Advertisement

Journal of Cryptology

, Volume 26, Issue 1, pp 102–118 | Cite as

Practical Chosen Ciphertext Secure Encryption from Factoring

  • Dennis Hofheinz
  • Eike KiltzEmail author
  • Victor Shoup
Article

Abstract

We propose a practical public-key encryption scheme whose security against chosen-ciphertext attacks can be reduced in the standard model to the assumption that factoring is intractable.

Key words

Public-key encryption Chosen-ciphertext security Factoring 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    W. Alexi, B. Chor, O. Goldreich, C.-P. Schnorr, RSA and Rabin functions: certain parts are as hard as the whole. SIAM J. Comput. 17(2), 194–209 (1988) MathSciNetzbMATHCrossRefGoogle Scholar
  2. [2]
    M. Bellare, P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in ACM CCS 93: 1st Conference on Computer and Communications Security, ed. by V. Ashby (ACM, New York, 1993), pp. 62–73 CrossRefGoogle Scholar
  3. [3]
    M. Bellare, P. Rogaway, Optimal asymmetric encryption, in Advances in Cryptology—EUROCRYPT’94, ed. by A. De Santis. Lecture Notes in Computer Science, vol. 950 (Springer, Berlin, 1994), pp. 92–111 Google Scholar
  4. [4]
    D. Bleichenbacher, Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1, in Advances in Cryptology—CRYPTO’98, ed. by H. Krawczyk. Lecture Notes in Computer Science, vol. 1462 (Springer, Berlin, 1998), pp. 1–12 Google Scholar
  5. [5]
    M. Blum, S. Goldwasser, An efficient probabilistic public-key encryption scheme which hides all partial information, in Advances in Cryptology—CRYPTO’84, ed. by G.R. Blakley, D. Chaum. Lecture Notes in Computer Science, vol. 196 (Springer, Berlin, 1985), pp. 289–302 CrossRefGoogle Scholar
  6. [6]
    M. Blum, S. Micali, How to generate cryptographically strong sequences of pseudorandom bits. SIAM J. Comput. 13(4), 850–864 (1984) MathSciNetzbMATHCrossRefGoogle Scholar
  7. [7]
    L. Blum, M. Blum, M. Shub, A simple unpredictable pseudo-random number generator. SIAM J. Comput. 15(2), 364–383 (1986) MathSciNetzbMATHCrossRefGoogle Scholar
  8. [8]
    D. Boneh, X. Boyen, Efficient selective-ID secure identity based encryption without random oracles, in Advances in Cryptology—EUROCRYPT 2004, ed. by C. Cachin, J. Camenisch. Lecture Notes in Computer Science, vol. 3027 (Springer, Berlin, 2004), pp. 223–238 CrossRefGoogle Scholar
  9. [9]
    D. Boneh, R. Canetti, S. Halevi, J. Katz, Chosen-ciphertext security from identity-based encryption. SIAM J. Comput. 36(5), 1301–1328 (2007) MathSciNetCrossRefGoogle Scholar
  10. [10]
    X. Boyen, Q. Mei, B. Waters, Direct chosen ciphertext security from identity-based techniques, in ACM CCS 05: 12th Conference on Computer and Communications Security, ed. by V. Atluri, C. Meadows, A. Juels (ACM, New York, 2005), pp. 320–329 CrossRefGoogle Scholar
  11. [11]
    J. Camenisch, V. Shoup, Practical verifiable encryption and decryption of discrete logarithms, in Advances in Cryptology—CRYPTO 2003, ed. by D. Boneh. Lecture Notes in Computer Science, vol. 2729 (Springer, Berlin, 2003), pp. 126–144 CrossRefGoogle Scholar
  12. [12]
    R. Canetti, O. Goldreich, S. Halevi, The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004) MathSciNetzbMATHCrossRefGoogle Scholar
  13. [13]
    D. Cash, E. Kiltz, V. Shoup, The twin Diffie–Hellman problem and applications, in Advances in Cryptology—EUROCRYPT 2008, ed. by N.P. Smart. Lecture Notes in Computer Science, vol. 4965 (Springer, Berlin, 2008), pp. 127–145 CrossRefGoogle Scholar
  14. [14]
    D. Cash, E. Kiltz, V. Shoup, The twin Diffie–Hellman problem and applications. J. Cryptol. 22(4), 470–504 (2009) MathSciNetzbMATHCrossRefGoogle Scholar
  15. [15]
