Lecture 3 : One - Way Encryption , RSA Example
نویسنده
چکیده
We look at a different security property one might require of encryption, namely one-way security. The notion is natural and seems like a minimal requirement on an encryption scheme. It makes sense for both symmetric and public-key encryption schemes. To make the discussion more concrete, we look at the so-called “textbook” variant of the RSA encryption, and see how to pick keys in relation to the security parameter so that the best algorithms that invert RSA are either inefficient or have only negligible advantage. We will also see that while the “textbook RSA” can plausibly be oneway secure, it is definitely not secure in the sense of indistinguishabibility (this security property of encryption schemes was defined in the last class). This shows us that one-wayness is a weaker notion than indistinguishability.
منابع مشابه
Universal Padding Schemes for RSA
A common practice to encrypt with RSA is to first apply a padding scheme to the message and then to exponentiate the result with the public exponent; an example of this is OAEP. Similarly, the usual way of signing with RSA is to apply some padding scheme and then to exponentiate the result with the private exponent, as for example in PSS. Usually, the RSA modulus used for encrypting is differen...
متن کاملOne-Way Secure Encryption Can Leak Some Messages
Last time we saw an example of an encryption scheme, the “textbook RSA” scheme, which can be one-way secure (that’s exactly the belief expressed in the “RSA assumption”) but is not secure in the sense of indistinguishability. Now we’ll see that any one-way encryption might have some bad characteristics that make it not indistinguishably secure. With these arguments we’ll try to convince you tha...
متن کاملLecture 6: Overview of Public-Key Cryptography and RSA
In this lecture, we give an overview to the public-key cryptography, which is also referred to as asymmetric cryptography. We will first introduce the background of public-key cryptography. Then we will study the model of public-key cryptosystem, and the requirement to design a practical public-key algorithm. Finally, we will study the design of RSA algorithm. The concept of public-key (asymmet...
متن کاملKey-Privacy in Public-Key Encryption
We consider a novel security requirement of encryption schemes that we call “key-privacy” or “anonymity”. It asks that an eavesdropper in possession of a ciphertext not be able to tell which specific key, out of a set of known public keys, is the one under which the ciphertext was created, meaning the receiver is anonymous from the point of view of the adversary. We investigate the anonymity of...
متن کاملGEM: A Generic Chosen-Ciphertext Secure Encryption Method
This paper proposes an efficient and provably secure transform to encrypt a message with any asymmetric one-way cryptosystem. The resulting scheme achieves adaptive chosen-ciphertext security in the random oracle model. Compared to previous known generic constructions (Bellare, Rogaway, Fujisaki, Okamoto, and Pointcheval), our embedding reduces the encryption size and/or speeds up the decryptio...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004