Skip to main content
SpringerLink
Log in

On the Power of Misbehaving Adversaries and Security Analysis of the Original EPOC

  • Conference paper
  • First Online:
Topics in Cryptology — CT-RSA 2001 (CT-RSA 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2020))

Included in the following conference series:

Abstract

Nowadays, since modern cryptography deals with careful modeling and careful proofs, there may be two levels of cryptanalysis. One, the traditional breaking or weakness demonstration in schemes which are not provably secure. The second level of cryptanalysis, geared towards provably secure schemes, has to do with refining models and showing that a model was either insuficient or somewhat unclear and vague when used in proving systems secure. The best techniques to per- form this second type of investigation are still traditional cryptanalysis followed by corrections. In this work, we put forth the second type of cryptanalysis.

We demonstrate that in some of the recent works modeling chosen ciphertext security (non-malleability), the notion of validity of ciphertext was left vague. It led to systems where under the model as defined/ understood, it was shown provably secure. Yet, under another (natural) behavior of the adversary, the “provably secure system” is totally broken, since key recovery attack is made possible. We show that this behavior of an adversary is possible and further there are settings (the context of escrowed public key cryptosystems) where it is even highly relevant. We mount the attack against systems which are chosen-ciphertext secure and non-malleable (assuming the adversary probes with valid messages), yet they are “universally” insecure against this attack: namely, the trap- door key gets known by the adversary (as in Rabin’s system under chosen ciphertext attacks). Specifically, the attack works against EPOC which has been considered for standardization by IEEE P1363 (the authors have already been informed of the attack and our fix to it and will consider this issue in future works). This re-emphasizes that when proving chosen-ciphertext security, allowing invalid ciphertext probes increases the adversary’s power and should be considered as part of the model and in proofs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. FIPS PUB 185. Escrowed encryption standard (EES). Federal Information Processing Standards Publication 185, U.S. Dept of Commerce, February 1994.

    Google Scholar 

  2. Mihir Bellare, Anand Desai, David Pointcheval, and Phillip Rogaway. Relations among notions of security for public-key encryption schemes. Full paper (30 pages), available at URL <http://www-cse.ucsd.edu/users/mihir/papers/pke.html>, February 1999. An extended abstract appears in H. Krawczyk, ed., Advances in Cryptology-CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 26–45, Springer-Verlag, 1998.

    Chapter  Google Scholar 

  3. Mihir Bellare and Phillip Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In Proc. of the 1st ACM Conference on Computer and Communications Security, pages 62–73, ACM Press, 1993.

    Google Scholar 

  4. ______. Optimal asymmetric encryption. In A. De Santis, ed., Advances in Cryptology-EUROCRYPT’94, volume 950 of Lecture Notes in Computer Science, pages 92–111, Springer-Verlag, 1995.

    Google Scholar 

  5. Mihir Bellare and Amit Sahai. Non-malleable encryption: Equivalence between two notions. In M. Wiener, ed., Advances in Cryptology-CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 519–536, Springer-Verlag, 1999.

    Chapter  Google Scholar 

  6. Daniel Bleichenbacher. A chosen ciphertext attack against protocols based on the RSA encryption standard PKCS#1. In H. Krawczyk, ed., Advances in Cryptology-CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 1–12, Springer-Verlag, 1998.

    Chapter  Google Scholar 

  7. Matt Blaze. Protocol failure in the escrowed encryption standard. In Proc. of the 2nd ACM Conference on Computer and Communications Security, pages 59–67, ACM Press, 1994.

    Google Scholar 

  8. Dan Boneh, Glenn Durfee, and Nick Howgrave-Graham. Factoring N = p r q for large r. In J. Stern, ed., Advances in Cryptology-EUROCRYPT’99, volume 1592 of Lecture Notes in Computer Science, Springer-Verlag, 1999.

    Google Scholar 

  9. Colin Boyd. Enforcing traceability in software. In Y. Han, T. Okamoto, and S. Qing, eds., Information and Communications Security (ICICS’ 97), volume 1334 of Lecture Notes in Computer Science, pages 398–408, Springer-Verlag, 1997.

    Chapter  Google Scholar 

  10. Don Coppersmith. Finding a small root of a bivariate integer equation; factoring with high bits known. In U. Maurer, ed., Advances in Cryptology-EUROCRYPT’96, volume 1070 of Lecture Notes in Computer Science, pages 178–189, Springer-Verlag, 1996.

