Skip to main content
SpringerLink
Log in

A Reject Timing Attack on an IND-CCA2 Public-Key Cryptosystem

  • Conference paper
  • First Online:
Book cover Information Security and Cryptology — ICISC 2002 (ICISC 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2587))

Included in the following conference series:

Abstract

EPOC-2is a public-key cryptosystem that can be proved IND-CCA2unde r the factoring assumption in the random oracle model. It was written into a standard specification P1363 of IEEE, and it has been a candidate of the public-key cryptosystem in several international standards (or portfolio) on cryptography, e.g. NESSIE, CRYPTREC, ISO, etc. In this paper we propose a chosen ciphertext attack against EPOC-2f rom NESSIE by observing the timing of the reject signs from the decryption oracle. We construct an algorithm, which can factor the public modulus using the difference of the reject symbols. For random 384-bit primes, the modulus can be factored with probability at least 1/2b y invoking about 385 times to the decryption oracle.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols,” First ACM Conference on Computer and Communications Security, (1993), pp.62–73. 369

    Google Scholar 

  2. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among notions of security for public-key encryption schemes,” Advances in Cryptology-CRYPTO’98, LNCS 1462, pp.26–45, 1998. 359

    Chapter  Google Scholar 

  3. D. Boneh, “Simplified OAEP for the RSA and Rabin Functions,” Advances in Cryptology-CRYPTO 2001, LNCS 2139, pp.275–291, 2001. 371

    Chapter  Google Scholar 

  4. J. Buchmann, K. Sakurai, and T. Takagi, “An IND-CCA2 Public-Key Cryptosystem with Fast Decryption,” Information Security and Cryptology-ICISC 2001, LNCS 2288, pp.51–71, 2001. 371

    Chapter  Google Scholar 

  5. J.-S. Coron, H. Handschuh, M. Joye, P. Paillier, D. Pointcheval, and C. Tymen, “Optimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages,” Public Key Cryptography 2002, LNCS 2274, pp.17–33, 2002. 370

    Chapter  Google Scholar 

  6. J.-S. Coron, H. Handschuh, M. Joye, P. Paillier, D. Pointcheval, and C. Tymen, “GEM: A Generic Chosen-Ciphertext Secure Encryption Method,” Topics in Cryptology-CT-RSA 2002, LNCS2271, pp.263–276, 2002. 370

    Google Scholar 

  7. CRYPTREC, Evaluation of Cryptographic Techniques, IPA. http://www.ipa.go.jp/security/enc/CRYPTREC/. 361, 363

  8. A. Dent, “An implementation attack against the EPOC-2 public-key cryptosystem,” Electronics Letters, 38(9), pp.412, 2002. 360, 363, 368

    Article  Google Scholar 

  9. A. Dent, “An evaluation of EPOC-2,” New European Schemes for Signatures, Integrity, and Encryption (NESSIE), http://www.cryptonessie.org/. 360, 363, 368

  10. EPOC, Efficient Probabilistic Public-Key Encryption. http://info.isl.ntt.co.jp/epoc/ 360, 367

  11. E. Fujisaki and T. Okamoto, “How to Enhance the Security of Public-Key Encryption at Minimum Cost,” 1999 InternationalWorkshop on Practice and Theory in Public Key Cryptography, LNCS 1560, (1999), pp.53–68. 369

    Google Scholar 

  12. E. Fujisaki and T. Okamoto, “Secure Integration of Asymmetric and Symmetric Encryption Schemes,” Advances in Cryptology-CRYPTO’99, LNCS 1666, (1999), pp.537–554. 360, 361, 362, 363, 369, 370

    Chapter  Google Scholar 

  13. E. Fujisaki and T. Okamoto, “A Chosen-Cipher Secure Encryption Scheme Tightly as Secure as Factoring,” IEICE Trans. Fundamentals, Vol. E84-A, No.1, (2001), pp.179–187. 360, 361, 362, 363

    Google Scholar 

  14. IEEE P1363, Standard Specifications for Public-Key Cryptography, 2000. Available from http://grouper.ieee.org/groups/1363/. 361, 362

  15. M. Joye, J.-J. Quisquater, and M. Yung, “The Policeman in the Middle Attack,” presented at rump session of Eurocrypt’98, 1998. 362, 368

