Cryptology ePrint Archive: Report 2016/342
On the Selective Opening Security of Practical Public-Key Encryption Schemes
Felix Heuer and Tibor Jager and Eike Kiltz and Sven Schäge
Abstract: We show that two well-known and widely employed public-key encryption schemes -- RSA Optimal Asymmetric Encryption Padding (RSA-OAEP) and Diffie-Hellman Integrated Encryption Scheme (DHIES), instantiated with a one-time pad, -- are secure under (the strong, simulation-based security notion of) selective opening security against chosen-ciphertext attacks in the random oracle model.
Both schemes are obtained via known generic transformations that transform relatively weak primitives (with security in the sense of one-wayness) to IND-CCA secure encryption schemes.
We also show a similar result for the well-known Fujisaki-Okamoto transformation that can generically turn a one-way secure public key encryption system and a one-time pad into a INDCCA-secure public-key encryption system. We prove that selective opening security comes for free in these transformations.
Both DHIES and RSA-OAEP are important building blocks in several standards for public key encryption and key exchange protocols. The Fujisaki-Okamoto transformation is very versatile and has successfully been utilised to build efficient lattice-based cryptosystems.
The considered schemes are the first practical cryptosystems that meet the strong notion of simulation-based selective opening (SIM-SO-CCA) security.
Category / Keywords: public-key cryptography /
Original Publication (with major differences): IACR-PKC-2015
Date: received 30 Mar 2016, last revised 27 Jun 2016
Contact author: felix heuer at rub de
Available format(s): PDF | BibTeX Citation
Version: 20160627:093857 (All versions of this report)
Short URL: ia.cr/2016/342
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]