Advertisement

An IND-CCA2 Public-Key Cryptosystem with Fast Decryption

  • Johannes Buchmann
  • Kouichi Sakurai
  • Tsuyoshi Takagi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2288)

Abstract

We propose an IND-CCA2 public-key cryptosystem with fast decryption, called the NICE-X cryptosystem. Its decryption time is the polynomial time of degree 2 by the bit-length of a public-key D, i.e., O((log ∣D∣)2), and the cost of two hash functions. The NICE-X is an enhancement of the NICE cryptosystem, which is constructed over the quadratic class group Cl(D). We first show that the one-wayness of the encryption of the NICE cryptosystem is as intractable as the Smallest Kernel Equivalent Problem (SKEP). We also prove that the NICE cryptosystem is IND-CPA under the Decisional Kernel Problem (DKP). Then we prove that the NICE-X cryptosystem is IND-CCA2 under the SKEP in the random oracle model. Indeed, the overhead of the decryption of the NICE-X from the NICE is only the cost of one ideal multiplication and two hash functions. Our conversion technique from the NICE to the NICE-X is based on the REACT. However we modify it to be suitable for the NICE. A message of the NICE-X is encrypted with the random mask of the encryption function of the NICE, instead of the encrypted key. Then the reduced security problem of the NICE-X is enhanced from the Gap-SKEP to the SKEP.