    Google Scholar 

  16. M. Joye, J.-J. Quisquater, and M. Yung, “On the Power of Misbehaving Adversaries and Security Analysis of the Original EPOC,” Topics in Cryptology-CT-RSA 2001, LNCS 2020, pp.208–222, 2001. 360, 362, 363, 365, 368

    Google Scholar 

  17. S. Kim, J. Cheon, M. Joye, S. Lim, M. Mambo, D. Won, and Y. Zheng, “Strong Adaptive Chosen-Ciphertext Attacks with Memory Dump (or: The Importance of the Order of Decryption and Validation)”, Cryptography and Coding, 8th IMA International Conference, LNCS 2260, pp.114–127, 2001. 360, 369

    Google Scholar 

  18. V. Klima and T. Rosa; “Further Results and Considerations on Side Channel Attacks on RSA,” Cryptology ePrint Archive: Report 2002/071, 2002. http://eprint.iacr.org/2002/071/. 360

  19. C. Kocher, “Timing attacks on Implementations of Diffie-Hellman, RSA, DSS, and other Systems”, Advances in Cryptology-CRYPTO’ 96, LNCS 1109, pp.104–113, 1996. 360

    Chapter  Google Scholar 

  20. C. Kocher, J. Jaffie, and B. Jun, “Differential Power Analysis”, Advances in Cryptology-CRYPTO’ 99, LNCS 1666, pp.388–397, 1999. 360

    Google Scholar 

  21. J. Manger, “A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0,” Advances in Cryptology-CRYPTO 2001, LNCS 2139, pp.230–238, 2001. 359, 369, 371

    Google Scholar 

  22. M. Nishioka, H. Satoh, and K. Sakurai, “Design and Analysis of Fast Provably Secure Public-Key Cryptosystems Based on a Modular Squaring,” Information Security and Cryptology-ICISC 2001, LNCS 2288, pp.81–102, 2001. 371

    Chapter  Google Scholar 

  23. NESSIE, New European Schemes for Signatures, Integrity, and Encryption, IST-1999-12324. http://www.cosic.esat.kuleuven.ac.be/nessie/ 361, 363

  24. R. Novak, “SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation,” Public Key Cryptography 2002, LNCS 2274, pp.252–262, 2002. 360

    Chapter  Google Scholar 

  25. T. Okamoto and D. Pointcheval, “REACT: Rapid Enhanced-security Asymmetric Cryptosystem Transform,” In Proceedings of the Cryptographers’ Track at RSA Conference’ 2001, LNCS 2020, (2001), pp.159–175. 369, 370

    Google Scholar 

  26. T. Okamoto and S. Uchiyama; “A New Public-Key Cryptosystem as Secure as Factoring,” Eurocrypt’98, LNCS 1403, pp.308–318, 1998. 362, 363, 365, 369

    Google Scholar 

  27. P. Paillier, “Public-Key Cryptosystems based on Composite Degree Residuosity Classes,” Eurocrypt’99, LNCS 1592, pp.223–238, 1999. 371

    Google Scholar 

  28. D. Pointcheval, “Chosen-ciphertext security for any one-way cryptosystem,” Public Key Cryptography 2000, LNCS 1751, pp.129–146, 2000. 369

    Google Scholar 

  29. V. Shoup, “A Proposal for an ISO Standard for Public-Key Encryption (version 2.1),” http://www.shoup.net. 363

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Communication Engineering, Kyushu University, Hakozaki, 812-81, Fukuoka, Japan

    Kouichi Sakurai

  2. Fachbereich Informatik, Technical Universität Darmstadt, Alexanderstr.10, D-64283, Darmstadt, Germany

    Tsuyoshi Takagi

Authors
  1. Kouichi Sakurai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tsuyoshi Takagi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Pohnag University of Science and Technology, San 31, Hyoja-dong, Nam-gu, Pohang, 790-784, Kyungbuk, Korea

    Pil Joong Lee

  2. Sejong University, 98, Gunja-dong, Gwangjin-gu, 143-747, Seoul, Korea

    Chae Hoon Lim

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sakurai, K., Takagi, T. (2003). A Reject Timing Attack on an IND-CCA2 Public-Key Cryptosystem. In: Lee, P.J., Lim, C.H. (eds) Information Security and Cryptology — ICISC 2002. ICISC 2002. Lecture Notes in Computer Science, vol 2587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36552-4_25

Download citation

  • DOI: https://doi.org/10.1007/3-540-36552-4_25

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00716-6

  • Online ISBN: 978-3-540-36552-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation