Advertisement

Optimal asymmetric encryption

  • Mihir Bellare
  • Phillip Rogaway
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 950)

Abstract

Given an arbitrary k-bit to k-bit trapdoor permutation f and a hash function, we exhibit an encryption scheme for which (i) any string x of length slightly less than k bits can be encrypted as f(rx), where r x is a simple probabilistic encoding of x depending on the hash function; and (ii) the scheme can be proven semantically secure assuming the hash function is “ideal.” Moreover, a slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which she “knows” the corresponding plaintexts—such a scheme is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack.

Keywords

Hash Function Encryption Scheme Success Probability Random Oracle Security Parameter 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    M. Bellare, J. Kilian and P. Rogaway, “On the security of cipher-block chaining,” Proceedings of Crypto 94.Google Scholar
  2. 2.
    M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols,” Proceedings of the First Annual Conference on Computer and Communications Security, ACM, 1993.Google Scholar
  3. 3.
    L. Blum, M. Blum, and M. Shub, “A Simple Unpredictable Pseudo-Random Number Generator,” SIAM Journal on Computing15(2), 364–383, May 1986.CrossRefMathSciNetGoogle Scholar
  4. 4.
    M. Blum and S. Goldwasser, “An efficient probabilistic public-key encryption scheme which hides all partial information,” Advances in Cryptology — Crypto 84 Proceedings, Lecture Notes in Computer Science Vol. 196, Springer-Verlag, B. Blakley, ed., 1985.Google Scholar
  5. 5.
    M. Blum and S. Micali, “How to generate cryptographically strong sequences of pseudo-random bits,” SIAM Journal on Computing13(4), 850–864, November 1984.CrossRefMathSciNetGoogle Scholar
  6. 6.
    I. Damgård, “Towards practical public key cryptosystems secure against chosen ciphertext attacks,” Advances in Cryptology — Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, Springer-Verlag, J. Feigenbaum, ed., 1991.Google Scholar
  7. 7.
    D. Dolev, C. Dwork and M. Naor, “Non-malleable cryptography,” Proceedings of the Twenty Third Annual Symposium on the Theory of Computing, ACM, 1991.Google Scholar
  8. 8.
    S. Even, O. Goldreich and S. Micali, “On-line/Off line digital signatures,” Manuscript. Preliminary version in Advances in Cryptology — Crypto 89 Proceedings, Lecture Notes in Computer Science Vol. 435, Springer-Verlag, G. Brassard, ed., 1989.Google Scholar
  9. 9.
    U. Feige, A. Fiat and A. Shamir, “Zero knowledge proofs of identity,” Journal of Cryptology, Vol. 1, pp. 77–94, 1987.CrossRefMathSciNetGoogle Scholar
  10. 10.
    O. Goldreich and L. Levin, “A hard predicate for all one-way functions,” Proceedings of the Twenty First Annual Symposium on the Theory of Computing, ACM, 1989.Google Scholar
  11. 11.
    S. Goldwasser and S. Micali, “Probabilistic Encryption,” Journal of Computer and System Sciences28, 270–299, April 1984.CrossRefMathSciNetGoogle Scholar
  12. 12.
    S. Goldwasser, S. Micali and C. Rackoff, “The knowledge complexity of interactive proof systems,” SIAM J. of Comp., Vol. 18, No. 1, 186–208, February 1989.CrossRefMathSciNetGoogle Scholar
  13. 13.
    S. Goldwasser, S. Micali and R. Rivest, “A digital signature scheme secure against adaptive chosen-message attacks,” SIAM Journal of Computing, 17(2):281–308, April 1988.CrossRefMathSciNetGoogle Scholar
  14. 14.
    R. Impagliazzo, L. Levin and M. Luby, “Pseudo-random generation from one-way functions,” Proceedings of the Twenty First Annual Symposium on the Theory of Computing, ACM, 1989.Google Scholar
  15. 15.
    D. Johnson, A. Lee, W. Martin, S. Matyas and J. Wilkins, “Hybrid key distribution scheme giving key record recovery,” IBM Technical Dislcosure Bulletin, 37(2A), 5–16, February 1994.Google Scholar
  16. 16.
    T. Leighton and S. Micali, “Provably fast and secure digital signature algorithms based on secure hash functions,” Manuscript, March 1993.Google Scholar
  17. 17.
    M. Naor and M. Yung, “Public-key cryptosystems provably secure against chosen ciphertext attacks,” Proceedings of the Twenty Second Annual Symposium on the Theory of Computing, ACM, 1990.Google Scholar
  18. 18.
    National Institute of Standards, FIPS Publication 180, “Secure Hash Standard,” 1993.Google Scholar
  19. 19.
    M. Rabin, “Digitalized signatures and public-key functions as intractable as factorization,” MIT Laboratory for Computer Science TR-212, January 1979.Google Scholar
  20. 20.
    R. Rivest, “The MD5 message-digest algorithm,” IETF Network Working Group, RFC 1321, April 1992.Google Scholar
  21. 21.
    R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public key cryptosystems,” CACM 21 (1978).Google Scholar
  22. 22.
    RSA Data Security, Inc., “PKCS #1: RSA Encryption Standard,” June 1991.Google Scholar
  23. 23.
    C. Schnorr, “Efficient identification and signatures for smart cards,” Advances in Cryptology — Crypto 89 Proceedings, Lecture Notes in Computer Science Vol. 435, Springer-Verlag, G. Brassard, ed., 1989.Google Scholar
  24. 24.
    A. Schrift and A. Shamir, “The discrete log is very discreet,” Proceedings of the Twenty Second Annual Symposium on the Theory of Computing, ACM, 1990.Google Scholar
  25. 25.
    M. Tompa and H. Woll, “Random self-reducibility and zero-knowledge interactive proofs of possession of information,” UCSD TR CS92-244, 1992.Google Scholar
  26. 26.
    A. Yao, “Theory and applications of trapdoor functions,” Proceedings of the Twenty Third Annual Symposium on the Foundations of Computer Science, IEEE, 1982.Google Scholar
  27. 27.
    Y. Zheng and J. Seberry, “Practical approaches to attaining security against adaptively chosen ciphertext attacks,” Advances in Cryptology — Crypto 92 Proceedings, Lecture Notes in Computer Science Vol. 740, Springer-Verlag, E. Brickell, ed., 1992.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Phillip Rogaway
    • 2
  1. 1.Advanced Networking LaboratoryIBM T.J. Watson Research CenterYorktown HeightsUSA
  2. 2.Department of Computer ScienceUniversity of California at DavisDavisUSA

Personalised recommendations