Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
SIAM Journal on Computing
REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Extended Notions of Security for Multicast Public Key Cryptosystems
ICALP '00 Proceedings of the 27th International Colloquium on Automata, Languages and Programming
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
RSA-OAEP Is Secure under the RSA Assumption
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Secure Integration of Asymmetric and Symmetric Encryption Schemes
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
How to Enhance the Security of Public-Key Encryption at Minimum Cost
PKC '99 Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography
Chosen-Ciphertext Security for Any One-Way Cryptosystem
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Public-key encryption in a multi-user setting: security proofs and improvements
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Chosen Ciphertext Security with Optimal Ciphertext Overhead
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Compact CCA-Secure Encryption for Messages of Arbitrary Length
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
A reject timing attack on an IND-CCA2 public-key cryptosystem
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Decryptable searchable encryption
ProvSec'07 Proceedings of the 1st international conference on Provable security
Relationship between standard model plaintext awareness and message hiding
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Hi-index | 0.00 |
This paper considers arbitrary-length chosen-ciphertext secure asymmetric encryption, thus addressing what is actually needed for a practical usage of strong public-key cryptography in the real world. We put forward two generic constructions, gem-1 and gem-2 which apply to explicit fixed-length weakly secure primitives and provide a strongly secure (IND-CCA2) public-key encryption scheme for messages of unfixed length (typically computer files). Our techniques optimally combine a single call to any one-way trapdoor function with repeated encryptions through some weak block-cipher (a simple xor is fine) and hash functions of fixed-length input so that a minimal number of calls to these functions is needed. Our encryption/decryption throughputs are comparable to the ones of standard methods (asymmetric encryption of a session key + symmetric encryption with multiple modes). In our case, however, we formally prove that our designs are secure in the strongest sense and provide complete security reductions holding in the random oracle model.