We propose an efficient two-party public key cryptosystem that is secure against adaptive chosen ciphertext attack, based on the hardness of Decision Diffie-Hellman (DDH). Specifically, we show that the two parties together can decrypt ciphertexts, but neither can alone. Our system is based on the Cramer-Shoup cryptosystem. Previous results on efficient threshold cryptosystems secure against ad...

We investigate the security of a generalization of HFE (multivariate and odd-characteristic variants). First, we propose an improved version of the basic Kipnis-Shamir key recovery attack against HFE. Second, we generalize the Kipnis-Shamir attack to Multi-HFE. The attack reduces to solve a MinRank problem directly on the public key. This leads to an improvement of a factor corresponding to the...

Recently Lee et al. proposed an efficient verifier-based key agreement protocol for three parties without server’s public key. Lee et al. claimed the proposed protocol could resist various attacks and provide the perfect forward secrecy. However, in this paper, authors shall show that their protocol suffers from the impersonation attack. At the same time, authors shall propose an improved metho...

Yap, Heng and Goi propose an efficient certificateless signature scheme based on the intractability of the computational DiffieHellman problem, and prove that the scheme is secure in the random oracle model. This paper shows that their certificateless signature scheme is vulnerable to key replacement attacks, where an adversary who replaces the public key of a signer can forge valid signatures ...

Since Al-Riyami and Paterson presented certificateless cryptography, many certificateless schemes have been proposed for different purposes. In this paper, we present a certificateless group oriented signature scheme based on bilinear pairing. In our scheme, only the members in the same group with the signer can independently verify the signature. We prove the signature scheme is existential un...

This paper contains three parts. In the first part we present a new side channel attack on plaintext encrypted by EME-OAEP PKCS#1 v.2.1. In contrast with Manger ́s attack, we attack that part of the plaintext, which is shielded by the OAEP method. In the second part we show that Bleichenbacher’s and Manger’s attack on the RSA encryption scheme PKCS#1 v.1.5 and EME-OAEP PKCS#1 v.2.1 can be conver...

At CRYPTO 2004, Kurosawa and Desmedt presented a hybrid public-key encryption scheme that is chosen-ciphertext secure in the standard model. Until now it was unknown if the key-encapsulation part of the Kurosawa-Desmedt scheme by itself is still chosenciphertext secure or not. In this short note we answer this question to the negative, namely we present a simple chosen-ciphertext attack on the ...

Certificateless public-key cryptosystem is a recently proposed attractive paradigm using public key cryptosystem, which avoids the key escrow inherent in identity-based public-key cryptosystems, and does not need certificates to generate trust in public keys. Recently, Al-Riyami and Paterson proposed a new certificateless public-key encryption scheme [2, 3] and proved its security in the random...

We consider the security of multiple and possibly related plaintexts in the context of a chosen ciphertext attack. That is the attacker in addition and concurrently to obtaining encryptions of multiple plaintexts under the same key, may issue encryption and decryption queries and partial information queries. Loosely speaking, an encryption scheme is considered secure under such attacks if all t...

In this paper, we introduce a new concept of digital signature that we call fuzzy signature, which is a signature scheme that uses a noisy string such as biometric data as a private key, but does not require user-specific auxiliary data (which is also called a helper string in the context of fuzzy extractors), for generating a signature. Our technical contributions are three-fold: (1) We first ...