Abstract
We propose a practical public-key encryption scheme whose security against chosen-ciphertext attacks can be reduced in the standard model to the assumption that factoring is intractable.
Article PDF
Similar content being viewed by others
References
W. Alexi, B. Chor, O. Goldreich, C.-P. Schnorr, RSA and Rabin functions: certain parts are as hard as the whole. SIAM J. Comput. 17(2), 194–209 (1988)
M. Bellare, P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in ACM CCS 93: 1st Conference on Computer and Communications Security, ed. by V. Ashby (ACM, New York, 1993), pp. 62–73
M. Bellare, P. Rogaway, Optimal asymmetric encryption, in Advances in Cryptology—EUROCRYPT’94, ed. by A. De Santis. Lecture Notes in Computer Science, vol. 950 (Springer, Berlin, 1994), pp. 92–111
D. Bleichenbacher, Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1, in Advances in Cryptology—CRYPTO’98, ed. by H. Krawczyk. Lecture Notes in Computer Science, vol. 1462 (Springer, Berlin, 1998), pp. 1–12
M. Blum, S. Goldwasser, An efficient probabilistic public-key encryption scheme which hides all partial information, in Advances in Cryptology—CRYPTO’84, ed. by G.R. Blakley, D. Chaum. Lecture Notes in Computer Science, vol. 196 (Springer, Berlin, 1985), pp. 289–302
M. Blum, S. Micali, How to generate cryptographically strong sequences of pseudorandom bits. SIAM J. Comput. 13(4), 850–864 (1984)
L. Blum, M. Blum, M. Shub, A simple unpredictable pseudo-random number generator. SIAM J. Comput. 15(2), 364–383 (1986)
D. Boneh, X. Boyen, Efficient selective-ID secure identity based encryption without random oracles, in Advances in Cryptology—EUROCRYPT 2004, ed. by C. Cachin, J. Camenisch. Lecture Notes in Computer Science, vol. 3027 (Springer, Berlin, 2004), pp. 223–238
D. Boneh, R. Canetti, S. Halevi, J. Katz, Chosen-ciphertext security from identity-based encryption. SIAM J. Comput. 36(5), 1301–1328 (2007)
X. Boyen, Q. Mei, B. Waters, Direct chosen ciphertext security from identity-based techniques, in ACM CCS 05: 12th Conference on Computer and Communications Security, ed. by V. Atluri, C. Meadows, A. Juels (ACM, New York, 2005), pp. 320–329
J. Camenisch, V. Shoup, Practical verifiable encryption and decryption of discrete logarithms, in Advances in Cryptology—CRYPTO 2003, ed. by D. Boneh. Lecture Notes in Computer Science, vol. 2729 (Springer, Berlin, 2003), pp. 126–144
R. Canetti, O. Goldreich, S. Halevi, The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)
D. Cash, E. Kiltz, V. Shoup, The twin Diffie–Hellman problem and applications, in Advances in Cryptology—EUROCRYPT 2008, ed. by N.P. Smart. Lecture Notes in Computer Science, vol. 4965 (Springer, Berlin, 2008), pp. 127–145
D. Cash, E. Kiltz, V. Shoup, The twin Diffie–Hellman problem and applications. J. Cryptol. 22(4), 470–504 (2009)
R. Cramer, V. Shoup, Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption, in Advances in Cryptology—EUROCRYPT 2002, ed. by L.R. Knudsen. Lecture Notes in Computer Science, vol. 2332 (Springer, Berlin, 2002), pp. 45–64
R. Cramer, V. Shoup, Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2003)
R. Cramer, D. Hofheinz, E. Kiltz, A twist on the Naor–Yung paradigm and its application to efficient CCA-secure encryption from hard search problems, in TCC 2010: 7th Theory of Cryptography Conference, ed. by D. Micciancio. Lecture Notes in Computer Science, vol. 5978 (Springer, Berlin, 2010), pp. 146–164
D. Dolev, C. Dwork, M. Naor, Nonmalleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)
R. Fischlin, C.-P. Schnorr, Stronger security proofs for RSA and Rabin bits. J. Cryptol. 13(2), 221–244 (2000)
R. Gennaro, Y. Lindell, A framework for password-based authenticated key exchange. ACM Trans. Inf. Syst. Secur. 9(2), 181–234 (2006)
O. Goldreich, Basing non-interactive zero-knowledge on (enhanced) trapdoor permutations: the state of the art. Manuscript. Online available at http://www.wisdom.weizmann.ac.il/~oded/PSBookFrag/nizk-tdp.ps, 2009
O. Goldreich, L.A. Levin, A hard-core predicate for all one-way functions, in 21st Annual ACM Symposium on Theory of Computing (ACM, New York, 1989), pp. 25–32
S. Goldwasser, S. Micali, Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)
S. Goldwasser, S. Micali, R.L. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)
G. Hanaoka, K. Kurosawa, Efficient chosen ciphertext secure public key encryption under the computational Diffie–Hellman assumption, in Advances in Cryptology—ASIACRYPT 2008, ed. by J. Pieprzyk. Lecture Notes in Computer Science, vol. 5350 (Springer, Berlin, 2008), pp. 308–325
K. Haralambiev, T. Jager, E. Kiltz, V. Shoup, Simple and efficient public-key encryption from computational Diffie–Hellman in the standard model, in PKC 2010: 13th International Conference on Theory and Practice of Public Key Cryptography, ed. by P.Q. Nguyen, D. Pointcheval. Lecture Notes in Computer Science, vol. 6056 (Springer, Berlin, 2010), pp. 1–18
