Abstract
Given an arbitrary k-bit to k-bit trapdoor permutation f and a hash function, we exhibit an encryption scheme for which (i) any string x of length slightly less than k bits can be encrypted as f(rx), where r x is a simple probabilistic encoding of x depending on the hash function; and (ii) the scheme can be proven semantically secure assuming the hash function is “ideal.” Moreover, a slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which she “knows” the corresponding plaintexts—such a scheme is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack.
Chapter PDF
Similar content being viewed by others
References
M. Bellare, J. Kilian and P. Rogaway, “On the security of cipher-block chaining,” Proceedings of Crypto 94.
M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols,” Proceedings of the First Annual Conference on Computer and Communications Security, ACM, 1993.
L. Blum, M. Blum, and M. Shub, “A Simple Unpredictable Pseudo-Random Number Generator,” SIAM Journal on Computing15(2), 364–383, May 1986.
M. Blum and S. Goldwasser, “An efficient probabilistic public-key encryption scheme which hides all partial information,” Advances in Cryptology — Crypto 84 Proceedings, Lecture Notes in Computer Science Vol. 196, Springer-Verlag, B. Blakley, ed., 1985.
M. Blum and S. Micali, “How to generate cryptographically strong sequences of pseudo-random bits,” SIAM Journal on Computing13(4), 850–864, November 1984.
I. Damgård, “Towards practical public key cryptosystems secure against chosen ciphertext attacks,” Advances in Cryptology — Crypto 91 Proceedings, Lecture Notes in Computer Science Vol. 576, Springer-Verlag, J. Feigenbaum, ed., 1991.
D. Dolev, C. Dwork and M. Naor, “Non-malleable cryptography,” Proceedings of the Twenty Third Annual Symposium on the Theory of Computing, ACM, 1991.
S. Even, O. Goldreich and S. Micali, “On-line/Off line digital signatures,” Manuscript. Preliminary version in Advances in Cryptology — Crypto 89 Proceedings, Lecture Notes in Computer Science Vol. 435, Springer-Verlag, G. Brassard, ed., 1989.
U. Feige, A. Fiat and A. Shamir, “Zero knowledge proofs of identity,” Journal of Cryptology, Vol. 1, pp. 77–94, 1987.
O. Goldreich and L. Levin, “A hard predicate for all one-way functions,” Proceedings of the Twenty First Annual Symposium on the Theory of Computing, ACM, 1989.
S. Goldwasser and S. Micali, “Probabilistic Encryption,” Journal of Computer and System Sciences28, 270–299, April 1984.
S. Goldwasser, S. Micali and C. Rackoff, “The knowledge complexity of interactive proof systems,” SIAM J. of Comp., Vol. 18, No. 1, 186–208, February 1989.
S. Goldwasser, S. Micali and R. Rivest, “A digital signature scheme secure against adaptive chosen-message attacks,” SIAM Journal of Computing, 17(2):281–308, April 1988.
R. Impagliazzo, L. Levin and M. Luby, “Pseudo-random generation from one-way functions,” Proceedings of the Twenty First Annual Symposium on the Theory of Computing, ACM, 1989.
D. Johnson, A. Lee, W. Martin, S. Matyas and J. Wilkins, “Hybrid key distribution scheme giving key record recovery,” IBM Technical Dislcosure Bulletin, 37(2A), 5–16, February 1994.
T. Leighton and S. Micali, “Provably fast and secure digital signature algorithms based on secure hash functions,” Manuscript, March 1993.
M. Naor and M. Yung, “Public-key cryptosystems provably secure against chosen ciphertext attacks,” Proceedings of the Twenty Second Annual Symposium on the Theory of Computing, ACM, 1990.
National Institute of Standards, FIPS Publication 180, “Secure Hash Standard,” 1993.
M. Rabin, “Digitalized signatures and public-key functions as intractable as factorization,” MIT Laboratory for Computer Science TR-212, January 1979.
R. Rivest, “The MD5 message-digest algorithm,” IETF Network Working Group, RFC 1321, April 1992.
R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public key cryptosystems,” CACM 21 (1978).
RSA Data Security, Inc., “PKCS #1: RSA Encryption Standard,” June 1991.
C. Schnorr, “Efficient identification and signatures for smart cards,” Advances in Cryptology — Crypto 89 Proceedings, Lecture Notes in Computer Science Vol. 435, Springer-Verlag, G. Brassard, ed., 1989.
A. Schrift and A. Shamir, “The discrete log is very discreet,” Proceedings of the Twenty Second Annual Symposium on the Theory of Computing, ACM, 1990.
M. Tompa and H. Woll, “Random self-reducibility and zero-knowledge interactive proofs of possession of information,” UCSD TR CS92-244, 1992.
A. Yao, “Theory and applications of trapdoor functions,” Proceedings of the Twenty Third Annual Symposium on the Foundations of Computer Science, IEEE, 1982.
Y. Zheng and J. Seberry, “Practical approaches to attaining security against adaptively chosen ciphertext attacks,” Advances in Cryptology — Crypto 92 Proceedings, Lecture Notes in Computer Science Vol. 740, Springer-Verlag, E. Brickell, ed., 1992.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bellare, M., Rogaway, P. (1995). Optimal asymmetric encryption. In: De Santis, A. (eds) Advances in Cryptology — EUROCRYPT'94. EUROCRYPT 1994. Lecture Notes in Computer Science, vol 950. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0053428
Download citation
DOI: https://doi.org/10.1007/BFb0053428
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60176-0
Online ISBN: 978-3-540-44717-7
eBook Packages: Springer Book Archive
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.