Efficient Universal Padding Techniques for Multiplicative Trapdoor One-Way Permutation
نویسندگان
چکیده
Coron et al. proposed the ES-based scheme PSS-ES which realizes an encryption scheme and a signature scheme with a unique padding technique and key pair. The security of PSS-ES as an encryption scheme is based on the partial-domain one-wayness of the encryption permutation. In this paper, we propose new ES schemes OAEP-ES, OAEP++-ES, and REACT-ES, and prove their security under the assumption of only the one-wayness of encryption permutation. OAEP-ES, OAEP++-ES, and REACT-ES suit practical implementation because they use the same padding technique for encryption and for signature, and their security proof guarantees that we can prepare one key pair to realize encryption and signature in the same way as PSS-ES. Since one-wayness is a weaker assumption than partial-domain one-wayness, the proposed schemes offer tighter security than PSS-ES. Hence, we conclude that OAEP-ES, OAEP++-ES, and REACT-ES are more effective than PSS-ES. REACT-ES is the most practical approach in terms of the tightness of security and communication efficiency.
منابع مشابه
Universal Padding Schemes for RSA
A common practice to encrypt with RSA is to first apply a padding scheme to the message and then to exponentiate the result with the public exponent; an example of this is OAEP. Similarly, the usual way of signing with RSA is to apply some padding scheme and then to exponentiate the result with the private exponent, as for example in PSS. Usually, the RSA modulus used for encrypting is differen...
متن کاملOn the Security of Padding-Based Encryption Schemes - or - Why We Cannot Prove OAEP Secure in the Standard Model
We investigate the security of “padding-based” encryption schemes in the standard model . This class contains all public-key encryption schemes where the encryption algorithm first applies some invertible public transformation to the message (the “padding”), followed by a trapdoor permutation. In particular, this class contains OAEP and its variants. Our main result is a black-box impossibility...
متن کاملOAEP 3-Round: A Generic and Secure Asymmetric Encryption Padding
The OAEP construction is already 10 years old and wellestablished in many practical applications. But after some doubts about its actual security level, four years ago, the first efficient and provably IND-CCA1 secure encryption padding was formally and fully proven to achieve the expected IND-CCA2 security level, when used with any trapdoor permutation. Even if it requires the partial-domain o...
متن کاملSimplified OAEP for the RSA and Rabin Functions
Optimal Asymmetric Encryption Padding (OAEP) is a technique for converting the RSA trapdoor permutation into a chosen ciphertext secure system in the random oracle model. OAEP padding can be viewed as two rounds of a Feistel network. We show that for the Rabin and RSA trapdoor functions a much simpler padding scheme is sufficient for chosen ciphertext security in the random oracle model. We sho...
متن کامل