Journal of Cryptology

, Volume 26, Issue 1, pp 80–101 | Cite as

Secure Integration of Asymmetric and Symmetric Encryption Schemes

Article

Abstract

This paper presents a generic conversion from weak asymmetric and symmetric encryption schemes to an asymmetric encryption scheme that is chosen-ciphertext secure in the random oracle model. Our conversion is the first generic transformation from an arbitrary one-way asymmetric encryption scheme to a chosen-ciphertext secure asymmetric encryption scheme in the random oracle model.

Key words

Asymmetric and symmetric (or public-key and private-key) encryptions Generic conversion Indistinguishability against chosen ciphertext attacks (IND-CCA) Random oracle model Security proof 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    M. Abdalla, M. Bellare, P. Rogaway, DHIES: An encryption scheme based on the Diffie–Hellman problem, in IEEE P1363a, September 2001 (2001). ANSI X9.63EC, and SECG Google Scholar
  2. [2]
    M. Abdalla, M. Bellare, P. Rogaway, DHAES: An encryption scheme based on the Diffie–Hellman problem. Submission to IEEE P1363, November 1998. http://grouper.ieee.org/groups/1363/StudyGroup/
  3. [3]
    M. Abe, R. Gennaro, K. Kurosawa, Tag-KEM/DEM: A new framework for hybrid encryption. J. Cryptol. 21(1), 97–130 (2008) MathSciNetMATHCrossRefGoogle Scholar
  4. [4]
    M. Bellare, A. Palacio, Towards plaintext-aware public-key encryption without random oracles, in Advances in Cryptology—Asiacrypt 2004, ed. by P.J. Lee. Lecture Notes in Computer Science, vol. 3329 (Springer, Berlin, 2004), pp. 48–62 CrossRefGoogle Scholar
  5. [5]
    M. Bellare, P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in First ACM Conference on Computer and Communication Security (ACM, New York, 1993), pp. 62–73 CrossRefGoogle Scholar
  6. [6]
    M. Bellare, P. Rogaway, Optimal asymmetric encryption, in Advances in Cryptology—EUROCRYPT’94, ed. by A.D. Santis. Lecture Notes in Computer Science, vol. 950 (Springer, Berlin, 1995), pp. 92–111 Google Scholar
  7. [7]
    M. Bellare, A. Desai, D. Pointcheval, P. Rogaway, Relations among notions of security for public-key encryption schemes, in Advances in Cryptology—CRYPTO’98, ed. by H. Krawczyk. Lecture Notes in Computer Science, vol. 1462 (Springer, Berlin, 1998), pp. 26–45 Google Scholar
  8. [8]
    D. Boneh, R. Canetti, S. Halevi, J. Katz, Chosen-ciphertext security from identity-based encryption. SIAM J. Comput. 36(5), 1301–1328 (2007) MathSciNetCrossRefGoogle Scholar
  9. [9]
    R. Canetti, S. Halevi, J. Katz, Chosen-ciphertext security from identity based encryption, in Advances in Cryptology—EUROCRYPT 2004, ed. by C. Cachin, J. Camenisch. Lecture Notes in Computer Science, vol. 3027 (Springer, Berlin, 2004), pp. 207–222 CrossRefGoogle Scholar
  10. [10]
    D. Cash, E. Kiltz, V. Shoup, The twin Diffie–Hellman problem and applications, in EUROCRYPT, ed. by N.P. Smart. Lecture Notes in Computer Science, vol. 4965 (Springer, Berlin, 2008), pp. 127–145 Google Scholar
  11. [11]
    R. Cramer, V. Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack, in Advances in Cryptology—CRYPTO’98, ed. by H. Krawczyk. Lecture Notes in Computer Science, vol. 1462 (Springer, Berlin, 1998), pp. 13–25 Google Scholar
  12. [12]
    R. Cramer, V. Shoup, Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption, in Advances in Cryptology—EUROCRYPT’02. Lecture Notes in Computer Science (Springer, Berlin, 2002), pp. 45–64 Google Scholar
  13. [13]
    R. Cramer, V. Shoup, Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2004). Early version in CRYPTO’98 MathSciNetCrossRefGoogle Scholar
  14. [14]