    Google Scholar 

  11. Ronald Cramer and Victor Shoup. A practical public-key cryptosystem provably secure against adaptive chosen ciphertext attack. In H. Krawczyk, ed., Advances in Cryptology-CRYPTO’98, volume 1462 of Lecture Notes in Computer Science, pages 13–25, Springer-Verlag, 1998.

    Chapter  Google Scholar 

  12. Ivan Damgård. Towards practical public key systems secure against chosen ciphertext attacks. In J. Feigenbaum, ed., Advances in Cryptology-CRYPTO’91, volume 576 of Lecture Notes in Computer Science, pages 445–456, Springer-Verlag, 1992.

    Google Scholar 

  13. Dorothy E. Denning and Dennis K. Brandstad. A taxonomy for key escrow encryption systems. Communications of the ACM, 39(3):34–40, 1996.

    Article  Google Scholar 

  14. Dorothy E. Denning and Miles Smid. Key escrowing today. IEEE Communications Magazine, 32(9):58–68, 1994.

    Article  Google Scholar 

  15. Yvo Desmedt. Securing traceability of ciphertexts: Towards a secure software key escrow system. In L. C. Guillou and J.-J. Quisquater, eds., Advances in Cryptology-EUROCRYPT’95, volume 921 of Lecture Notes in Computer Science, pages 147–157, Springer-Verlag, 1995.

    Google Scholar 

  16. Danny Dolev, Cynthia Dwork, and Moni Naor. Non-malleable cryptography. Manuscript (51 pages), available at URL <http://www.wisdom.weizmann.ac.il/~naor/onpub.html>, To appear in SIAM J. on Computing. A preliminary version appears in Proc. of the 23rd ACM Annual Symposium on the Theory of Computing (STOC’ 91), pages 542–552, ACM Press, 1991.

  17. Roger Fischlin. Fast proof of plaintext-knowledge and deniable authentication based on Chinese remainder theorem. Theory of Cryptography Library, 99–06, available at URL <http://philby.ucsd.edu/cryptolib/1999.html>, March 1999.

  18. Yair Frankel and Moti Yung. Escrow encryption systems visited: attacks, analysis and designs. In D. Coppersmith, ed., Advances in Cryptology-CRYPTO’95, volume 963 of Lecture Notes in Computer Science, pages 222–235, Springer-Verlag, 1995.

    Google Scholar 

  19. ______. Cryptanalysis of the immunized LL public key systems. In D. Coppersmith, ed., Advances in Cryptology-CRYPTO’95, volume 963 of Lecture Notes in Computer Science, pages 287–296, Springer-Verlag, 1995.

    Google Scholar 

  20. ______. On characterization of escrow encryption schemes. In P. Degano, R. Garriero, and A. Marchetti-Spaccamela, eds., Automata, Languages, and Programming (ICALP’ 97), volume 1256 of Lecture Notes in Computer Science, pages 705–715, Springer-Verlag, 1997.

    Google Scholar 

  21. Eiichiro Fujisaki and Tatsuaki Okamoto. How to enhance the security of public-key encryption at minimum cost. In H. Imai and Y. Zheng, eds., Public Key Cryptography, volume 1560 of Lecture Notes in Computer Science, pages 53–68, Springer-Verlag, 1999.

    Chapter  Google Scholar 

  22. ______. How to enhance the security of public-key encryption at minimum cost. IEICE Transactions on Fundamentals, E83-A(1): 24–32, 2000.

    Google Scholar 

  23. ______. Secure integration of asymmetric and symmetric encryption schemes. In M. Wiener, ed., Advances in Cryptology-CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 537–554, Springer-Verlag, 1999.

    Google Scholar 

  24. Henri Gilbert, Dipankar Gupta, Andrew Odlyzko, and Jean-Jacques Quisquater. Attacks on Shamir’s ‘RSA for paranoids’. Information Processing Letters, 68:197–199, 1998.

    Article  Google Scholar 

  25. Shafi Goldwasser and Silvio Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28:270–299, 1984.

    Article  MATH  MathSciNet  Google Scholar 

  26. Chris Hall, Ian Goldberg, and Bruce Schneier. Reaction attacks against several public-key cryptosystems. In V. Varadharajan and Yi Mu, eds., Information and Communications Security, volume 1726 of Lecture Notes in Computer Science, pages 2–12, Springer-Verlag, 1999.

