Advertisement

Securing threshold cryptosystems against chosen ciphertext attack

  • Victor Shoup
  • Rosario Gennaro
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1403)

Abstract

For the most compelling applications of threshold cryptosystems, security against chosen ciphertext attack seems to be a requirement. However, there appear to be no practical threshold cryptosystems in the literature that are provably chosen-ciphertext secure, even in the idealized random hash function model. The contribution of this paper is to present two very practical threshold cryptosystems, and to prove that they are secure against chosen ciphertext attack in the random hash function model.

Keywords

Hash Function Recovery Algorithm Choose Ciphertext Attack Encryption Oracle Nonnegligible Probability 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    N. Asokan, V. Shoup, and M. Waidner. Optimistic fair exchange of digital signatures. Preprint, 1997.Google Scholar
  2. 2.
    M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, 1993.Google Scholar
  3. 3.
    M. Bellare and P. Rogaway. Optimal asymmetric encryption. In Advances in Cryptology—Crypto '94, pages 92–111, 1994.Google Scholar
  4. 4.
    M. Blum, A. De Santis, S. Micali, and G. Persiano. Non-interactive zero knowledge. SIAM J. Comput., 6(4):1084–1118, 1991.zbMATHCrossRefGoogle Scholar
  5. 5.
    C. Boyd. Digital multisignatures. In H. Baker and F. Piper, editors, Cryptography and Coding, pages 241–246. Claredon Press, 1986.Google Scholar
  6. 6.
    E. F. Brickell, D. M. Gordon, K. S. McCurley, and D. B. Wilson. Fast exponentiation with precomputation. In Advances in Cryptology-Eurocrypt '92, pages 200–207, 1992.Google Scholar
  7. 7.
    D. Chaum and T. Pederson. Wallet databases with observers. In Advances in Cryptology-Crypto '92, pages 89–105, 1992.Google Scholar
  8. 8.
    I. Damgard. Towards practical public key cryptosystems secure against chosen ciphertext attacks. In Advances in Cryptology-Crypto '91, pages 445–456, 1991.Google Scholar
  9. 9.
    A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung. How to share a function securely. In 26th Annual ACM Symposium on Theory of Computing, pages 522–533, 1994.Google Scholar
  10. 10.
    A. De Santis and G. Persiano. Zero-knowledge proofs of knowledge without interaction. In 33rd Annual Symposium on Foundations of Computer Science, 1992.Google Scholar
  11. 11.
    Y. Desmedt. Society and group oriented cryptography: a new concept. In Advances in Cryptology-Crypto '87, pages 120–127, 1987.Google Scholar
  12. 12.
    Y. Desmedt and Y. Frankel. Threshold cryptosystems. In Advances in Cryptology-Crypto '89, pages 307–315, 1989.Google Scholar
  13. 13.
    W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Trans. Info. Theory, 22:644–654, 1976.zbMATHMathSciNetCrossRefGoogle Scholar
  14. 14.
    D. Dolev, C. Dwork, and M. Naor. Non-malleable cryptography. In 23rd Annual ACM Symposium on Theory of Computing, pages 542–552, 1991.Google Scholar
  15. 15.
    A. Fiat and A. Shamir. How to prove yourself: practical solutions to identification and signature problems. In Advances in Cryptology—Crypto '86, pages 186–194, 1986.Google Scholar
  16. 16.
    Y. Frankel and M. Yung. Cryptanalysis of immunized LL public key systems. In Advances in Cryptology-Crypto '95, pages 287–296, 1995.Google Scholar
  17. 17.
    R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust and efficient sharing of RSA functions. In Advances in Cryptology-Crypto '96, pages 157–172, 1996.Google Scholar
  18. 18.
    C. H. Lim and P. J. Lee. Another method for attaining security against adaptively chosen ciphertext attacks. In Advances in Cryptology-Crypto '93, pages 420–434, 1993.Google Scholar
  19. 19.
    C. H. Lim and P. J. Lee. More flexible exponentiation with precomputation. In Advances in Cryptology-Crypto '94, pages 95–107, 1994.Google Scholar
  20. 20.
    M. Naor and M. Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In 22nd Annual ACM Symposium on Theory of Computing, pages 427–437, 1990.Google Scholar
  21. 21.
    T. Pedersen. A threshold cryptosystem without a trusted party. In Advances in Cryptology-Eurocrypt '91, pages 522–526, 1991.Google Scholar
  22. 22.
    D. Pointcheval and J. Stern. Provably secure blind signature schemes. In Advances in Cryptology-Asiacrypt '96, pages 252–265, 1996.Google Scholar
  23. 23.
    C. Rackoff and D. Simon. Noninteractive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology-Crypto '91, pages 433–444, 1991.Google Scholar
  24. 24.
    R. L. Rivest, A. Shamir, and L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, pages 120–126, 1978.Google Scholar
  25. 25.
    C. Schnorr. Efficient signature generation by smart cards. J. Cryptology, 4:161–174, 1991.zbMATHMathSciNetCrossRefGoogle Scholar
  26. 26.
    A. Shamir. How to share a secret. Communications of the ACM, 22:612–613, 1979.zbMATHMathSciNetCrossRefGoogle Scholar
  27. 27.
    V. Shoup. Lower bounds for discrete logarithms and related problems. In Advances in Cryptology-Eurocrypt '97, 1997.Google Scholar
  28. 28.
    Y. Zheng and J. Seberry. Practical approaches to attaining security against adaptively chosen ciphertext attacks. In Advances in Cryptology-Crypto '92, pages 292–304, 1992.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Victor Shoup
    • 1
  • Rosario Gennaro
    • 2
  1. 1.IBM Zurich Research LabRueschlikonSwitzerland
  2. 2.IBM T. J. Watson Research CenterYorktown HeightsUSA

Personalised recommendations