    R. Cramer, D. Hofheinz, E. Kiltz, A twist on the Naor–Yung paradigm and its application to efficient cca-secure encryption from hard search problems, in Theory of Cryptography—TCC 2010. Lecture Notes in Computer Science, vol. 5978 (Springer, Berlin, 2010), pp. 146–164 CrossRefGoogle Scholar
  15. [15]
    I. Damgård, Towards practical public key systems secure against chosen ciphertext attacks, in Advances in Cryptology—CRYPTO’91, ed. by J. Feigenbaum. Lecture Notes in Computer Science, vol. 576 (Springer, Berlin, 1992), pp. 445–456 Google Scholar
  16. [16]
    D. Dolev, C. Dwork, M. Naor, Non-malleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000) (Presented in STOC’91) MathSciNetMATHCrossRefGoogle Scholar
  17. [17]
    Y. Frankel, M. Yung, Cryptoanalysis of the immunized LL public key systems, in Advances in Cryptology—CRYPTO’95, ed. by D. Coppersmith. Lecture Notes in Computer Science, vol. 963 (Springer, Berlin, 1995), pp. 287–296 Google Scholar
  18. [18]
    E. Fujisaki, T. Okamoto, Secure integration of asymmetric and symmetric encryption schemes, in Advances in Cryptology—CRYPTO’99, ed. by M. Wiener. Lecture Notes in Computer Science, vol. 1666 (Springer, Berlin, 1999), pp. 537–554 Google Scholar
  19. [19]
    E. Fujisaki, T. Okamoto, How to enhance the security of public-key encryption at minimum cost. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E83-A(1), 24–32 (2000). Early Version in PKC’99 Google Scholar
  20. [20]
    E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern, RSA-OAEP is secure under the RSA assumption, in Advances in Cryptology—CRYPTO2001, ed. by J. Kilian. Lecture Notes in Computer Science, vol. 2139 (Springer, Berlin, 2001), pp. 260–274 Google Scholar
  21. [21]
    D. Galindo, S. Martin, P. Morillo, J. Villar, Fujisaki-Okamoto IND-CCA hybrid encryption revisited. Technical report, IACR, May 2003. http://eprint.iacr.org/2003/107
  22. [22]
    O. Goldreich, A uniform-complexity treatment of encryption and zero-knowledge. J. Cryptol. 6(1), 21–53 (1993) MathSciNetMATHCrossRefGoogle Scholar
  23. [23]
    O. Goldreich, L. Levin, A hard-core predicate for all one-way functions, in Proceedings of the 21st Annual ACM Symposium on Theory of Computing (STOC’89) (1989), pp. 25–32 Google Scholar
  24. [24]
    S. Goldwasser, S. Micali, Probabilistic encryption. J. Comput. Syst. Sci. 28, 270–299 (1984) MathSciNetMATHCrossRefGoogle Scholar
  25. [25]
    D. Hofheinz, E. Kiltz, Secure hybrid encryption from weakened key encapsulation, in CRYPTO, ed. by A. Menezes. Lecture Notes in Computer Science, vol. 4622 (Springer, Berlin, 2007), pp. 553–571 Google Scholar
  26. [26]
    D. Hofheinz, E. Kiltz, Practical chosen ciphertext secure encryption from factoring, in EUROCRYPT, ed. by A. Joux. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 313–332 Google Scholar
  27. [27]
    M. Joye, J. Quisquater, M. Yung, On the power of misbehaving adversaries and security analysis of the original epoc, in CT—RSA’2001. Lecture Notes in Computer Science, vol. 2020 (Springer, Berlin, 2001), pp. 208–222 Google Scholar
  28. [28]
    J. Kilian, P. Rogaway, How to protect DES against exhaustive key search (an analysis of DESX). J. Cryptol. 14(1), 17–35 (2001). Early version in CRYPTO’96 MathSciNetMATHCrossRefGoogle Scholar
  29. [29]
    E. Kiltz, K. Pietrzak, M. Stam, M. Yung, A new randomness extraction paradigm for hybrid encryption, in Advances in Cryptology—EUROCRYPT 2009, ed. by A. Joux. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 590–609 CrossRefGoogle Scholar
  30. [30]
    K. Kurosawa, Y. Desmedt, A new paradigm of hybrid encryption scheme, in Advances in Cryptology—CRYPTO 2004, ed. by M. Franklin. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 426–442 CrossRefGoogle Scholar
  31. [31]
    C. Lim, P. Lee, Another method for attaining security against adaptively chosen ciphertext attacks, in Advances in Cryptology—CRYPTO’93, ed. by D. Stinson. Lecture Notes in Computer Science, vol. 773 (Springer, Berlin, 1993) Google Scholar
  32. [32]
    Y. Lindell, A simpler construction of cca2-secure public-key encryption under general assumptions, in Advances in Cryptology—EUROCRYPT’03, ed. by E. Biham. Lecture Notes in Computer Science, vol. 2656 (Springer, Berlin, 2003), pp. 241–254 Google Scholar
  33. [33]
    M. Naor, M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks, in Proceedings of the 21st Annual ACM Symposium on Theory of Computing (STOC’90) (1990), pp. 427–437 Google Scholar
  34. [34]
    T. Okamoto, D. Pointcheval, REACT: Rapid enhanced-security asymmetric cryptosystem transform, in CT—RSA’2001. Lecture Notes in Computer Science, vol. 2020 (Springer, Berlin, 2001), pp. 159–175 Google Scholar
  35. [35]
    T. Okamoto, S. Uchiyama, A new public-key cryptosystem as secure as factoring, in Advances in Cryptology—EUROCRYPT’98, ed. by K. Nyberg. Lecture Notes in Computer Science, vol. 1403 (Springer, Berlin, 1998), pp. 308–318 Google Scholar
  36. [36]
    T. Okamoto, S. Uchiyama, E. Fujisaki, EPOC: Efficient probabilistic public-key encryption. Submission to IEEE P1363. http://info.isl.ntt.co.jp/epoc
  37. [37]
    C. Peikert, B. Waters, Lossy trapdoor functions and their applications, in Proceedings of the 40th Annual ACM Symposium on Theory of Computing (STOC’08) (2008) Google Scholar
  38. [38]
    D.H. Phan, D. Pointcheval, OAEP 3-round: A generic and secure asymmetric encryption padding, in Advances in Cryptology—Asiacrypt 2004, ed. by P.J. Lee. Lecture Notes in Computer Science, vol. 3329 (Springer, Berlin, 2004), pp. 63–78 CrossRefGoogle Scholar
  39. [39]
    D. Pointcheval, Chosen-ciphertext security for any one-way cryptosystem, in 3rd International Workshop on Practice and Theory in Public Key Cryptography—PKC’00, ed. by H. Imai, Y. Zheng. Lecture Notes in Computer Science, vol. 1751 (Springer, Berlin, 2000), pp. 129–146 Google Scholar
  40. [40]
    C. Rackoff, D. Simon, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack, in Advances in Cryptology—CRYPTO’91, ed. by J. Feigenbaum. Lecture Notes in Computer Science, vol. 576 (Springer, Berlin, 1992), pp. 433–444 Google Scholar
  41. [41]
    A. Rosen, G. Segev, Chosen-ciphertext security via correlated products, in Theory of Cryptography—TCC 2009, ed. by O. Reingold. Lecture Notes in Computer Science, vol. 5444 (Springer, Berlin, 2009), pp. 419–436 CrossRefGoogle Scholar
  42. [42]
    A. Sahai, Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security, in Proceedings of the 40th IEEE Annual Symposium on Foundations of Computer Science (FOCS’99) (1999), pp. 543–553 Google Scholar
  43. [43]
    K. Sakurai, T. Takagi, A reject timing attack on an ind-cca2 public-key cryptosystem, in ICISC’02. Lecture Notes in Computer Science, vol. 2587 (Springer, Berlin, 2001), pp. 359–373 Google Scholar
  44. [44]
    V. Shoup, OAEP Reconsidered, in Advances in Cryptology—CRYPTO2001, ed. by J. Kilian. Lecture Notes in Computer Science, vol. 2139 (Springer, Berlin, 2001), pp. 239–259 Google Scholar
  45. [45]
    V. Shoup, A proposal for an ISO standard for public key encryption. Technical report, Cryptology ePrint Archive, Report 2001/112, December 2001 Google Scholar
  46. [46]
    H. Wee, Efficient chosen-ciphertext security via extractable hash proofs, in CRYPTO, ed. by T. Rabin. Lecture Notes in Computer Science, vol. 6223 (Springer, Berlin, 2010), pp. 314–332 Google Scholar
  47. [47]
    Y. Zheng, J. Seberry, Immunizing public key cryptosystems against chosen ciphertext attacks. J. Sel. Areas Commun. 11(5) (1993) Google Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  1. 1.NTT LaboratoriesTokyoJapan

Personalised recommendations