Public-Key Encryption in a Multi-user Setting: Security Proofs and Improvements
نویسندگان
چکیده
This paper addresses the security of public-key cryptosystems in a \multi-user" setting, namely in the presence of attacks involving the encryption of related messages under di erent public keys, as exempli ed by H astad's classical attacks on RSA. We prove that security in the single-user setting implies security in the multi-user setting as long as the former is interpreted in the strong sense of \indistinguishability," thereby pin-pointing many schemes guaranteed to be secure against H astad-type attacks. We then highlight the importance, in practice, of considering and improving the concrete security of the general reduction, and present such improvements for two Di e-Hellman based schemes, namely El Gamal and Cramer-Shoup.
منابع مشابه
Token-controlled Public-key Encryption in the Multi-user Setting Token-controlled Public-key Encryption in the Multi-user Setting
In this paper, we formalize the security notions for token-controlled public-key encryption in the multi-user setting, by not simply modifying the previous security notions in the single-user setting proposed by Baek, Safavi-Naini, and Susilo [1], and Galindo and Herranz [4], but employing the idea to formalize the attacks in the multi-user setting proposed by Bellare, Boldyreva, and Micali [2]...
متن کاملOptimistic Fair Exchange in a Multi-user Setting
This paper addresses the security of optimistic fair exchange in a multi-user setting. While the security of public key encryption and public key signature schemes in a single-user setting guarantees the security in a multi-user setting, we show that the situation is different in the optimistic fair exchange. First, we show how to break, in the multi-user setting, an optimistic fair exchange sc...
متن کاملOn the Impossibility of Tight Cryptographic Reductions
The existence of tight reductions in cryptographic security proofs is an important question, motivated by the theoretical search for cryptosystems whose security guarantees are truly independent of adversarial behavior and the practical necessity of concrete security bounds for the theoretically-sound selection of cryptographic parameters. At Eurocrypt 2002, Coron described a meta-reduction tec...
متن کاملPublic Key Encryption for the Forgetful
We investigate public key encryption that allows the originator of a ciphertext to retrieve a “forgotten” plaintext from the ciphertext. This type of public key encryption with “backward recovery” contrasts more widely analyzed public key encryption with “forward secrecy”. We advocate that together they form the two sides of a whole coin, whereby offering complementary roles in data security, e...
متن کاملHybrid Encryption in the Multi-User Setting
This paper presents an attack in the multi-user setting on various publickey encryption schemes standardized in IEEE 1363a [20], SECG SEC 1 [27] and ISO 18033-2 [21]. The multi-user setting is a security model proposed by Bellare et al., which allows adversaries to simultaneously attack multiple ciphertexts created by one or more users. An attack is considered successful if the attacker learns ...
متن کامل