    R. Cramer, V. Shoup, Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption, in Advances in Cryptology—EUROCRYPT 2002, ed. by L.R. Knudsen. Lecture Notes in Computer Science, vol. 2332 (Springer, Berlin, 2002), pp. 45–64 CrossRefGoogle Scholar
  16. [16]
    R. Cramer, V. Shoup, Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2003) MathSciNetzbMATHCrossRefGoogle Scholar
  17. [17]
    R. Cramer, D. Hofheinz, E. Kiltz, A twist on the Naor–Yung paradigm and its application to efficient CCA-secure encryption from hard search problems, in TCC 2010: 7th Theory of Cryptography Conference, ed. by D. Micciancio. Lecture Notes in Computer Science, vol. 5978 (Springer, Berlin, 2010), pp. 146–164 Google Scholar
  18. [18]
    D. Dolev, C. Dwork, M. Naor, Nonmalleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000) MathSciNetzbMATHCrossRefGoogle Scholar
  19. [19]
    R. Fischlin, C.-P. Schnorr, Stronger security proofs for RSA and Rabin bits. J. Cryptol. 13(2), 221–244 (2000) MathSciNetzbMATHCrossRefGoogle Scholar
  20. [20]
    R. Gennaro, Y. Lindell, A framework for password-based authenticated key exchange. ACM Trans. Inf. Syst. Secur. 9(2), 181–234 (2006) CrossRefGoogle Scholar
  21. [21]
    O. Goldreich, Basing non-interactive zero-knowledge on (enhanced) trapdoor permutations: the state of the art. Manuscript. Online available at http://www.wisdom.weizmann.ac.il/~oded/PSBookFrag/nizk-tdp.ps, 2009
  22. [22]
    O. Goldreich, L.A. Levin, A hard-core predicate for all one-way functions, in 21st Annual ACM Symposium on Theory of Computing (ACM, New York, 1989), pp. 25–32 Google Scholar
  23. [23]
    S. Goldwasser, S. Micali, Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984) MathSciNetzbMATHCrossRefGoogle Scholar
  24. [24]
    S. Goldwasser, S. Micali, R.L. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988) MathSciNetzbMATHCrossRefGoogle Scholar
  25. [25]
    G. Hanaoka, K. Kurosawa, Efficient chosen ciphertext secure public key encryption under the computational Diffie–Hellman assumption, in Advances in Cryptology—ASIACRYPT 2008, ed. by J. Pieprzyk. Lecture Notes in Computer Science, vol. 5350 (Springer, Berlin, 2008), pp. 308–325 CrossRefGoogle Scholar
  26. [26]
    K. Haralambiev, T. Jager, E. Kiltz, V. Shoup, Simple and efficient public-key encryption from computational Diffie–Hellman in the standard model, in PKC 2010: 13th International Conference on Theory and Practice of Public Key Cryptography, ed. by P.Q. Nguyen, D. Pointcheval. Lecture Notes in Computer Science, vol. 6056 (Springer, Berlin, 2010), pp. 1–18 CrossRefGoogle Scholar
  27. [27]
    D. Hofheinz, E. Kiltz, Secure hybrid encryption from weakened key encapsulation, in Advances in Cryptology—CRYPTO 2007, ed. by A. Menezes. Lecture Notes in Computer Science, vol. 4622 (Springer, Berlin, 2007), pp. 553–571 CrossRefGoogle Scholar
  28. [28]
    D. Hofheinz, E. Kiltz, Practical chosen ciphertext secure encryption from factoring, in Advances in Cryptology—EUROCRYPT 2009, ed. by A. Joux. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 313–332 CrossRefGoogle Scholar
  29. [29]
    E. Kiltz, Chosen-ciphertext security from tag-based encryption, in TCC 2006: 3rd Theory of Cryptography Conference, ed. by S. Halevi, T. Rabin. Lecture Notes in Computer Science, vol. 3876 (Springer, Berlin, 2006), pp. 581–600 Google Scholar
  30. [30]
    E. Kiltz, Chosen-ciphertext secure key-encapsulation based on gap hashed Diffie–Hellman, in PKC 2007: 10th International Conference on Theory and Practice of Public Key Cryptography, ed. by T. Okamoto, X. Wang. Lecture Notes in Computer Science, vol. 4450 (Springer, Berlin, 2007), pp. 282–297 CrossRefGoogle Scholar
  31. [31]
