Cryptology ePrint Archive: Report 2009/377

Chosen-Ciphertext Secure RSA-type Cryptosystems

Benoit Chevallier-Mames and Marc Joye

Abstract: This paper explains how to design fully secure RSA-type cryptosystems from schemes only secure against passive attacks, in the standard model. We rely on instance-independence assumptions, which, roughly speaking, conjecture that for certain problems, an interactive access to a solver for another problem does not help the challenger. Previously, instance-independence assumptions were used in a "negative" way, to prove that certain schemes proven in the random oracle model were not provable in the standard model. Our paradigm applies virtually to all (weakly secure) RSA-type encryption schemes for which public-key RSA exponent can be arbitrarily chosen. As an illustration, we present a chosen-ciphertext secure variant of the Naccache-Stern encryption scheme.

Category / Keywords:

Publication Info: Full version of the paper to appear at ProvSec 2009

Date: received 31 Jul 2009, last revised 19 Aug 2009

Contact author: marc joye at thomson net

Available format(s): PDF | BibTeX Citation

Version: 20090819:073029 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]