Keywords

Public-key cryptosystem Chosen ciphertext attack NICE cryptosystem factoring algorithm fast decryption 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. BLK00.
    J. Baek, B. Lee, and K. Kim “Provably secure length-saving public key encryption scheme under the computational Diffie-Hellmam assumption,” ETRI J, Vol.22, No.4, (2000), pp.25–31.Google Scholar
  2. BDPR98.
    M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among notions of security for public-key encryption schemes,” Advances in Cryptology-CRYPTO’98, LNCS 1462, (1998), pp.26–45.CrossRefGoogle Scholar
  3. BR93.
    M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols,” First ACM Conference on Computer and Communications Security, (1993), pp.62–73.Google Scholar
  4. BR94.
    M. Bellare and P. Rogaway, “Optimal asymmetric encryption-How to encrypt with RSA,” Advances in Cryptology-EUROCRPT’94, LNCS 950, (1994), pp.92–111.CrossRefGoogle Scholar
  5. Ble98.
    D. Bleichenbacher, “A chosen ciphertext attack against protocols based on RSA encryption standard PKCS # 1,” Advances in Cryptology-CRYPTO’98, LNCS 1462, (1998), pp.1–12.CrossRefGoogle Scholar
  6. Bon01.
    D. Boneh, “Simplified OAEP for the RSA and Rabin Functions,” Advances in Cryptology-CRYPTO 2001, LNCS 2139, (2001), pp.275–291.CrossRefGoogle Scholar
  7. BW88.
    J. Buchmann and H. C. Williams, “A key-exchange system based on imaginary quadratic fields,” Journal of Cryptology, 1, (1988), pp.107–118.zbMATHCrossRefMathSciNetGoogle Scholar
  8. BST01.
    J. Buchmann, K. Sakurai, and T. Takagi, “An IND-CCA2 public-key cryptosystem with fast decryption,” Darmstadt University of Technology, Technical Report No. TI-10/01, (2001). http://www.informatik.tu-darmstadt.de/TI/Veroeffentlichung/TR/Welcome.html
  9. CGH98.
    R. Canetti, O. Goldreich, and S. Halevi, “The random oracle model, revisited,” 30th Annual ACM Symposium on Theory of Computing, (1998).Google Scholar
  10. CS98.
    R. Cramer and V. Shoup, “A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack,” Advances in Cryptology-CRYPTO’98, LNCS 1462, (1998), pp.13–25.CrossRefGoogle Scholar
  11. DDN00.
    D. Dolev, C. Dwork, and M. Naor, “Non-malleable cryptography,” SIAM Journal of Computing, Vol. 30 (2), (2000), pp.391–437.zbMATHCrossRefMathSciNetGoogle Scholar
  12. FO99a.
    E. Fujisaki and T. Okamoto, “How to enhance the security of public-key encryption at minimum cost,” 1999 International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1560, (1999), pp.53–68.Google Scholar
  13. FO99b.
    E. Fujisaki and T. Okamoto, “Secure integration of asymmetric and symmetric encryption schemes,” Advances in Cryptology-CRYPTO’99, LNCS 1666, (1999), pp.537–554.Google Scholar
  14. FO01.
    E. Fujisaki and T. Okamoto, “A chosen-cipher secure encryption scheme tightly as secure as factoring,” IEICE Trans. Fundamentals, Vol. E84-A, No.1, (2001), pp.179–187.Google Scholar
  15. FOPS01.
    E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern, “RSA-OAEP Is Secure under the RSA Assumption,” Advances in Cryptology-CRYPTO 2001, LNCS 2139, (2001), pp.260–274.CrossRefGoogle Scholar
  16. HM89.
    J. L. Hafner and K. S. McCurley, “A rigorous subexponential algorithm for computation of class groups, ” J. Amer. Math. Soc., 2, (1989), pp.837–850.zbMATHCrossRefMathSciNetGoogle Scholar
  17. HPT99.
    M. Hartmann, S. Paulus, and T. Takagi, “NICE-New Ideal Coset Encryption-, ” Conference of Hardware Embedding System (CHES), LNCS 1717, (1999).Google Scholar
  18. HIME01.
    HIME, HITACHI Systems Development Laboratories, http://www.sdl.hitachi.co.jp/crypto/hime/, “Design and analysis of fast provably secure public-key cryptosystems based on a modular squaring” in these proceedings.
  19. JJ00.
    E. Jaulmes and A. Joux; “A NICE cryptanalysis,” Advances in Cryptology-EUROCRYPT’2000, LNCS 1807, (2000), pp.382–391.CrossRefGoogle Scholar
  20. JQY01.
    M. Joye, J.-J. Quisquater, and M. Yung, “On the power of misbehaving adversaries and security analysis of the original EPOC,” In Proceedings of the Cryptographers’ Track at RSA Conference’ 2001, LNCS 2020, (2001), pp.208–222.Google Scholar
  21. KI01.
    K. Kobara and H. Imai, “Semantically secure McEliece public-key cryptosystems-conversions for McEliece PKC,” 2001 International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1992, (2001), pp.19–35.Google Scholar
  22. KOMM01.
    K. Kurosawa, W. Ogata, T. Matsuo, and S. Makishima, “IND-CCA public key schemes equivalent to factoring n = pq,” 2001 International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1992, (2001), pp.36–47.Google Scholar
  23. Len87.
    H. W. Lenstra, Jr., Factoring integers with elliptic curves, Annals of Mathematics, 126, (1987), pp.649–673.CrossRefMathSciNetGoogle Scholar
  24. LL91.
    A. K. Lenstra and H. W. Lenstra, Jr. (Eds.), The development of the number field sieve. Lecture Notes in Mathematics, 1554, Springer, (1991).Google Scholar
  25. Mue01.
    S. Müller, “On the security of Williams based public key encryption scheme,” 2001 International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1992, (2001), pp.1–18.Google Scholar
  26. OP01a.
    T. Okamoto and D. Pointcheval, “The Gap-Problems: a new class of problems fro the security of cryptographic schemes,” 2001 International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1992, (2001), pp.104–118.Google Scholar
  27. OP01b.
    T. Okamoto and D. Pointcheval, “REACT: Rapid Enhanced-security Asymmetric Cryptosystem Transform,” In Proceedings of the Cryptographers’ Track at RSA Conference’ 2001, LNCS 2020, (2001), pp.159–175.Google Scholar
  28. OUF98.
    T. Okamoto, S. Uchiyama, and E. Fujisaki, “EPOC: Efficient Probabilistic Public-Key Encryption,” Submission to IEEE P1363a, (1998).Google Scholar
  29. PP99.
    P. Paillier and D. Pointcheval, “Efficient public-key cryptosystem provably secure against active adversaries,” Advances in Cryptology-ASIACRYPT’99, LNCS 1716, (1999), pp.165–179.Google Scholar
  30. PT00.
    S. Paulus and T. Takagi, “A new public-key cryptosystem over quadratic orders with quadratic decryption time”, Journal of Cryptology, 13, (2000), pp.263–272.zbMATHCrossRefMathSciNetGoogle Scholar
  31. Poi99a.
    D. Pointcheval, “New public key cryptosystems based on the dependent-RSA problems,” Advances in Cryptography-Eurocryt’99, LNCS 1592, (1999), pp. 239–254.Google Scholar
  32. Poi99b.
    D. Pointcheval, “HD-RSA: Hybrid Dependent RSA-a New Public-Key Encryption Scheme,” Submission to IEEE P1363a. October (1999).Google Scholar
  33. Poi00.
    D. Pointcheval, “Chosen-ciphertext security for any one-way cryptosystem,” 2000 International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1751, (2000), pp.129–146.Google Scholar
  34. RS91.
    C. Rackoff and D. Simon, “Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack,” Advances in Cryptology-CRYPTO’91, LNCS 576, (1991), pp.433–444.Google Scholar
  35. Sou01a.
    V. Shoup, “OAEP reconsidered,” Advances in Cryptology-CRYPTO 2001, LNCS 2139, (2001), pp.239–259.CrossRefGoogle Scholar
  36. Sou01b.
    V. Shoup, “A proposal for an ISO standard for public key encryption,” http://shoup.net/
  37. SG98.
    V. Shoup and R. Gennaro, “Securing threshold cryptosystems against chosen ciphertext attack,” Advanced in Cryptology-Eurocrypt’98, LNCS 1403, (1998), pp.1–16.CrossRefGoogle Scholar
  38. Sil00.
    R. Silverman, “A cost-based security analysis of symmetric and asymmetric key lengths,” RSA Laboratories, Bulletin 13, (2000), pp.1–22.Google Scholar
  39. TY98.
    Y. Tsiounis and M. Yung, “On the security of El Gamal based encryption,” 1998 International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1431, (1998), pp.117–134.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Johannes Buchmann
    • 1
  • Kouichi Sakurai
    • 2
  • Tsuyoshi Takagi
    • 1
  1. 1.Fachbereich InformatikTechnische Universität DarmstadtDarmstadtGermany
  2. 2.Department of Computer Science and Communication EngineeringKyushu UniversityHakozakiJapan

Personalised recommendations