On the Security of EPOC and TSH-ESIGN

We submitted a public-key encryption scheme, EPOC, and digital signature scheme, TSH-ESIGN, to IEEE P1363a. The security of EPOC and TSH-ESIGN is based on the intractability of factoring n = pq, where p and q are primes. TSH-ESIGN is also based on the intractability of the approximate e-th root (AERP) assumption, which is the approximate version of the RSA assumption. This draft describes the latest research status on the intractability of factoring n = pq and the approximate e-th root assumption, and concludes that these problems are considered to be almost as intractable as those of factoring n = pq and of inverting the RSA function (i.e., solving the e-th root). 1 Security of EPOC and TSH-ESIGN 1.1 Security of EPOC EPOC (EPOC-2 with one-time padding) [9] is proven to be secure in the strongest sense (nonmalleable against chosen ciphertext attacks: NM-CCA2) under the random oracle model and the factoring assumption of n = p2q. That is, EPOC is as secure as factoring n = p2q (in the strongest sense in the random oracle model). Schemes Security Number-theoretical Random function against CCA assumption assumption EPOC-2(with OTP) Secure (NM-CCA) Factoring Truly random OAEP Secure (NM-CCA) RSA Truly random Cramer-Shoup Secure (NM-CCA) DDH UOWHF 1.2 Security of TSH-ESIGN TSH-ESIGN [7] is proven to be secure in the strongest sense (existentially unforgeable against adaptive chosen message attacks: EUF-CMA) under the random oracle model and the approximate e-th root (AERP) assumption (with modulus n = p2q), which is the approximate version of the RSA assumption. That is, TSH-ESIGN is as secure as AERP (in the strongest sense in the random oracle model).