D. Hofheinz, E. Kiltz, Secure hybrid encryption from weakened key encapsulation, in Advances in Cryptology—CRYPTO 2007, ed. by A. Menezes. Lecture Notes in Computer Science, vol. 4622 (Springer, Berlin, 2007), pp. 553–571
D. Hofheinz, E. Kiltz, Practical chosen ciphertext secure encryption from factoring, in Advances in Cryptology—EUROCRYPT 2009, ed. by A. Joux. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 313–332
E. Kiltz, Chosen-ciphertext security from tag-based encryption, in TCC 2006: 3rd Theory of Cryptography Conference, ed. by S. Halevi, T. Rabin. Lecture Notes in Computer Science, vol. 3876 (Springer, Berlin, 2006), pp. 581–600
E. Kiltz, Chosen-ciphertext secure key-encapsulation based on gap hashed Diffie–Hellman, in PKC 2007: 10th International Conference on Theory and Practice of Public Key Cryptography, ed. by T. Okamoto, X. Wang. Lecture Notes in Computer Science, vol. 4450 (Springer, Berlin, 2007), pp. 282–297
E. Kiltz, K. Pietrzak, M. Stam, M. Yung, A new randomness extraction paradigm for hybrid encryption, in Advances in Cryptology—EUROCRYPT 2009, ed. by A. Joux. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 590–609
K. Kurosawa, Y. Desmedt, A new paradigm of hybrid encryption scheme, in Advances in Cryptology—CRYPTO 2004, ed. by M. Franklin. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 426–442
A.K. Lenstra, H.W. Lenstra Jr. (eds.), The Development of the Number Field Sieve. Lecture Notes in Mathematics, vol. 1554 (Springer, Berlin, 1993)
S. Lucks, A variant of the Cramer–Shoup cryptosystem for groups of unknown order, in Advances in Cryptology—ASIACRYPT 2002, ed. by Y. Zheng. Lecture Notes in Computer Science, vol. 2501 (Springer, Berlin, 2002), pp. 27–45
Q. Mei, B. Li, X. Lu, D. Jia, Chosen ciphertext secure encryption under factoring assumption revisited, in PKC 2011: 14th International Workshop on Theory and Practice in Public Key Cryptography, ed. by D. Catalano, N. Fazio, R. Gennaro, A. Nicolosi. Lecture Notes in Computer Science, vol. 6571 (Springer, Berlin, 2011), pp. 210–227
M. Naor, O. Reingold, A. Rosen, Pseudo-random functions and factoring. SIAM J. Comput. 31(5), 1383–1404 (2002)
M. Naor, M. Yung, Universal one-way hash functions and their cryptographic applications, in 21st Annual ACM Symposium on Theory of Computing (ACM, New York, 1989), pp. 33–43
M. Naor, M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks, in 22nd Annual ACM Symposium on Theory of Computing (ACM, New York, 1990)
P. Paillier, J.L. Villar, Trading one-wayness against chosen-ciphertext security in factoring-based encryption, in Advances in Cryptology—ASIACRYPT 2006, ed. by X. Lai, K. Chen. Lecture Notes in Computer Science, vol. 4284 (Springer, Berlin, 2006), pp. 252–266
C. Peikert, B. Waters, Lossy trapdoor functions and their applications, in 40th Annual ACM Symposium on Theory of Computing, ed. by R.E. Ladner, C. Dwork (ACM, New York, 2008), pp. 187–196
D.H. Phan, D. Pointcheval, About the security of ciphers (semantic security and pseudo-random permutations), in SAC 2004: 11th Annual International Workshop on Selected Areas in Cryptography, ed. by H. Handschuh, A. Hasan. Lecture Notes in Computer Science, vol. 3357 (Springer, Berlin, 2004), pp. 182–197
M.O. Rabin, Digital signatures and public key functions as intractable as factorization. Technical Report MIT/LCS/TR-212, Massachusetts Institute of Technology, January 1979
C. Rackoff, D.R. Simon, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack, in Advances in Cryptology—CRYPTO’91, ed. by J. Feigenbaum. Lecture Notes in Computer Science, vol. 576 (Springer, Berlin, 1992), pp. 433–444
H. Wee, Efficient chosen-ciphertext security via extractable hash proofs, in Advances in Cryptology—CRYPTO 2010, ed. by T. Rabin. Lecture Notes in Computer Science, vol. 6223 (Springer, Berlin, 2010), pp. 314–332
H.C. Williams, A modification of the RSA public-key encryption procedure. IEEE Trans. Inf. Theory 26(6), 726–729 (1980)
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Keneth G. Paterson.
This paper was solicited from Eurocrypt 2009.
Work performed while D. Hofheinz was with the Centrum Wiskunde en Informatica (CWI), Amsterdam and supported by the Dutch Organization for Scientific Research (NWO).
V. Shoup was supported by NSF grant CNS-0716690.
Rights and permissions
About this article
Cite this article
Hofheinz, D., Kiltz, E. & Shoup, V. Practical Chosen Ciphertext Secure Encryption from Factoring. J Cryptol 26, 102–118 (2013). https://doi.org/10.1007/s00145-011-9115-0
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-011-9115-0