Optimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages

  • Jean-Sébastien Coron
  • Helena Handschuh
  • Marc Joye
  • Pascal Paillier
  • David Pointcheval
  • Christophe Tymen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2274)

Abstract

This paper considers arbitrary-length chosen-ciphertext secure asymmetric encryption, thus addressing what is actually needed for a practical usage of strong public-key cryptography in the real world. We put forward two generic constructions, gem-1 and gem-2 which apply to explicit fixed-length weakly secure primitives and provide a strongly secure (IND-CCA2) public-key encryption scheme for messages of unfixed length (typically computer files). Our techniques optimally combine a single call to any one-way trapdoor function with repeated encryptions through some weak block-cipher (a simple xor is fine) and hash functions of fixed-length input so that a minimal number of calls to these functions is needed. Our encryption/decryption throughputs are comparable to the ones of standard methods (asymmetric encryption of a session key + symmetric encryption with multiple modes). In our case, however, we formally prove that our designs are secure in the strongest sense and provide complete security reductions holding in the random oracle model.

References

  1. [BBM00]
    Mihir Bellare, Alexandra Boldyreva, and Silvio Micali. Public-key Encryption in a Multi-User Setting: Security Proofs and Improvements. In Advances in Cryptology — EUROCRYPT’00, LNCS 1807, pages 259–274. Springer-Verlag, Berlin, 2000.CrossRefGoogle Scholar
  2. [BDPR99]
    Mihir Bellare, Anand Desai, David Pointcheval, and Phillip Rogaway. Relations Among Notions of Security for Public-Key Encryption Schemes. Full paper (30 pages), February 1999. An extended abstract appears in H. Krawczyk, ed., Advances in Cryptology — CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 26–45, Springer-Verlag, 1998.CrossRefGoogle Scholar
  3. [BPS00]
    Olivier Baudron, David Pointcheval, and Jacques Stern. Extended Notions of Security for Multicast Public Key Cryptosystems. In Proc. of the 27th ICALP, LNCS 1853, pages 499–511. Springer-Verlag, Berlin, 2000.Google Scholar
  4. [BR93]
    Mihir Bellare and Phillip Rogaway. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In First ACM Conference on Computer and Communications Security, pages 62–73. ACM Press, 1993.Google Scholar
  5. [BR95]
    Mihir Bellare and Phillip Rogaway. Optimal Asymmetric Encryption. In A. De Santis, editor, Advances in Cryptology — EUROCRYPT’94, volume 950 of Lecture Notes in Computer Science, pages 92–111. Springer-Verlag, 1995.CrossRefGoogle Scholar
  6. [CHJ+01]
    Jean-Sébastien Coron, Helena Handschuh, Marc Joye, Pascal Paillier, David Pointcheval, and Christophe Tymen. Optimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages. http://eprint.iacr.org/, 2001.
  7. [DDN00]
    Danny Dolev, Cynthia Dwork, and Moni Naor. Non-Malleable Cryptography. SIAM Journal on Computing, 30(2):391–437, 2000.MATHCrossRefMathSciNetGoogle Scholar
  8. [FO99a]
    Eiichiro Fujisaki and Tatsuaki Okamoto. How to Enhance the Security of Public-Key Encryption at Minimum Cost. In H. Imai and Y. Zheng, editors, Public Key Cryptography, volume 1560 of Lecture Notes in Computer Science, pages 53–68. Springer-Verlag, 1999.CrossRefGoogle Scholar
  9. [FO99b]
    Eiichiro Fujisaki and Tatsuaki Okamoto. Secure Integration of Asymmetric and Symmetric Encryption Schemes. In M. Wiener, editor, Advances in Cryptology — CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 537–554. Springer-Verlag, 1999.CrossRefGoogle Scholar
  10. [FOPS01]
    Eiichiro Fujisaki, Tatsuaki Okamoto, David Pointcheval, and Jacques Stern. RSA-OAEP is Secure under the RSA Assumption. In Advances in Cryptology — CRYPTO’01, Lecture Notes in Computer Science. Springer-Verlag, 2001.Google Scholar
  11. [GM84]
    Sha. Goldwasser and Silvio Micali. Probabilistic Encryption. Journal of Computer and System Sciences, 28:270–299, 1984.MATHCrossRefMathSciNetGoogle Scholar
  12. [NY90]
    Moni Naor and Moti Yung. Public-Key Cryptosystems Provably Secure against Chosen Ciphertext Attacks. In 22nd ACM Annual Symposium on the Theory of Computing (STOC’ 90), pages 427–437. ACM Press, 1990.Google Scholar
  13. [OP01a]
    Tatsuaki Okamoto and David Pointcheval. REACT: Rapid Enhancedsecurity Asymmetric Cryptosystem Transform. In D. Naccache, editor, RSA 2001 Cryptographers’ Track, volume 2020 of Lecture Notes in Computer Science, pages 159–175. Springer-Verlag, 2001.CrossRefGoogle Scholar
  14. [OP01b]
    Tatsuaki Okamoto and David Pointcheval. The Gap-Problems: a New Class of Problems for the Security of Cryptographic Schemes. In PKC, volume 1992 of Lecture Notes in Computer Science, pages 104–118. Springer-Verlag, 2001.Google Scholar
  15. [Poi00]
    David Pointcheval. Chosen-Ciphertext Security for any One-Way Cryptosystem. In H. Imai and Y. Zheng, editors, Public Key Cryptography, volume 1751 of Lecture Notes in Computer Science, pages 129–146. Springer-Verlag, 2000.Google Scholar
  16. [RS92]
    Charles Rackoff and Daniel R. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In J. Feigenbaum, editor, Advances in Cryptology — CRYPTO’91, volume 576, pages 433–444. Springer-Verlag, 1992.Google Scholar
  17. [Sho01]
    Victor Shoup. OAEP Reconsidered. In Advances in Cryptology —CRYPTO’01, Lecture Notes in Computer Science. Springer-Verlag, 2001.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Jean-Sébastien Coron
    • 1
  • Helena Handschuh
    • 1
  • Marc Joye
    • 2
  • Pascal Paillier
    • 1
  • David Pointcheval
    • 3
  • Christophe Tymen
    • 1
    • 3
  1. 1.Gemplus Card InternationalIssy-les-MoulineauxFrance
  2. 2.Gemplus Card InternationalGémenos CedexFrance
  3. 3.Computer Science DepartmentÉcole Normale SupérieureParis Cedex 05France

Personalised recommendations