    Google Scholar 

  27. Michael Hartmann, Sachar Paulus, and Tsuyoshi Takagi. NICE-New ideal coset encryption. In Ç. K. Koç and C. Paar, eds., Cryptographic Hardware and Embedded Systems, volume 1717 of Lecture Notes in Computer Science, pages 328–339, Springer-Verlag, 1999.

    Chapter  Google Scholar 

  28. Detlef Hühnlein, Michael J. Jacobson Jr., Sachar Paulus, and Tsuyoshi Takagi. A cryptosystem based on non-maximal imaginary quadratic orders with fast decryption. In K. Nyberg, ed., Advances in Cryptology-EUROCRYPT’98, volume 1403 of Lecture Notes in Computer Science, pages 294–307. Springer-Verlag, 1998.

    Chapter  Google Scholar 

  29. Éliane Jaulmes and Antoine Joux. A NICE cryptanalysis. In B. Preneel, ed., Advances in Cryptology-EUROCRYPT 2000, volume 1807 of Lecture Notes in Computer Science, pages 382–391, Springer-Verlag, 2000.

    Chapter  Google Scholar 

  30. Nigel Jefferies, Chris Mitchell, and Michael Walker. A proposed architecture for trusted third parties services. In E. Dawson and J. Golić, eds., Cryptography: Policy and Algorithms, volume 1029 of Lecture Notes in Computer Science, pages 98–104, Springer-Verlag, 1996.

    Chapter  Google Scholar 

  31. Joe Kilian and Tom Leighton. Fair cryptosystems, revisited. In D. Coppersmith, ed., Advances in Cryptology-CRYPTO’95, volume 963 of Lecture Notes in Computer Science, pages 208–221, Springer-Verlag, 1995.

    Google Scholar 

  32. Lars R. Knudsen and Torben P. Pedersen. On the dificulty of software key escrow. In U. Maurer, ed., Advances in Cryptology-EUROCRYPT’96, volume 1070 of Lecture Notes in Computer Science, pages 237–244, Springer-Verlag, 1996.

    Google Scholar 

  33. Chae Hoon Lim and Pil Joong Lee. Another method for attaining security against chosen ciphertext attacks. In D. R. Stinson, ed., Advances in Cryptology-CRYPTO’93, volume 773 of Lecture Notes in Computer Science, pages 420–434, Springer-Verlag, 1994.

    Google Scholar 

  34. Silvio Micali. Fair public-key cryptosystems. In E. F. Brickell, ed., Advances in Cryptology-CRYPTO’92, volume 740 of Lecture Notes in Computer Science, pages 113–138, Springer-Verlag, 1993.

    Google Scholar 

  35. Silvio Micali and Ray Sidney. A simple method for generating and sharing pseudo-random functions, with applications to Clipper-like key escrow systems. In D. Coppersmith, ed., Advances in Cryptology-CRYPTO’95, volume 963 of Lecture Notes in Computer Science, pages 185–196, Springer-Verlag, 1995.

    Google Scholar 

  36. Moni Naor and Moti Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In Proc. of the 22nd ACM Annual Symposium on the Theory of Computing (STOC’ 90), pages 427–437, ACM Press, 1990.

    Google Scholar 

  37. Tatsuaki Okamoto and Shigenori Uchiyama. A new public-key cryptosystem as secure as factoring. In K. Nyberg, ed., Advances in Cryptology-EUROCRYPT’98, volume 1403 of Lecture Notes in Computer Science, pages 308–318. Springer-Verlag, 1998.

    Chapter  Google Scholar 

  38. Tatsuaki Okamoto, Shigenori Uchiyama, and Eiichiro Fujisaki. EPOC: Efficient probabilistic public-key encryption. Submission to P1363a, available at URL <http://grouper.ieee.org/groups/1363/addendum.html>, November 1998.

  39. Pascal Paillier and David Pointcheval. Efficient public-key cryptosystem provably secure against active adversaries. In Advances in Cryptology-ASIACRYPT’99, volume of Lecture Notes in Computer Science, Springer-Verlag, 1999.

    Google Scholar 

  40. David Pointcheval. New public-key cryptosystem based on the dependent-RSA problem. In J. Stern, ed., Advances in Cryptology-EUROCRYPT’99, volume 1592 of Lecture Notes in Computer Science, Springer-Verlag, 1999.

