Skip to main content
SpringerLink
Log in

Fujisaki–Okamoto hybrid encryption revisited

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

At Crypto’99, Fujisaki and Okamoto [11] presented a generic transformation from weak secure asymmetric and symmetric schemes into an IND-CCA hybrid encryption scheme in the Random Oracle Model, which has been extensively used in several cryptographic scenarios. The work we present here forms part of the careful revision of the provable security techniques initiated by Shoup in [25] insofar as we find some ambiguities in the proof of this generic conversion, which can lead to false claims. Consequently, the original conversion is modified and the class of asymmetric primitives that can be used is shortened. Furthermore, the concept of easily verifiable primitive is formalized, showing its connection with the gap problems introduced in [18]. Using these ideas, a completely new security proof for the modified transformation is given, which is phrased using currently widely accepted techniques. The reduction thereby obtained turns out to be tight, enhancing the concrete security claimed in the original work for the easily verifiable primitives. For the remaining primitives, the concrete security is improved at the cost of stronger assumptions. Finally, the resistance of the new conversion against reject timing attacks is addressed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Bellare M, Desai A, Pointcheval D, Rogaway P (1998) Relations among notions of security for public-key encryption schemes. In: Krawczyk H (ed) Advances in Cryptology – CRYPTO 1998. Lecture notes in computer science, vol 1462. Springer, Berlin Heidelberg New York, pp 26–45

  2. Bellare M, Rogaway P (1993) Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM conference on computer and communications security. ACM Press, New York, pp 62–73

  3. Bellare M, Boldyreva A, Palacio A (2004) An uninstantiable Random-Oracle-Model scheme for a hybrid-encryption problem. In: Cachin C, Camenisch J (eds) Advances in Cryptology – EUROCRYPT 2004. Lecture notes in computer science, vol 3027. Springer, Berlin Heidelberg New York, pp 449–461

  4. Canetti R, Goldreich O, Halevi S (1998) The random oracle methodology, revisited. In: Proceedings of the 32nd annual ACM symposium on theory of computing. ACM Press, New York, pp 209–218

  5. Catalano D, Gennaro R, Howgrave-Graham N, Nguyen PQ (2001) Paillier’s cryptosystem revisited. In: Proceedings of the 8th ACM conference on computer and communications security. ACM Press, New York, pp 206–214

  6. Coron J, Handschuh H, Joye M, Paillier P, Pointcheval D, Tymen C (2002) GEM: a generic chosen-ciphertext secure encryption method. In: Preneel B (ed) Topics in Cryptology – CT-RSA 2002. Lecture notes in computer science, vol 2271. Springer, Berlin Heidelberg New York, pp 263–276

  7. Coron J, Handschuh H, Joye M, Paillier P, Pointcheval D, Tymen C (2002) Optimal chosen-ciphertext secure encryption of arbitrary-length messages. In: Naccache D, Paillier P (eds) Public key cryptography, PKC 2002. Lecture notes in computer science, vol 2274. Springer, Berlin Heidelberg New York, pp 17–33

  8. Cramer R, Shoup V (2002) Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen LR (ed) Advances in Cryptology – EUROCRYPT 2002. Lecture notes in computer science, vol 2332. Springer, Berlin Heidelberg New York, pp 45–64

  9. Dent AW (2002) An implementation attack against the EPOC-2 public-key cryptosystem. Electron Lett 38(9):412–413

    Article  Google Scholar 

  10. EPOC, Efficient probabilistic public-key encryption. http://info.isl.ntt.co.jp/epoc/

  11. Fujisaki E, Okamoto T (1999) Secure integration of asymmetric and symmetric encryption schemes. In: Wiener MJ (ed) Advances in Cryptology – CRYPTO 1999. Lecture notes in computer science, vol 1666. Springer, Berlin Heidelberg New York, pp 537–554

  12. Fujisaki E, Okamoto T (2001) A chosen-cipher secure encryption scheme tightly as secure as factoring. IEICE Trans Fundament E84-A(1):179–187

