Paper 2003/107

Fujisaki-Okamoto IND-CCA hybrid encryption revisited

David Galindo, Sebastià Mart\'ın, Paz Morillo, and Jorge L. Villar

Abstract

At Crypto'99, Fujisaki and Okamoto~\cite{FO99} presented a nice generic transformation from weak asymmetric and symmetric schemes into an IND-CCA hybrid encryption scheme in the Random Oracle Model. From this transformation, two specific candidates to standardization were designed: EPOC-2~\cite{EPOC} and PSEC-2~\cite{PSEC}, based on Okamoto-Uchiyama and El Gamal primitives, respectively. Since then, several cryptanalysis of EPOC have been published, one in the Chosen Ciphertext Attack game and others making use of a poor implementation that is vulnerable to reject timing attacks. The aim of this work is to avoid these attacks from the generic transformation, identifying the properties that an asymmetric scheme must hold to obtain a secure hybrid scheme. To achieve this, some ambiguities in the proof of the generic transformation~\cite{FO99} are described, which can lead to false claims. As a result the original conversion is modified and the range of asymmetric primitives that can be used is shortened. In second place, the concept of {\it Easy Verifiable Primitive} is formalized, showing its connection with the Gap problems. Making use of these ideas, a {\it new} security proof for the modified transformation is given. The good news is that the reduction is {\it tight}, improving the concrete security claimed in the original work for the Easy Verifiable Primitives. For the rest of primitives the concrete security is improved at the cost of stronger assumptions. Finally, the resistance of the new conversion against reject timing attacks is addressed.

Metadata
Available format(s)
PDF PS
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
chosen-ciphertext securitytight reduction
Contact author(s)
dgalindo @ mat upc es
History
2003-05-29: received
Short URL
https://ia.cr/2003/107
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2003/107,
      author = {David Galindo and Sebastià Mart\'ın and Paz Morillo and Jorge L.  Villar},
      title = {Fujisaki-Okamoto {IND}-{CCA} hybrid encryption revisited},
      howpublished = {Cryptology {ePrint} Archive, Paper 2003/107},
      year = {2003},
      url = {https://eprint.iacr.org/2003/107}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.