REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform

  • Tatsuaki Okamoto
  • David Pointcheval
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2020)


Seven years after the optimal asymmetric encryption padding (OAEP) which makes chosen-ciphertext secure encryption scheme from any trapdoor one-way permutation (but whose unique application is RSA), this paper presents REACT, a new conversion which applies to any weakly secure cryptosystem, in the random oracle model: it is optimal from both the computational and the security points of view. Indeed, the overload is negligible, since it just consists of two more hashings for both encryption and decryption, and the reduction is very tight.

Furthermore, advantages of REACT beyond OAEP are numerous:
  1. 1.

    it is more general since it applies to any partially trapdoor one-way function (a.k.a. weakly secure public-key encryption scheme) and therefore provides security relative to RSA but also to the Diffie- Hellman problem or the factorization;

  2. 2.

    it is possible to integrate symmetric encryption (block and stream ciphers) to reach very high speed rates;

  3. 3.

    it provides a key distribution with session key encryption, whose overall scheme achieves chosen-ciphertext security even with weakly secure symmetric scheme.


Therefore, REACT could become a new alternative to OAEP, and even reach security relative to factorization, while allowing symmetric integration.


Hash Function Encryption Scheme Random Oracle Model Security Notion Asymmetric Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Abdalla, M. Bellare, and P. Rogaway. DHAES: An Encryption Scheme Based on the Diffie-Hellman Problem. Submission to IEEE P1363a. September 1998.Google Scholar
  2. 2.
    M. Abdalla, M. Bellare, and P. Rogaway. The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES. In RSA’ 2001, LNCS. Springer-Verlag, Berlin, 2001.Google Scholar
  3. 3.
    M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among Notions of Security for Public-Key Encryption Schemes. In Crypto’ 98, LNCS 1462, pages 26–45. Springer-Verlag, Berlin, 1998.Google Scholar
  4. 4.
    M. Bellare and P. Rogaway. Random Oracles Are Practical: a Paradigm for Designing Efficient Protocols. In Proc. of the 1st CCS, pages 62–73. ACM Press, New York, 1993.Google Scholar
  5. 5.
    M. Bellare and P. Rogaway. Optimal Asymmetric Encryption-How to Encrypt with RSA. In Eurocrypt’ 94, LNCS 950, pages 92–111. Springer-Verlag, Berlin, 1995.CrossRefGoogle Scholar
  6. 6.
    M. Bellare and A. Sahai. Non-Malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization. In Crypto’ 99, LNCS 1666, pages 519–536. Springer-Verlag, Berlin, 1999.Google Scholar
  7. 7.
    D. Bleichenbacher. A Chosen Ciphertext Attack against Protocols based on the RSA Encryption Standard PKCS #1. In Crypto’ 98, LNCS 1462, pages 1–12. Springer-Verlag, Berlin, 1998.Google Scholar
  8. 8.
    L. Carter and M. Wegman. Universal Hash Functions. Journal of Computer and System Sciences, 18:143–154, 1979.zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    D. Coppersmith, S. Halevi, and C. S. Jutla. ISO 9796 and the New Forgery Strategy. Working Draft presented at the Rump Session of Crypto’ 99, 1999.Google Scholar
  10. 10.
    J.-S. Coron, D. Naccache, and J. P. Stern. On the Security of RSA Padding. In Crypto’ 99, LNCS 1666, pages 1–18. Springer-Verlag, Berlin, 1999.Google Scholar
  11. 11.
    R. Cramer and V. Shoup. A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack. In Crypto’ 98, LNCS 1462, pages 13–25. Springer-Verlag, Berlin, 1998.Google Scholar
  12. 12.
    W. Diffie and M. E. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654, November 1976.zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    D. Dolev, C. Dwork, and M. Naor. Non-Malleable Cryptography. In Proc. of the 23rd STOC. ACM Press, New York, 1991.Google Scholar
  14. 14.
    T. El Gamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory, IT-31(4):469–472, July 1985.CrossRefzbMATHGoogle Scholar
  15. 15.
    E. Fujisaki and T. Okamoto. How to Enhance the Security of Public-Key Encryption at Minimum Cost. In PKC’ 99, LNCS 1560, pages 53–68. Springer-Verlag, Berlin, 1999.Google Scholar
  16. 16.
    E. Fujisaki and T. Okamoto. Secure Integration of Asymmetric and Symmetric Encryption Schemes. In Crypto’ 99, LNCS 1666, pages 537–554. Springer-Verlag, Berlin, 1999.Google Scholar
  17. 17.
