GEM: A Generic Chosen-Ciphertext Secure Encryption Method
This paper proposes an efficient and provably secure transform to encrypt a message with any asymmetric one-way cryptosystem. The resulting scheme achieves adaptive chosen-ciphertext security in the random oracle model.
Compared to previous known generic constructions (Bellare, Rogaway, Fujisaki, Okamoto, and Pointcheval), our embedding reduces the encryption size and/or speeds up the decryption process. It applies to numerous cryptosystems, including (to name a few) ElGamal, RSA, Okamoto- Uchiyama and Paillier systems.
KeywordsPublic-key encryption hybrid encryption chosen-ciphertext security random oracle model generic conversion block ciphers stream ciphers
Unable to display preview. Download preview PDF.
- 1.Mihir Bellare, Anand Desai, David Pointcheval, and Phillip Rogaway. Relations among notions of security for public-key encryption schemes. Full paper (30 pages), February 1999. An extended abstract appears in H. Krawczyk, ed., Advances in Cryptology-CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 26–45, Springer-Verlag, 1998.CrossRefGoogle Scholar
- 2.Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, pages 62–73. ACM Press, 1993.Google Scholar
- 4.Victor Boyko. On the security properties of OAEP as an all-or-nothing transform. Full paper (28 pages), August 1999. An extended abstract appears in M. Wiener, ed., Advances in Cryptology-CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 503–518, Springer-Verlag, 1999.CrossRefGoogle Scholar
- 5.Eiichiro Fujisaki and Tatsuaki Okamoto. How to enhance the security of public-key encryption at minimum cost. IEICE Transaction on of Fundamentals of Electronic Communications and Computer Science E83-A(1): 24–32, January 2000.Google Scholar
- 7.Eiichiro Fujisaki, Tatsuaki Okamoto, David Pointcheval, and Jacques Stern. RSAOAEP is secure under the RSA assumption. In J. Kilian, editor, Advances in Cryptology-CRYPTO2001, volume 2139 of Lecture Notes in Computer Science, pages 260–274. Springer-Verlag, 2001.Google Scholar
- 9.Oded Goldreich. Modern cryptography, probabilistic proofs and pseudo-randomness, volume 17 of Algorithms and Combinatorics. Springer-Verlag, 1999.Google Scholar
- 11.Moni Naor and Moti Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In 22nd ACM Annual Symposium on the Theory of Computing (STOC’ 90), pages 427–437. ACM Press, 1990.Google Scholar
- 13.David Pointcheval. Chosen-ciphertext security for any one-way cryptosystem. In H. Imai and Y. Zheng, editors, Public Key Cryptography, volume 1751 of Lecture Notes in Computer Science, pages 129–146. Springer-Verlag, 2000.Google Scholar
- 14.Charles Rackoff and Daniel R. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In J. Feigenbaum, editor, Advances in Cryptology-CRYPTO’91, volume 576 of Lecture Notes in Computer Science, pages 433–444. Springer-Verlag, 1992.Google Scholar