Showing papers on "Plaintext-aware encryption published in 1999"

Secure integration of asymmetric and symmetric encryption schemes

Abstract: This paper shows a generic and simple conversion from weak asymmetric and symmetric encryption schemes into an asymmetric encryption scheme which is secure in a very strong sense- indistinguishability against adaptive chosen-ciphertext attacks in the random oracle model. In particular, this conversion can be applied efficiently to an asymmetric encryption scheme that provides a large enough coin space and, for every message, many enough variants of the encryption, like the ElGamal encryption scheme.

How to Enhance the Security of Public-Key Encryption at Minimum Cost

Abstract: This paper presents a simple and efficient conversion from a semantically secure public-key encryption scheme against passive adversaries to a non-malleable (or semantically secure) public-key encryption scheme against adaptive chosen-ciphertext attacks (active adversaries) in the random oracle model. Since our conversion requires only one random (hash) function operation, the converted scheme is almost as efficient as the original one, when the random function is replaced by a practical hash function such as SHA-1 and MD5. We also give a concrete analysis of the reduction for proving its security, and show that our security reduction is (almost) optimally efficient. Finally this paper gives some practical examples of applying this conversion to some practical and semantically secure encryption schemes such as the ElGamal, Blum-Goldwasser and Okamoto-Uchiyama schemes[4, 7, 9].

Non-malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization

Abstract: We prove the equivalence of two definitions of nonmalleable encryption appearing in the literature -- the original one of Dolev, Dwork and Naor and the later one of Bellare, Desai, Pointcheval and Rogaway. The equivalence relies on a new characterization of non-malleable encryption in terms of the standard notion of indistinguishability of Goldwasser and Micali. We show that non-malleability is equivalent to indistinguishability under a "parallel chosen ciphertext attack," this being a new kind of chosen ciphertext attack we introduce, in which the adversary's decryption queries are not allowed to depend on answers to previous queries, but must be made all at once. This characterization simplifies both the notion of non-malleable encryption and its usage, and enables one to see more easily how it compares with other notions of encryption. The results here apply to non-malleable encryption under any form of attack, whether chosen-plaintext, chosen-ciphertext, or adaptive chosen-ciphertext.

An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack

Abstract: This paper proposes a simple threshold Public-Key Cryptosystem (PKC) which is secure against adaptive chosen ciphertext attack, under the Decisional Diffie-Hellman (DDH) intractability assumption. Previously, it was shown how to design non-interactive threshold PKC secure under chosen ciphertext attack, in the random-oracle model and under the DDH intractability assumption [25]. The random-oracle was used both in the proof of security and to eliminate interaction. General completeness results for multi-party computations [6,13] enable in principle converting any single server PKC secure against CCA (e.g., [19,17]) into a threshold one, but the conversions are inefficient and require much interaction among the servers for each ciphertext decrypted. The recent work by Cramer and Shoup [17] on single server PKC secure against adaptive CCA is the starting point for the new proposal.

Scheme for fast realization of encryption, decryption and authentication

Abstract: A new scheme for fast realization of encryption, decryption and authentication which can overcome the problems of the RSA cryptosystem is disclosed. The encryption obtains a ciphertext C from a plaintext M according to C ~ M e (mod n) using a first secret key given by N (~ 2) prime numbers p1, p2, ~, p N, a first public key n given by a product p1 k1p2 k2 ~ p N kN where k1, k2, ~, kN are arbitrary positive integers, a second public key a and a second secret key d which satisfy ed ~ 1 (mod L) where L is a least common multiple of p1-1, p2-1, ~, pN-1. The decryption recovers the plaintext M by obtaining residues M p1k1, M p2k2, ~, M pNkN modulo p1k1, p2k2, ~, p NkN, respectively, of the plaintext M using a prescribed loop calculation with respect to the first secret key p1, p2, ~, p N, and by applying the Chinese remainder theorem to the residues M p1k1, M p2k2, ~, M pNkN. This encryption/decryption scheme can be utilized for realizing the authentication.

Encryption device, decryption device, encryption method, decryption method, cryptography system, computer-readable recording medium storing encryption program, and computer-readable recording medium storing decryption program which perform error diagnosis

Abstract: In a cryptography system, plaintext storage unit 101 stores a plaintext. Encryption unit 102 encrypts the plaintext to generate a ciphertext. First verification data generating unit 104 generates first verification data, and second verification data generating unit 106 generates second verification data. Decryption unit 114 decrypts the ciphertext to generate a decrypted plaintext. First verification unit 116 performs verification using the decrypted plaintext and the first verification data. Second verification unit 117 performs verification using the first verification data, the ciphertext, and the second verification data. Display unit 112 displays the results of the verifications.

