On the Lossiness of 2k-th Power and the Instantiability of Rabin-OAEP

  • Haiyang Xue
  • Bao Li
  • Xianhui Lu
  • Kunpeng Wang
  • Yamin Liu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8813)


Seurin (PKC 2014) proposed the 2-Φ/4-hiding assumption which asserts the indistinguishability of Blum Numbers from pseudo Blum Numbers. In this paper, we investigate the lossiness of 2 k -th power based on the 2 k -Φ/4-hiding assumption, which is an extension of the 2-Φ/4-hiding assumption. And we prove that 2 k -th power function is a lossy trapdoor permutation over Quadratic Residuosity group. This new lossy trapdoor function has 2k-bits lossiness for k-bits exponent, while the RSA lossy trapdoor function given by Kiltz et al. (Crypto 2010) has k-bits lossiness for k-bits exponent under Φ-hiding assumption in lossy mode. We modify the square function in Rabin-OAEP by 2 k -th power and show the instantiability of this Modified Rabin-OAEP by the technique of Kiltz et al. (Crypto 2010). The Modified Rabin-OAEP is more efficient than the RSA-OAEP scheme for the same secure bits. With the secure parameter being 80 bits and the modulus being 2048 bits, Modified Rabin-OAEP can encrypt roughly 454 bits of message, while RSA-OAEP can roughly encrypt 274 bits.


Rabin OAEP Lossy trapdoor function Φ-hiding 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    RSA public-key cryptography standards,
  2. 2.
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  3. 3.
    Boldyreva, A., Fehr, S., O’Neill, A.: On notions of security for deterministic encryption, and efficient constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 335–359. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Boneh, D.: Simplified OAEP for the RSA and Rabin Functions. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 275–291. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Cachin, C., Micali, S., Stadler, M.: Computationally private information retrieval with polylogarithmic communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 402–414. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Coppersmith, D.: Small solutions to polynomial equations, and low exponent rsa vulnerabilities. J. Cryptology 10(4), 233–260 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Fischlin, R., Schnorr, C.P.: Stronger security proofs for rsa and rabin bits. J. Cryptology 13(2), 221–244 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Freeman, D.M., Goldreich, O., Kiltz, E., Rosen, A., Segev, G.: More constructions of lossy and correlation-secure trapdoor functions. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 279–295. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Freeman, D.M., Goldreich, O., Kiltz, E., Rosen, A., Segev, G.: More constructions of lossy and correlation-secure trapdoor functions. J. Cryptology 26(1), 39–74 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Goldreich, O.: The Foundations of Cryptography. Basic Techniques, vol. 1. Cambridge University Press (2001)Google Scholar
  14. 14.
    Goldreich, O.: The Foundations of Cryptography. Basic Applications, vol. 2. Cambridge University Press (2004)Google Scholar
  15. 15.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Herrmann, M.: Improved cryptanalysis of the multi-prime φ - hiding assumption. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 92–99. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    Hofheinz, D.: Possibility and impossibility results for selective decommitments. J. Cryptology 24(3), 470–516 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Hofheinz, D., Kiltz, E.: The group of signed quadratic residues and applications. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 637–653. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Joye, M., Libert, B.: Efficient cryptosystems from 2k-th power residue symbols. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 76–92. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  20. 20.
    Joye, M., Paillier, P.: Fast generation of prime numbers on portable devices: An update. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 160–173. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Kakvi, S.A., Kiltz, E.: Optimal security proofs for full domain hash, revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 537–553. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  22. 22.
    Kiltz, E., O’Neill, A., Smith, A.: Instantiability of rsa-oaep under chosen-plaintext attack. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 295–313. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 515–534 (1982)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Lewko, M., O’Neill, A., Smith, A.: Regularity of lossy rsa on subdomains and its applications. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 55–75. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  25. 25.
    Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: STOC, pp. 187–196 (2008)Google Scholar
  26. 26.
    Seurin, Y.: On the lossiness of the rabin trapdoor function. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 380–398. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  27. 27.
    Steinfeld, R., Zheng, Y.: On the security of rsa with primes sharing least-significant bits. Appl. Algebra Eng. Commun. Comput. 15(3-4), 179–200 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Sun, H.M., Wu, M.E., Steinfeld, R., Guo, J., Wang, H.: Cryptanalysis of short exponent rsa with primes sharing least significant bits. IACR Cryptology ePrint Archive 2008, 296 (2008)Google Scholar
  29. 29.
    von zur Gathen, J., Gerhard, J.: Modern Computer Algebra, 3rd edn. Cambridge University Press (2013)Google Scholar
  30. 30.
    Xue, H., Li, B., Lu, X., Jia, D., Liu, Y.: Efficient lossy trapdoor functions based on subgroup membership assumptions. In: Abdalla, M., Nita-Rotaru, C., Dahab, R. (eds.) CANS 2013. LNCS, vol. 8257, pp. 235–250. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  31. 31.
    Yan, S.Y.: Number Theory for Computing, 2nd edn. Springer (2002)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Haiyang Xue
    • 1
    • 2
    • 3
  • Bao Li
    • 1
    • 2
  • Xianhui Lu
    • 1
    • 2
  • Kunpeng Wang
    • 1
    • 2
  • Yamin Liu
    • 1
    • 2
  1. 1.Data Assurance and Communication Security Research CenterChinese Academy of SciencesBeijingChina
  2. 2.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  3. 3.University of Chinese Academy of SciencesBeijingChina

Personalised recommendations