Advertisement

The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES

  • Michel Abdalla
  • Mihir Bellare
  • Phillip Rogaway
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2020)

Abstract

This paper provides security analysis for the public-key encryption scheme DHIES (formerly named DHES and DHAES), which was proposed in [7] and is now in several draft standards. DHIES is a Diffie-Hellman based scheme that combines a symmetric encryption method, a message authentication code, and a hash function, in addition to number-theoretic operations, in a way which is intended to provide security against chosen-ciphertext attacks. In this paper we find natural assumptions under which DHIES achieves security under chosen-ciphertext attack. The assumptions we make about the Diffie-Hellman problem are interesting variants of the customary ones, and we investigate relationships among them, and provide security lower bounds. Our proofs are in the standard model; no random-oracle assumption is required.

Keywords

Cryptographic standards Diffie-Hellman key exchange El-Gamal encryption elliptic curve cryptosystems generic model provable security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. Abdalla, M. Bellare, and P. Rogaway. DHIES: An Encryption Scheme Based on the Diffie-Hellman Problem. Full version of current paper, available from authors’ web pages.Google Scholar
  2. 2.
    American National Standards Institute (ANSI) X9.F1 subcommittee, ANSI X9.63 Public key cryptography for the Financial Services Industry: Elliptic curve key agreement and key transport schemes, Working draft, January 8, 1999.Google Scholar
  3. 3.
    M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. Advances in Cryptology ‐ CRYPTO’ 96, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed., Springer-Verlag, 1996.CrossRefGoogle Scholar
  4. 4.
    M. Bellare, A. Desai, D. Pointcheval and P. Rogaway, Relations among notions of security for public-key encryption schemes. Advances in Cryptology ‐ CRYPTO’ 98, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.Google Scholar
  5. 5.
    M. Bellare, A. Desai, E. Jokipii and P. Rogaway, A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation. Current version available at URL of first author. Preliminary version in Proc. of the 38th IEEE FOCS, IEEE, 1997.Google Scholar
  6. 6.
    M. Bellare, J. Kilian and P. Rogaway, The security of cipher block chaining. Advances in Cryptology — CRYPTO’ 94, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.Google Scholar
  7. 7.
    M. Bellare and P. Rogaway, Minimizing the use of random oracles in authenticated encryption schemes. Information and Communications Security, Lecture Notes in Computer Science, vol. 1334, Springer-Verlag, 1997, pp. 1–16.CrossRefGoogle Scholar
  8. 8.
    M. Bellare and P. Rogaway, Optimal asymmetric encryption‐ How to encrypt with RSA. Current version available at URL of either author. Preliminary version in Advances in Cryptology— EUROCRYPT’ 94, Lecture Notes in Computer Science Vol. 950, A. De Santis ed., Springer-Verlag, 1994.Google Scholar
  9. 9.
    M. Bellare and P. Rogaway, The exact security of digital signatures‐ How to sign with RSA and Rabin. Current version available at URL of either author. Preliminary version in Advances in Cryptology— EUROCRYPT’ 96, Lecture Notes in Computer Science Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.Google Scholar
  10. 10.
    D. Boneh, The decision Diffie-Hellman problem. Invited paper for the Third Algorithmic Number Theory Symposium (ANTS), Lecture Notes in Computer Science Vol. 1423, Springer-Verlag, 1998.Google Scholar
  11. 11.
    D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. Advances in Cryptology— CRYPTO’ 96, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed., Springer-Verlag, 1996.Google Scholar
  12. 12.
    Certicom Research, Standards for Efficient Crpytography Group (SECG) —SEC 1: Elliptic Curve Cryptography. Version 1.0, September 20, 2000. See http://www.secg.org/secg docs.htm.
  13. 13.
    R. Cramer and V. Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. Advances in Cryptology— CRYPTO’ 98, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.Google Scholar
  14. 14.
    W. Diffie and M. Hellman, New directions in cryptography. IEEE Transactions on Information Theory, 22, pp. 644–654, 1976.Google Scholar
  15. 15.
    D. Dolev, C. Dwork and M. Naor. Non-malleable cryptography. Proc. of the 23rd ACM STOC, ACM, 1991.Google Scholar
  16. 16.
    D. Dolev, C. Dwork and M. Naor. Non-malleable cryptography. Manuscript, March 1998.Google Scholar
  17. 17.
    T. ElGamal. A public key cryptosystem and signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, vol 31, pp. 469–472, 1985.Google Scholar
  18. 18.
    E. Fujisaki and T. Okamoto Secure Integration of Asymmetric and Symmetric Encryption Schemes. Advances in Cryptology— CRYPTO’ 99, Lecture Notes in Computer Science Vol. 1666, M. Wiener ed., Springer-Verlag, 1999.Google Scholar
  19. 19.
    O. Goldreich, A uniform complexity treatment of encryption and zero-knowledge. Journal of Cryptology, vol. 6, 1993, pp. 21–53.zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    S. Goldwasser and S. Micali, Probabilistic encryption. Journal of Computer and System Sciences, vol. 28, 270–299, April 1984.zbMATHMathSciNetGoogle Scholar
  21. 21.
    S. Hada and T. Tanaka, On the Existence of 3-Round Zero-Knowledge Protocols. Advances in Cryptology— CRYPTO’ 98, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.CrossRefGoogle Scholar
  22. 22.
    IEEE P1363a Committee, IEEE P1363a, Version D6, November 9, 2000. Standard specifications for public-key cryptography. See http://www.manta.ieee.org/groups/1363/P1363a/draft.html
  23. 23.
    D. Johnson, S. Matyas, M. Peyravian, Encryption of long blocks using a short-block encryption procedure. November 1996. Available in http://stdsbbs.ieee.org/groups/1363/index.html.
  24. 24.
    C. Lim and P. Lee, Another method for attaining security against adaptively chosen ciphertext attacks. Advances in Cryptology— CRYPTO’ 93, Lecture Notes in Computer Science Vol. 773, D. Stinson ed., Springer-Verlag, 1993.Google Scholar
  25. 25.
    S. Micali, C. Rackoff and B. Sloan, The notion of security for probabilistic cryptosystems. SIAM J. of Computing, April 1988.Google Scholar
  26. 26.
    M. Naor and O. Reingold, Number-Theoretic Constructions of Efficient Pseudo-Random Functions. Proc. of the 38th IEEE FOCS, IEEE, 1997.Google Scholar
  27. 27.
    M. Naor and M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks. Proc. of the 22nd ACM STOC, ACM, 1990.Google Scholar
  28. 28.
    C. Rackoff and D. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. Advances in Cryptology— CRYPTO’ 91, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.Google Scholar
  29. 29.
    V. Shoup, Lower bounds for Discrete Logarithms and Related Problems. Advances in Cryptology— EUROCRYPT’ 97, Lecture Notes in Computer Science Vol. 1233, W. Fumy ed., Springer-Verlag, 1997.Google Scholar
  30. 30.
    V. Shoup, Personal Communication.Google Scholar
  31. 31.
    V. Shoup, Using Hash Functions as a Hedge against Chosen Ciphertext Attack. Advances in Cryptology— EUROCRYPT’ 00, Lecture Notes in Computer Science Vol. 1807, B. Preneel ed., Springer-Verlag, 2000.Google Scholar
  32. 32.
    Y. Zheng, Public key authenticated encryption schemes using universal hashing. ContributiontoP1363. ftp://stdsbbs.ieee.org/pub/p1363/contributions/aes-uhf.ps
  33. 33.
    Y. Zheng and J. Seberry, Immunizing public key cryptosystems against chosen ciphertext attack. IEEE Journal on Selected Areas in Communications, vol. 11, no. 5, 715–724 (1993).CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Michel Abdalla
    • 1
  • Mihir Bellare
    • 1
  • Phillip Rogaway
    • 2
  1. 1.Department of Computer Science & EngineeringUniversity of California at San DiegoCaliforniaUSA
  2. 2.Department of Computer ScienceUniversity of California at DavisCaliforniaUSA

Personalised recommendations