    E. Fujisaki and T. Okamoto. How to Enhance the Security of Public-Key Encryption at Minimum Cost. IEICE Transaction of Fundamentals of Electronic Communications and Computer Science, E83-A (1):24–32, January 2000.Google Scholar
  18. 18.
    S. Goldwasser and S. Micali. Probabilistic Encryption. Journal of Computer and System Sciences, 28:270–299, 1984.zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    J. Hoffstein, J. Pipher, and J. H. Silverman. NTRU: A Ring Based Public Key Cryptosystem. In Algorithmic Number Theory Symposium (ANTS III), LNCS 1423, pages 267–288. Springer-Verlag, Berlin, 1998.CrossRefGoogle Scholar
  20. 20.
    M. Jakobsson. A Practical Mix. In Eurocrypt’ 98, LNCS 1403, pages 448–461. Springer-Verlag, Berlin, 1998.CrossRefGoogle Scholar
  21. 21.
    M. Joye, J. J. Quisquater, and M. Yung. On the Power of Misbehaving Adversaries and Cryptanalysis of EPOC. In RSA’ 2001, LNCS. Springer-Verlag, Berlin, 2001.Google Scholar
  22. 22.
    N. Koblitz. Elliptic Curve Cryptosystems. Mathematics of Computation, 48(177):203–209, January 1987.zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    U. M. Maurer and S. Wolf. The Diffie-Hellman Protocol. Designs, Codes, and Cryptography, 19:147–171, 2000.zbMATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    R. J. McEliece. A Public-Key Cryptosystem Based on Algebraic Coding Theory. DSN progress report, 42–44:114–116, 1978. Jet Propulsion Laboratories, CAL-TECH.Google Scholar
  25. 25.
    D. Naccache and J. Stern. A New Public-Key Cryptosystem. In Eurocrypt’ 97, LNCS 1233, pages 27–36. Springer-Verlag, Berlin, 1997.Google Scholar
  26. 26.
    D. Naccache and J. Stern. A New Cryptosystem based on Higher Residues. In Proc. of the 5th CCS, pages 59–66. ACM Press, New York, 1998.CrossRefGoogle Scholar
  27. 27.
    M. Naor and M. Yung. Public-Key Cryptosystems Provably Secure against Chosen Ciphertext Attacks. In Proc. of the 22nd STOC, pages 427–437. ACM Press, New York, 1990.Google Scholar
  28. 28.
    T. Okamoto and D. Pointcheval. The Gap-Problems: a New Class of Problems for the Security of Cryptographic Schemes. In PKC’ 2001, LNCS. Springer-Verlag, Berlin, 2001.Google Scholar
  29. 29.
    T. Okamoto and S. Uchiyama. A New Public Key Cryptosystem as Secure as Factoring. In Eurocrypt’ 98, LNCS 1403, pages 308–318. Springer-Verlag, Berlin, 1998.CrossRefGoogle Scholar
  30. 30.
    T. Okamoto, S. Uchiyama, and E. Fujisaki. EPOC: Efficient Probabilistic Public-Key Encryption. Submission to IEEE P1363a. November 1998.Google Scholar
  31. 31.
    P. Paillier. Public-Key Cryptosystems Based on Discrete Logarithms Residues. In Eurocrypt’ 99, LNCS 1592, pages 223–238. Springer-Verlag, Berlin, 1999.Google Scholar
  32. 32.
    P. Paillier and D. Pointcheval. Efficient Public-Key Cryptosystems Provably Secure against Active Adversaries. In Asiacrypt’ 99, LNCS 1716, pages 165–179. Springer-Verlag, Berlin, 1999.Google Scholar
  33. 33.
    D. Pointcheval. HD-RSA: Hybrid Dependent RSA-a New Public-Key Encryption Scheme. Submission to IEEE P1363a. October 1999.Google Scholar
  34. 34.
    D. Pointcheval. New Public Key Cryptosystems based on the Dependent-RSA Problems. In Eurocrypt’ 99, LNCS 1592, pages 239–254. Springer-Verlag, Berlin, 1999.Google Scholar
  35. 35.
    D. Pointcheval. Chosen-Ciphertext Security for any One-Way Cryptosystem. In PKC’ 2000, LNCS 1751, pages 129–146. Springer-Verlag, Berlin, 2000.Google Scholar
  36. 36.
    C. Rackoff and D. R. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Crypto’ 91, LNCS 576, pages 433–444. Springer-Verlag, Berlin, 1992.Google Scholar
  37. 37.
    R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, 21(2):120–126, February 1978.zbMATHCrossRefMathSciNetGoogle Scholar
  38. 38.
    RSA Data Security, Inc. Public Key Cryptography Standards-PKCS.Google Scholar
  39. 39.
    C. E. Shannon. Communication Theory of Secrecy Systems. Bell System Technical Journal, 28(4):656–715, 1949.MathSciNetGoogle Scholar
  40. 40.
    V. Shoup and R. Gennaro. Securing Threshold Cryptosystems against Chosen Ciphertext Attack. In Eurocrypt’ 98, LNCS 1403, pages 1–16. Springer-Verlag, Berlin, 1998.CrossRefGoogle Scholar
  41. 41.
    Y. Tsiounis and M. Yung. On the Security of El Gamal based Encryption. In PKC’ 98, LNCS. Springer-Verlag, Berlin, 1998.Google Scholar
  42. 42.
    D. Wagner. The Boomerang Attack. In Proc. of the 6th FSE, LNCS 1636. Springer-Verlag, Berlin, 1999.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Tatsuaki Okamoto
    • 1
  • David Pointcheval
    • 2
  1. 1.NTT LabsYokosuka-shiJapan
  2. 2.Dépt d’InformatiqueENS - CNRSParisFrance

Personalised recommendations