Abstract
For public key encryption schemes, adaptive chosen ciphertext security is a widely accepted security notion since it captures a wide range of attacks. SAEP and SAEP+ are asymmetric encryption schemes which were proven to achieve semantic security against adaptive chosen ciphertext attacks. However, the bandwidth for message is essentially worse, that is the ciphertext expansion (the length difference between the ciphertext and the plaintext) is too large. In most of the mobile networks and bandwidth constrained communication systems, it is necessary to securely send as many messages as possible. In this article, we propose two chosen-ciphertext secure asymmetric encryption schemes. The first scheme is a generic asymmetric encryption padding scheme based on trapdoor permutations. The second one is its application to the Rabin-Williams function which has a very fast encryption algorithm. These asymmetric encryption schemes both achieve the optimal bandwidth w.r.t. the ciphertext expansion, namely with the smallest ciphertext expansion. Further, tight security reductions are shown to prove the security of these encryption schemes.
Similar content being viewed by others
References
Bellare M., Desai A., Pointcheval D., Rogaway P.: Relations among notions of security for public-key encryption schemes. In: Proceedings of Crypto’98, LNCS 1462, pp. 26–45. Springer-Verlag (1998).
Bellare M., Kohno T., Shoup V.: Stateful public-key cryptosystems: how to encrypt with one 160-bit exponentiation. In: Proceedings of CCS’06, pp. 380–389. ACM (2006).
Bellare M., Rogaway P.: Optimal asymmetric encryption–How to encrypt with RSA. In: Proceedings of Eurocrypt’94, LNCS 950, pp. 92–111. Springer-Verlag (1995).
Bellare M., Rogaway P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of CCS’93, pp. 62–73. ACM (1993).
Boneh D.: Simplified OAEP for the RSA and Rabin functions. In: Proceedings of Crypto’01, LNCS 2139, pp. 275–291. Springer-Verlag (2001).
Coppersmith D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10, 233–260 (1997).
Canetti R., Goldreich O., Halevi S.: The random oracle methodology, revisited. In: Proceedings of STOC’98, pp. 209–218. ACM Press, New York (1998).
Coron J., Handschuh H., Joye M., Paillier P., Pointcheval D., Tymen C.: GEM: A generic chosen-ciphertext secure encryption method. In: Proceedings of CT-RSA 2002, LNCS 2271, pp. 263–276. Springer-Verlag (2002).
Cramer R., Shoup V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Proceedings of Crypto’98, LNCS 1462, pp. 13–25. Springer-Verlag (1998).
Cramer R., Shoup V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Proceedings of Eurocrypt’02, LNCS 2332, pp. 45–64. Springer-Verlag (2002).
Cui Y., Kobara K., Imai H.: A generic conversion with optimal redundancy. In: Proceedings of RSA Conference 2005, Cryptographers’ Track (CT-RSA 05), LNCS 3376, pp. 104–117. Springer-Verlag (2005).
Dolev D., Dwork C., Naor M. (2000). Non-malleable cryptography. SIAM J. Comput. 30(2): 391–437
Kiltz E.: Chosen-ciphertext security from tag-based encryption. In: Proceedings of TCC’06, LNCS 3876, pp. 581–600. Springer-Verlag (2006).
Fujisaki E.: Plaintext-simulatability. Cryptology ePrint Archive:2004/218.
Fujisaki E., Okamoto T., Pointcheval D., Stern J.: RSA-OAEP is secure under the RSA assumption. In: Proceedings of Crypto’01, LNCS 2139, pp. 260–274. Springer-Verlag (2001).
Goldwasser S., Micali S. (1984). Probabilistic encryption. J. Comput. Security 28, 270–299
Halevi S., Rogaway P.: A tweakable enciphering Mode. In: Proceedings of Advances in Cryptology-CRYPTO’03, LNCS, vol. 2729, pp. 482–499. Springer-Verlag (2003).
Kurokawa K., Ogata W.: Efficient Rabin-type digital signature scheme. Des. Codes Cryptogr. 16, 53–64 (1999).
Lenstra A., Verheul E.: Selecting cryptographic key sizes. In: Proceedings of PKC’00, LNCS 1751, pp. 446–465. Springer-Verlag (2000).
Lindell Y. (2006). A simpler construction of CCA2-secure public-key encryption under general assumptions. J. Cryptol. 19(3): 359–377
Naor M., Yung M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Proceedings of the 22nd STOC, pp. 427–437. ACM Press, New York (1990).
NESSIE consortium, “NESSIE Security report”. Deliverable type report D20-v2, NESSIE (2003). Available from http://www.cosic.esat.kuleuven.be/nessie/deliverables/D20-v2.pdf.
Okamoto T., Pointcheval D.: REACT: Rapid enhanced-security asymmetric cryptosystem transform. In: Proceedings of CT-RSA 2001, LNCS 2020, pp. 159–175. Springer-Verlag (2001).
Phan D.H., Pointcheval D.: Chosen-ciphertext security without redundancy. In: Proceedings of Asiacrypt’03, LNCS 2894, pp. 1–18. Springer-Verlag (2003).
Phan D.H., Pointcheval D.: OAEP 3-Round: A generic and secure asymmetric encryption padding. In: Proceedings of Asiacrypt’04, LNCS 3329, pp. 63–77. Springer-Verlag (2004).
Rackoff C., Simon D.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Proceedings of Crypto’91, LNCS 576, pp. 433–444. Springer-Verlag (1992).
Rabin M.: Digital signatures and public-key functions as intractable as factorization. Technical report MIT/LCS/TR-212, MIT Laboratory for Computer Science (1979).
Shoup V.: OAEP reconsidered. In: Proceedings of Crypto’01, LNCS 2139, pp. 239–259. Springer-Verlag (2001).
Williams H.C. (1980). A modification of the RSA public-key encryption procedure. IEEE Trans. Inform. Theory VIT 26(6): 726–729
Waters B.: Efficient identity based encryption without random oracles. In: Proceedings of Eurocrypt’05, LNCS 3494, pp. 114–127. Springer-Verlag (2005).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Qian, H., Zhou, Y., Li, Z. et al. Efficient public key encryption with smallest ciphertext expansion from factoring. Des. Codes Cryptogr. 49, 233–249 (2008). https://doi.org/10.1007/s10623-008-9179-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-008-9179-5