Easy Verifiable Primitives and Practical Public Key Cryptosystems

At Crypto’99, Fujisaki and Okamoto [8] presented a nice generic transformation from weak asymmetric and symmetric schemes into an IND-CCA hybrid encryption scheme in the Random Oracle Model. Two specific candidates for standardization were designed from this transformation: PSEC-2 [14] and EPOC-2 [7], based on El Gamal and OkamotoUchiyama primitives, respectively. Since then, several cryptanalysis of EPOC have been published, one in the Chosen Ciphertext Attack game, and others making use of a poor implementation that is vulnerable to reject timing attacks. The aim of this work is to prevent such attacks from generic transformation by identifying the properties that an asymmetric scheme must have in order to obtain a secure hybrid scheme. To achieve this, some ambiguities in the proof of the generic transformation [8] which could lead to false claims are described. As a result, the original conversion is modified and the class of asymmetric primitives that can be used is shortened. Secondly, the concept of Easy Verifiable Primitive is formalized, showing its connection with Gap problems. Using these ideas, a new security proof for the modified transformation is given. The good news is that the reduction is tight, improving the concrete security claimed in the original work for the Easy Verifiable Primitives. For the rest of primitives, the concrete security is improved at the cost of stronger assumptions. Finally, the new conversion’s resistance to reject timing attacks is addressed.