    Google Scholar 

  41. ______. Chosen ciphertext security for any one-way cryptosystem. In H. Imai and Y. Zheng, eds., Public Key Cryptography, volume 1751 of Lecture Notes in Computer Science, pages 129–146, Springer-Verlag, 2000.

    Google Scholar 

  42. Sachar Paulus and Tsuyoshi Takagi. A generalization of the Diffie-Hellman problem and related cryptosystems allowing fast decryption. In Proc. of the 1998 International Conference on Information Security and Cryptology (ICISC’ 98), Seoul, December 18–19, 1998.

    Google Scholar 

  43. Charles Racko and Daniel R. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In J. Feigenbaum, ed., Advances in Cryptology-CRYPTO’91, volume 576 of Lecture Notes in Computer Science, pages 433–444, Springer-Verlag, 1992.

    Google Scholar 

  44. Adi Shamir. RSA for paranoids. Cryptobytes, 1(2):1–4, 1995.

    Google Scholar 

  45. Victor Shoup and Rosario Gennaro. Securing threshold cryptosystems against chosen ciphertext attack. IBM Research Report RZ 2974, Zurich Research Laboratory, Zurich, November 1997. An extended abstract appears in K. Nyberg, ed., Advances in Cryptology-EUROCRYPT’98, volume 1403 of Lecture Notes in Computer Science, pages 1–16, Springer-Verlag, 1998.

    Chapter  Google Scholar 

  46. Yiannis Tsiounis and Moti Yung. On the security of ElGamal based encryption. In H. Imai and Y. Zheng, eds., Public Key Cryptography, volume 1431 of Lecture Notes in Computer Science, pages 117–134, Springer-Verlag, 1998.

    Chapter  Google Scholar 

  47. Yuliang Zheng and Jennifer Seberry. Immunizing public-key cryptosystems against chosen ciphertext attacks. IEEE Journal on Selected Areas in Communications, 11(5):715–724, 1993.

    Article  Google Scholar 

References

  1. E. Fujisaki and T. Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In M. Wiener, editor, Advances in Cryptology-CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 537–554. Springer-Verlag, 1999.

    Chapter  Google Scholar 

  2. E. Fujisaki and T. Okamoto. How to enhance the security of public-key encryption at minimum cost. IEICE Transaction of Fundamentals of electronic Communications and Computer Science, E83-A(1):24–32, January 2000.

    Google Scholar 

  3. E. Fujisaki and T. Okamoto. A Chosen-Cipher Secure Encryption Scheme Tightly As Secure As Factoring. IEICE Transaction of Fundamentals of electronic Communications and Computer Science, E84-A(1), To appear in January 2001.

    Google Scholar 

  4. T. Okamoto and S. Uchiyama. A new public-key cryptosystem as secure as factoring. In K. Nyberg, editor, Advances in Cryptology-EUROCRYPT’98, Lecture Notes in Computer Science, pages 308–318. Springer-Verlag, 1998.

    Chapter  Google Scholar 

  5. T. Okamoto, S. Uchiyama, and E. Fujisaki. EPOC: Efficient probabilistic public-key encryption. Proposal to IEEE P1363a, November 1998.

    Google Scholar 

  6. T. Okamoto, S. Uchiyama, and E. Fujisaki. EPOC: Efficient probabilistic public-key encryption. Proposal to IEEE P1363a, ver. D6, Nov. 2000, available via:http://grouper.ieee.org/groups/1363/P1363a/draft.html

  7. M. Joye, J.J. Quisquater, and M. Yung. On the power of misbehaving adversaries and security analysis of EPOC. Manuscript, February 2000.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Gemplus Card International, Gémenos, France

    Marc Joye

  2. UCL Crypto Group, Louvain-la-Neuve, Belgium

    Jean-Jacques Quisquater

  3. CertCo, New York NY, USA

    Moti Yung

Authors
  1. Marc Joye
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Jacques Quisquater
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Moti Yung
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Gemplus Card International, 34 rue Guynemer, 92447, Issy les Moulineaux, France

    David Naccache

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Joye, M., Quisquater, JJ., Yung, M. (2001). On the Power of Misbehaving Adversaries and Security Analysis of the Original EPOC. In: Naccache, D. (eds) Topics in Cryptology — CT-RSA 2001. CT-RSA 2001. Lecture Notes in Computer Science, vol 2020. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45353-9_16

Download citation

  • DOI: https://doi.org/10.1007/3-540-45353-9_16

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-41898-6

  • Online ISBN: 978-3-540-45353-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation