Abstract
At Crypto’99, Fujisaki and Okamoto [11] presented a generic transformation from weak secure asymmetric and symmetric schemes into an IND-CCA hybrid encryption scheme in the Random Oracle Model, which has been extensively used in several cryptographic scenarios. The work we present here forms part of the careful revision of the provable security techniques initiated by Shoup in [25] insofar as we find some ambiguities in the proof of this generic conversion, which can lead to false claims. Consequently, the original conversion is modified and the class of asymmetric primitives that can be used is shortened. Furthermore, the concept of easily verifiable primitive is formalized, showing its connection with the gap problems introduced in [18]. Using these ideas, a completely new security proof for the modified transformation is given, which is phrased using currently widely accepted techniques. The reduction thereby obtained turns out to be tight, enhancing the concrete security claimed in the original work for the easily verifiable primitives. For the remaining primitives, the concrete security is improved at the cost of stronger assumptions. Finally, the resistance of the new conversion against reject timing attacks is addressed.
Similar content being viewed by others
References
Bellare M, Desai A, Pointcheval D, Rogaway P (1998) Relations among notions of security for public-key encryption schemes. In: Krawczyk H (ed) Advances in Cryptology – CRYPTO 1998. Lecture notes in computer science, vol 1462. Springer, Berlin Heidelberg New York, pp 26–45
Bellare M, Rogaway P (1993) Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM conference on computer and communications security. ACM Press, New York, pp 62–73
Bellare M, Boldyreva A, Palacio A (2004) An uninstantiable Random-Oracle-Model scheme for a hybrid-encryption problem. In: Cachin C, Camenisch J (eds) Advances in Cryptology – EUROCRYPT 2004. Lecture notes in computer science, vol 3027. Springer, Berlin Heidelberg New York, pp 449–461
Canetti R, Goldreich O, Halevi S (1998) The random oracle methodology, revisited. In: Proceedings of the 32nd annual ACM symposium on theory of computing. ACM Press, New York, pp 209–218
Catalano D, Gennaro R, Howgrave-Graham N, Nguyen PQ (2001) Paillier’s cryptosystem revisited. In: Proceedings of the 8th ACM conference on computer and communications security. ACM Press, New York, pp 206–214
Coron J, Handschuh H, Joye M, Paillier P, Pointcheval D, Tymen C (2002) GEM: a generic chosen-ciphertext secure encryption method. In: Preneel B (ed) Topics in Cryptology – CT-RSA 2002. Lecture notes in computer science, vol 2271. Springer, Berlin Heidelberg New York, pp 263–276
Coron J, Handschuh H, Joye M, Paillier P, Pointcheval D, Tymen C (2002) Optimal chosen-ciphertext secure encryption of arbitrary-length messages. In: Naccache D, Paillier P (eds) Public key cryptography, PKC 2002. Lecture notes in computer science, vol 2274. Springer, Berlin Heidelberg New York, pp 17–33
Cramer R, Shoup V (2002) Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen LR (ed) Advances in Cryptology – EUROCRYPT 2002. Lecture notes in computer science, vol 2332. Springer, Berlin Heidelberg New York, pp 45–64
Dent AW (2002) An implementation attack against the EPOC-2 public-key cryptosystem. Electron Lett 38(9):412–413
EPOC, Efficient probabilistic public-key encryption. http://info.isl.ntt.co.jp/epoc/
Fujisaki E, Okamoto T (1999) Secure integration of asymmetric and symmetric encryption schemes. In: Wiener MJ (ed) Advances in Cryptology – CRYPTO 1999. Lecture notes in computer science, vol 1666. Springer, Berlin Heidelberg New York, pp 537–554
Fujisaki E, Okamoto T (2001) A chosen-cipher secure encryption scheme tightly as secure as factoring. IEICE Trans Fundament E84-A(1):179–187
Golwasser S, Micali S (1984) Probabilistic encryption. J Comput Sys Sci 28:270–299
Goldwasser S, Tauman Y (2003) On the (in)security of the Fiat-Shamir paradigm. In: Proceedings of the 44th symposium on foundations of computer science (FOCS 2003). IEEE Press, New York, pp 102–115
Joye M, Quisquater J J, Yung M (2001) On the power of misbehaving adversaries and security analysis of the original EPOC. In: Naccache D (ed) Topics in Cryptology – CT-RSA 2001. Lecture notes in computer science, vol 2020. Springer, Berlin Heidelberg New York, pp 208–222
Menezes A (1993) Elliptic curve public-key cryptosystems. The Kluwer international series in engineering and computer science (SECS 234). Kluwer, Dordrecht
Naor M, Yung M (1990) Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Proceedings of the 32nd annual ACM symposium on theory of computing. ACM Press, New York, pp 427–437
Okamoto T, Pointcheval D (2001) The gap-problems: a new class of problems for the security of cryptographic schemes. In: Kim K (ed) Public Key Cryptography, PKC 2001. Lecture notes in computer science, vol 1992. Springer, Berlin Heidelberg New York, pp 104–118
Okamoto T, Pointcheval D (2001) REACT: Rapid enhanced-security asymmetric cryptosystem transform. In: Naccache D (ed) Topics in Cryptology – CT-RSA 2001. Lecture notes in computer science, vol 2020. Springer, Berlin Heidelberg New York, pp 159–175
Okamoto T, Uchiyama S (1998) A New Public-Key Cryptosystem as Secure as Factoring. In: Nyberg K (ed) Advances in Cryptology – EUROCRYPT 1998. Lecture notes in computer science, vol 1403. Springer, Berlin Heidelberg New York, pp 308–318
PSEC, Provably Secure Encryption Scheme. http://info.isl.ntt.co.jp/psec/
Pointcheval D (2000) Chosen-ciphertext security for any one-way cryptosystem. In: Imai H, Zheng Y (eds): Public Key Cryptography, PKC 2000. Lecture notes in computer science, vol 1751. Springer, Berlin Heidelberg New York, pp 129–146
Rackoff C, Simon DR (1992) Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum J (ed) Advances in Cryptology – CRYPTO 1991. Lecture notes in computer science, vol 576. Springer, Berlin Heidelberg New York, pp 433–444
Sakurai K, Takagi T (2002) A reject timing attack on an IND-CCA2 public-key cryptosystem. In: Joong Lee P, Hoon Lim C (eds) Information Security and Cryptology – ICISC 2002. Lecture notes in computer science, vol 2587. Springer, Berlin Heidelberg New York, pp 359–373
Shoup V (2001) OAEP Reconsidered. In: Kilian J (ed) Advances in Cryptology – CRYPTO 2001. Lecture notes in computer science, vol 2139. Springer, Berlin Heidelberg New York, pp 239–259
Stern J (2003) Why provable security matters? In: Biham E (ed) Advances in Cryptology – EUROCRYPT 2003. Lecture notes in computer science, vol 2656. Springer, Berlin Heidelberg New York, pp 449–461
Watanabe Y, Shikata J, Imai H (2002) Equivalence between semantic security and indistinguishability against chosen ciphertext attacks. In: Biham E (ed) Advances in Cryptology – EUROCRYPT 2003. Lecture notes in computer science, vol 2567. Springer, Berlin Heidelberg New York, pp 71–84
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Galindo, D., Martín, S., Morillo, P. et al. Fujisaki–Okamoto hybrid encryption revisited. Int J Inf Secur 4, 228–241 (2005). https://doi.org/10.1007/s10207-004-0042-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-004-0042-z