Paper 2009/377

Chosen-Ciphertext Secure RSA-type Cryptosystems

Benoit Chevallier-Mames and Marc Joye

Abstract

This paper explains how to design fully secure RSA-type cryptosystems from schemes only secure against passive attacks, in the standard model. We rely on instance-independence assumptions, which, roughly speaking, conjecture that for certain problems, an interactive access to a solver for another problem does not help the challenger. Previously, instance-independence assumptions were used in a "negative" way, to prove that certain schemes proven in the random oracle model were not provable in the standard model. Our paradigm applies virtually to all (weakly secure) RSA-type encryption schemes for which public-key RSA exponent can be arbitrarily chosen. As an illustration, we present a chosen-ciphertext secure variant of the Naccache-Stern encryption scheme.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Full version of the paper to appear at ProvSec 2009
Contact author(s)
marc joye @ thomson net
History
2009-08-19: revised
2009-08-03: received
See all versions
Short URL
https://ia.cr/2009/377
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/377,
      author = {Benoit Chevallier-Mames and Marc Joye},
      title = {Chosen-Ciphertext Secure RSA-type Cryptosystems},
      howpublished = {Cryptology ePrint Archive, Paper 2009/377},
      year = {2009},
      note = {\url{https://eprint.iacr.org/2009/377}},
      url = {https://eprint.iacr.org/2009/377}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.