  13. Golwasser S, Micali S (1984) Probabilistic encryption. J Comput Sys Sci 28:270–299

    Article  Google Scholar 

  14. Goldwasser S, Tauman Y (2003) On the (in)security of the Fiat-Shamir paradigm. In: Proceedings of the 44th symposium on foundations of computer science (FOCS 2003). IEEE Press, New York, pp 102–115

  15. Joye M, Quisquater J J, Yung M (2001) On the power of misbehaving adversaries and security analysis of the original EPOC. In: Naccache D (ed) Topics in Cryptology – CT-RSA 2001. Lecture notes in computer science, vol 2020. Springer, Berlin Heidelberg New York, pp 208–222

  16. Menezes A (1993) Elliptic curve public-key cryptosystems. The Kluwer international series in engineering and computer science (SECS 234). Kluwer, Dordrecht

  17. Naor M, Yung M (1990) Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Proceedings of the 32nd annual ACM symposium on theory of computing. ACM Press, New York, pp 427–437

  18. Okamoto T, Pointcheval D (2001) The gap-problems: a new class of problems for the security of cryptographic schemes. In: Kim K (ed) Public Key Cryptography, PKC 2001. Lecture notes in computer science, vol 1992. Springer, Berlin Heidelberg New York, pp 104–118

  19. Okamoto T, Pointcheval D (2001) REACT: Rapid enhanced-security asymmetric cryptosystem transform. In: Naccache D (ed) Topics in Cryptology – CT-RSA 2001. Lecture notes in computer science, vol 2020. Springer, Berlin Heidelberg New York, pp 159–175

  20. Okamoto T, Uchiyama S (1998) A New Public-Key Cryptosystem as Secure as Factoring. In: Nyberg K (ed) Advances in Cryptology – EUROCRYPT 1998. Lecture notes in computer science, vol 1403. Springer, Berlin Heidelberg New York, pp 308–318

  21. PSEC, Provably Secure Encryption Scheme. http://info.isl.ntt.co.jp/psec/

  22. Pointcheval D (2000) Chosen-ciphertext security for any one-way cryptosystem. In: Imai H, Zheng Y (eds): Public Key Cryptography, PKC 2000. Lecture notes in computer science, vol 1751. Springer, Berlin Heidelberg New York, pp 129–146

  23. Rackoff C, Simon DR (1992) Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum J (ed) Advances in Cryptology – CRYPTO 1991. Lecture notes in computer science, vol 576. Springer, Berlin Heidelberg New York, pp 433–444

  24. Sakurai K, Takagi T (2002) A reject timing attack on an IND-CCA2 public-key cryptosystem. In: Joong Lee P, Hoon Lim C (eds) Information Security and Cryptology – ICISC 2002. Lecture notes in computer science, vol 2587. Springer, Berlin Heidelberg New York, pp 359–373

  25. Shoup V (2001) OAEP Reconsidered. In: Kilian J (ed) Advances in Cryptology – CRYPTO 2001. Lecture notes in computer science, vol 2139. Springer, Berlin Heidelberg New York, pp 239–259

  26. Stern J (2003) Why provable security matters? In: Biham E (ed) Advances in Cryptology – EUROCRYPT 2003. Lecture notes in computer science, vol 2656. Springer, Berlin Heidelberg New York, pp 449–461

  27. Watanabe Y, Shikata J, Imai H (2002) Equivalence between semantic security and indistinguishability against chosen ciphertext attacks. In: Biham E (ed) Advances in Cryptology – EUROCRYPT 2003. Lecture notes in computer science, vol 2567. Springer, Berlin Heidelberg New York, pp 71–84

Download references

Author information

Authors and Affiliations

  1. Dep. Matemàtica Aplicada IV, Universitat Politècnica de Catalunya, Campus Nord, c/Jordi Girona, 1-3, 08034, Barcelona, Spain

    David Galindo, Sebastià Martín, Paz Morillo & Jorge L. Villar

Authors
  1. David Galindo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sebastià Martín
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paz Morillo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jorge L. Villar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David Galindo.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Galindo, D., Martín, S., Morillo, P. et al. Fujisaki–Okamoto hybrid encryption revisited. Int J Inf Secur 4, 228–241 (2005). https://doi.org/10.1007/s10207-004-0042-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-004-0042-z

Keywords

Search

Navigation