    E. Kiltz, K. Pietrzak, M. Stam, M. Yung, A new randomness extraction paradigm for hybrid encryption, in Advances in Cryptology—EUROCRYPT 2009, ed. by A. Joux. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 590–609 CrossRefGoogle Scholar
  32. [32]
    K. Kurosawa, Y. Desmedt, A new paradigm of hybrid encryption scheme, in Advances in Cryptology—CRYPTO 2004, ed. by M. Franklin. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 426–442 CrossRefGoogle Scholar
  33. [33]
    A.K. Lenstra, H.W. Lenstra Jr. (eds.), The Development of the Number Field Sieve. Lecture Notes in Mathematics, vol. 1554 (Springer, Berlin, 1993) zbMATHGoogle Scholar
  34. [34]
    S. Lucks, A variant of the Cramer–Shoup cryptosystem for groups of unknown order, in Advances in Cryptology—ASIACRYPT 2002, ed. by Y. Zheng. Lecture Notes in Computer Science, vol. 2501 (Springer, Berlin, 2002), pp. 27–45 CrossRefGoogle Scholar
  35. [35]
    Q. Mei, B. Li, X. Lu, D. Jia, Chosen ciphertext secure encryption under factoring assumption revisited, in PKC 2011: 14th International Workshop on Theory and Practice in Public Key Cryptography, ed. by D. Catalano, N. Fazio, R. Gennaro, A. Nicolosi. Lecture Notes in Computer Science, vol. 6571 (Springer, Berlin, 2011), pp. 210–227 CrossRefGoogle Scholar
  36. [36]
    M. Naor, O. Reingold, A. Rosen, Pseudo-random functions and factoring. SIAM J. Comput. 31(5), 1383–1404 (2002) MathSciNetzbMATHCrossRefGoogle Scholar
  37. [37]
    M. Naor, M. Yung, Universal one-way hash functions and their cryptographic applications, in 21st Annual ACM Symposium on Theory of Computing (ACM, New York, 1989), pp. 33–43 Google Scholar
  38. [38]
    M. Naor, M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks, in 22nd Annual ACM Symposium on Theory of Computing (ACM, New York, 1990) Google Scholar
  39. [39]
    P. Paillier, J.L. Villar, Trading one-wayness against chosen-ciphertext security in factoring-based encryption, in Advances in Cryptology—ASIACRYPT 2006, ed. by X. Lai, K. Chen. Lecture Notes in Computer Science, vol. 4284 (Springer, Berlin, 2006), pp. 252–266 CrossRefGoogle Scholar
  40. [40]
    C. Peikert, B. Waters, Lossy trapdoor functions and their applications, in 40th Annual ACM Symposium on Theory of Computing, ed. by R.E. Ladner, C. Dwork (ACM, New York, 2008), pp. 187–196 Google Scholar
  41. [41]
    D.H. Phan, D. Pointcheval, About the security of ciphers (semantic security and pseudo-random permutations), in SAC 2004: 11th Annual International Workshop on Selected Areas in Cryptography, ed. by H. Handschuh, A. Hasan. Lecture Notes in Computer Science, vol. 3357 (Springer, Berlin, 2004), pp. 182–197 Google Scholar
  42. [42]
    M.O. Rabin, Digital signatures and public key functions as intractable as factorization. Technical Report MIT/LCS/TR-212, Massachusetts Institute of Technology, January 1979 Google Scholar
  43. [43]
    C. Rackoff, D.R. Simon, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack, in Advances in Cryptology—CRYPTO’91, ed. by J. Feigenbaum. Lecture Notes in Computer Science, vol. 576 (Springer, Berlin, 1992), pp. 433–444 Google Scholar
  44. [44]
    H. Wee, Efficient chosen-ciphertext security via extractable hash proofs, in Advances in Cryptology—CRYPTO 2010, ed. by T. Rabin. Lecture Notes in Computer Science, vol. 6223 (Springer, Berlin, 2010), pp. 314–332 CrossRefGoogle Scholar
  45. [45]
    H.C. Williams, A modification of the RSA public-key encryption procedure. IEEE Trans. Inf. Theory 26(6), 726–729 (1980) zbMATHCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  1. 1.Karlsruhe Institute of TechnologyKarlsruheGermany
  2. 2.Ruhr-Universität BochumBochumGermany
  3. 3.Courant InstituteNew York UniversityNew YorkUSA

Personalised recommendations