifferentiable from a random oracle (denoted by RO) due to the extension attack, there is no guarantee for the security of cryptosystems, which are secure in the RO model, when RO is instantiated with MDHF. This fact motivates us to establish a criteria methodology for confirming cryptosystems security when RO is instantiated with MDHF. In this paper, we confirm cryptosystems security by using the following approach: 1. Find a weakened random oracle (denoted by WRO) which leaks values needed to realize the extension attack. 2. Prove that MDHF is indifferentiable from WRO. 3. Prove cryptosystems security in the WRO model. The indifferentiability framework of Maurer, Renner and Holenstein guarantees that we can securely use the cryptosystem when WRO is instantiated with MDHF. Thus we concentrate on such finding WRO. We propose Traceable Random Oracle (denoted by TRO) which leaks values enough to permit the extension attack. By using TRO, we can easily confirm the security of OAEP encryption scheme and variants of OAEP encryption scheme. However, there are several practical cryptosystems whose security cannot be confirmed by TRO (e.g. RSA-KEM). This is because TRO leaks values that are irrelevant to the extension attack. Therefore, we propose another WRO, Extension Attack Simulatable Random Oracle (denoted by ERO), which leaks just the value needed for the extension attack. Fortunately, ERO is necessary and sufficient to confirm the security of cryptosystems under MDHF. This means that the security of any cryptosystem under MDHF is equivalent to that under the ERO model. We prove that RSA-KEM is secure in the ERO model.

A New Rabin-Type Cryptosystem with Modulus \(p^{2}q\)

Abstract: In 1979, Rabin introduced a variation of RSA using the encryption exponent 2, which has become popular because of its speed. Its drawback is decryption to four possible messages which has led to various ideas to identify the correct plaintext. This paper provides a new Rabin-type cryptosystem based on a modulus of the form \(p^{2}q\). Along with a theoretical proof that the decryption is correct, we provide a complete example. To demonstrate its efficiency, we compare runtime of our algorithms with those of two others with similar aims. We also conjecture that our scheme is secure against chosen ciphertext attacks because of our inclusion of Simplified Optimal Asymmetric Encryption Padding of messages.