NICE - New Ideal Coset Encryption

Abstract: Recently, a novel public-key cryptosystem constructed on number fields is presented. The prominent theoretical property of the public-key cryptosystem is a quadratic decryption bit complexity of the public key, which consists of only simple fast arithmetical operations. We call the cryptosystem NICE (New Ideal Coset Encryption). In this paper, we consider practical aspects of the NICE cryptosystem. Our implementation in software shows that the decryption time of NICE is comparably as fast as the encryption time of the RSA cryptosystem with e = 216+1. To show if existing smart cards can be used, we implemented the NICE cryptosystem using a smart card designed for the RSA cryptosystem. Our result shows that the decryption time of NICE is comparably as fast as the decryption time of RSA cryptosystem but not so fast as in software implementation. We discuss the reasons for this and indicate requirements for smartcard designers to achieve fast implementation on smartcards.

Encryption method, decryption method, encryption/decryption method, cryptographic communications system, and computer usable medium

Abstract: A product-sum type cryptosystem is employed to obtain ciphertext C=m0D0+m1D1+ . . . +mK−1DK−1 by (an) inner product(s) using a plaintext vector m=(m0, m1, . . . , mK−1) and base vectors D=(D0, D1, . . . , DK−1). Di (0≦i≦K−1) is set to Di=d/di, where d=d0d1 . . . dK−1, and any two numbers di and dj are prime relative to each other.

A Universal Encryption Standard

Abstract: DES and triple-DES are two well-known and popular encryption algorithms, but they both have the same drawback: their block size is limited to 64 bits. While the cryptographic community is working hard to select and evaluate candidates and finalists for the AES (Advanced Encryption Standard) contest launched by NIST in 1997, it might be of interest to propose a secure and simple double block-length encryption algorithm. More than in terms of key length and block size, our Universal Encryption Standard is a new construction that remains totally compliant with DES and triple-DES specifications as well as with AES requirements.

Non-malleable encryption : Equivalence between two notions, and an indistinguishability-based characterization

Abstract: We prove the equivalence of two definitions of non-malleable encryption appearing in the literature-the original one of Dolev, Dwork and Naor and the later one of Bellare, Desai, Pointcheval and Rogaway. The equivalence relies on a new characterization of non-malleable encryption in terms of the standard notion of indistinguishability of Gold-wasser and Micali. We show that non-malleability is equivalent to indistinguishability under a parallel chosen ciphertext attack, this being a new kind of chosen ciphertext attack we introduce, in which the adversary's decryption queries are not allowed to depend on answers to previous queries, but must be made all at once. This characterization simplifies both the notion of non-malleable encryption and its usage, and enables one to see more easily how it compares with other notions of encryption. The results here apply to non-malleable encryption under any form of attack, whether chosen-plaintext, chosen-ciphertext, or adaptive chosen-ciphertext.

On the Security of an RSA Based Encryption Scheme

Abstract: In [21] some simple modifications of the RSA, respectively Dickson/LUC, cryptosystems have been presented which are practical and provably as secure in difficulty as factorizing their modulus. Similar to Rabin's provable secure cryptosystem, these schemes are vulnerable to chosen ciphertext attacks. We are going to provide a method for immunizing the RSA based system against adaptive chosen ciphertext attacks and simultaneously provide information authentication capability. By means of probabilistic encoding, the scheme achieves semantic security and plaintext awareness in the standard (i.e. non random oracle) model under the assumption of a collision-resistant hash function and the factorization intractability of the receiver's modulus.

Ciphertext Only Attack on LFSR Based Encryption Scheme

Abstract: Here a security attack on LFSR based stream cipher systems is described. The attack depends on some weakness of the memory less Boolean combining function used in the system and breaks the key using only the ciphertext. Siegenthaler used a correlation measure to define certain statistical test for finding out feasible keys. This can also be interpreted as testing the independence of two binary bit sequences. Here we extend the statistical test eonsidering the joint conditional probability of more than one binary random variables. We diacuaa algorithms with an example of non correlation immune function in the esse of three LFSRs and a multiplexer as a nonlinear combining function. Next we extend the method for correlation immune functions and illustrate that with suitable example. The motivation here is to present an applicetion of statisticsl method in cryptanalysis. Theoreticsl questions have been posed to motivate future research in this direction.

Authentication and key distribution protocol for distributed computer environment

Abstract: An authentication and key distribution protocol for network and distributed environment is presented by using hybrids of asymmetric cryptosystem and symmetric cryptosystem The intra domain authentication and key distribution is based on symmetric cryptosystem, and inter domain authentication is designed by using asymmetric cryptosystem, this can simplifies key management of the system A hierarchical certificate authority (CA) structure for distributed environment is proposed for certifying the validity of public keys In the protocol, login based on password is replaced by initial registering based on asymmetric cryptosystem, then guessing password attack can be against effectively