Using hash functions as a hedge against chosen ciphertext attack

Authors:
Victor Shoup
Affiliations:
IBM Zürich Research Lab, Rüschlikon, Switzerland
Venue:
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Year:
2000

Citing 22
Cited 59

Universal one-way hash functions and their cryptographic applications

STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Non-malleable cryptography

STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
Authentication and authenticated key exchanges

Designs, Codes and Cryptography
Random oracles are practical: a paradigm for designing efficient protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract)

STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Signature schemes based on the strong RSA assumption

CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Pseudorandomness and Cryptographic Applications

Pseudorandomness and Cryptographic Applications
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Practical Approaches to Attaining Security Against Adaptively Chosen Ciphertext Attacks (Extended Abstract)

CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
More Flexible Exponentiation with Precomputation

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Algorithms

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
LFSR-based Hashing and Authentication

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Collision-Resistant Hashing: Towards Making UOWHFs Practical

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
On the Security of ElGamal Based Encryption

PKC '98 Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
The Decision Diffie-Hellman Problem

ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Number-theoretic constructions of efficient pseudo-random functions

FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
An Efficient Off-line Electronic Cash System Based On The Representation Problem.

An Efficient Off-line Electronic Cash System Based On The Representation Problem.
How to recycle random bits

SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
Publicly verifiable secret sharing

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Lower bounds for discrete logarithms and related problems

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A composition theorem for universal one-way hash functions

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques

Securely combining public-key cryptosystems

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
The Analysis of Zheng-Seberry Scheme

ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Security of Signed ElGamal Encryption

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Length-Invariant Hybrid Mix

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Variant of the Cramer-Shoup Cryptosystem for Groups of Unknown Order

ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On the Security of Williams Based Public Key Encryption Scheme

PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Tree-based group key agreement

ACM Transactions on Information and System Security (TISSEC)
Group Key Agreement Efficient in Communication

IEEE Transactions on Computers
New approaches for deniable authentication

Proceedings of the 12th ACM conference on Computer and communications security
Direct chosen ciphertext security from identity-based techniques

Proceedings of the 12th ACM conference on Computer and communications security
Secure attribute-based systems

Proceedings of the 13th ACM conference on Computer and communications security
Cryptanalysis of e-mail protocols providing perfect forward secrecy

Computer Standards & Interfaces
Provably Secure Timed-Release Public Key Encryption

ACM Transactions on Information and System Security (TISSEC)
A tapestry of identity-based encryption: practical frameworks compared

International Journal of Applied Cryptography
Stateful identity-based encryption scheme: faster encryption and decryption

Proceedings of the 2008 ACM symposium on Information, computer and communications security
Cramer-Shoup Satisfies a Stronger Plaintext Awareness under a Weaker Assumption

SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
New Anonymity Notions for Identity-Based Encryption

SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
A CCA Secure Hybrid Damgård's ElGamal Encryption

ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Chosen Ciphertext Secure Public Key Encryption with a Simple Structure

IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
Hybrid Damgård Is CCA1-Secure under the DDH Assumption

CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Efficient Chosen Ciphertext Secure Public Key Encryption under the Computational Diffie-Hellman Assumption

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A New Randomness Extraction Paradigm for Hybrid Encryption

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Folklore, practice and theory of robust combiners

Journal of Computer Security
New Anonymity Notions for Identity-Based Encryption

Formal to Practical Security
The Kurosawa--Desmedt key encapsulation is not chosen-ciphertext secure

Information Processing Letters
Characterizing Padding Rules of MD Hash Functions Preserving Collision Security

ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
One-wayness equivalent to general factoring

IEEE Transactions on Information Theory
Parallel key-insulated public key encryption without random oracles

PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Generic certificateless key encapsulation mechanism

ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Secure hybrid encryption from weakened key encapsulation

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Secure attribute-based systems

Journal of Computer Security
Some (in)sufficient conditions for secure hybrid encryption

Information and Computation
Efficient chosen-ciphertext security via extractable hash proofs

CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
A generic method for reducing ciphertext length of reproducible KEMs in the RO model

IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Toward an easy-to-understand structure for achieving chosen ciphertext security from the decisional Diffie-Hellman assumption

ProvSec'10 Proceedings of the 4th international conference on Provable security
Certificateless public key encryption: A new generic construction and two pairing-free schemes

Theoretical Computer Science
Generic certificateless encryption secure against malicious-hut-passive KGC attacks in the standard model

Journal of Computer Science and Technology
Chosen ciphertext secure encryption under factoring assumption revisited

PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Identification schemes from key encapsulation mechanisms

AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Adaptive secure-channel free public-key encryption with keyword search implies timed release encryption

ISC'11 Proceedings of the 14th international conference on Information security
Relationship between standard model plaintext awareness and message hiding

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Hardness of distinguishing the MSB or LSB of secret keys in diffie-hellman schemes

ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Hybrid signcryption schemes with insider security

ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Improved efficiency for CCA-secure cryptosystems built using identity-based encryption

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
On tolerant cryptographic constructions

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
On robust combiners for oblivious transfer and other primitives

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Tag-KEM/DEM: a new framework for hybrid encryption and a new analysis of kurosawa-desmedt KEM

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Hybrid signcryption schemes with outsider security

ISC'05 Proceedings of the 8th international conference on Information Security
Collision-Resistant no more: hash-and-sign paradigm revisited

PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Public key encryption without random oracle made truly practical

ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Efficient CCA-Secure PKE from identity-based techniques

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Two-Dimensional representation of cover free families and its applications: short signatures and more

CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Constructing secure hybrid encryption from key encapsulation mechanism with authenticity

IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Public key encryption without random oracle made truly practical

Computers and Electrical Engineering
Non-malleable instance-dependent commitment in the standard model

ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
An improved discrete logarithm-based multisignature scheme

Security and Communication Networks
Revisiting the security model for timed-release encryption with pre-open capability

ISC'07 Proceedings of the 10th international conference on Information Security
Decentralized dynamic broadcast encryption

SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks

Quantified Score

Hi-index	0.06

Visualization

Abstract

The cryptosystem recently proposed by Cramer and Shoup [CS98] is a practical public key cryptosystem that is secure against adaptive chosen ciphertext attack provided the Decisional Diffie-Hellman assumption is true. Although this is a reasonable intractability assumption, it would be preferable to base a security proof on a weaker assumption, such as the Computational Diffie-Hellman assumption. Indeed, this cryptosystem in its most basic form is in fact insecure if the Decisional Diffie-Hellman assumption is false. In this paper we present a practical hybrid scheme that is just as efficient as the scheme of of Cramer and Shoup; indeed, the scheme is slightly more efficient than the one originally presented by Cramer and Shoup; we prove that the scheme is secure if the Decisional Diffie-Hellman assumption is true; we give strong evidence that the scheme is secure if the weaker, Computational Diffie-Hellman assumption is true by providing a proof of security in the random oracle model.