A Reject Timing Attackon an IND-CCA2 Public-Key Cryptosystem
نویسندگان
چکیده
EPOC-2 is a public-key cryptosystem that can be proved IND-CCA2 under the factoring assumption in the random oracle model. It was written into a standard specification P1363 of IEEE, and it has been a candidate of the public-key cryptosystem in several international standards (or portfolio) on cryptography, e.g. NESSIE, CRYPTREC, ISO, etc. In this paper we propose a chosen ciphertext attack against EPOC-2 from NESSIE by observing the timing of the reject signs from the decryption oracle. We construct an algorithm, which can factor the public modulus using the difference of the reject symbols. For random 384-bit primes, the modulus can be factored with probability at least 1/2 by invoking about 385 times to the decryption oracle.
منابع مشابه
A Universally Composable Secure Channel Based on the KEM-DEM Framework
SUMMARY As part of ISO standards on public-key encryption, Shoup introduced the framework of KEM (Key Encapsulation Mechanism), and DEM (Data Encapsulation Mechanism), for formalizing and realizing one-directional hybrid encryption; KEM is a formalization of asymmetric en-cryption specified for key distribution, which DEM is a formalization of symmetric encryption. This paper investigates a mor...
متن کاملAnalysis and Improvements of NTRU Encryption Paddings
NTRU is an efficient patented public-key cryptosystem proposed in 1996 by Hoffstein, Pipher and Silverman. Although no devastating weakness of NTRU has been found, Jaulmes and Joux presented at Crypto ’00 a simple chosen-ciphertext attack against NTRU as originally described. This led Hoffstein and Silverman to propose three encryption padding schemes more or less based on previous work by Fuji...
متن کاملEPOC: Efficient Probabilistic Public-Key Encryption (Submission to P1363a)
We describe a novel public-key cryptosystem, EPOC (Efficient Probabilistic Public-Key Encryption), which has two versions: EPOC-1 and EPOC-2. EPOC-1 is a public-key encryption system that uses a one-way trapdoor function and a random function (hash function). EPOC-2 is a public-key encryption system that uses a one-way trapdoor function, two random functions (hash functions) and a symmetric-key...
متن کاملOn a CCA2-secure variant of McEliece in the standard model
We consider public-key encryption schemes based on error-correcting codes that are IND-CCA2 secure in the standard model. We analyze a system due to Dowsley, Müller-Quade and Nascimento. We then show how to instantiate the Rosen-Segev framework with the McEliece scheme.
متن کاملAn efficient IND-CCA2 secure Paillier-based cryptosystem
This paper proposes a provably secure transformation of Paillier cryptosystem into an IND-CCA2 secure one in random oracle model. Our construction exploits the randomness extractability of Paillier cryptosystem for achieving efficiency. Lastly, we compare this conversion with other generic and specific IND-CCA2 conversions in terms of computational overhead and efficiency.
متن کامل