论文信息 - Advances in Cryptology - ASIACRYPT 2003

Advances in Cryptology - ASIACRYPT 2003

We propose asymmetric encryption schemes for which all ciphertexts are valid (which means here “reachable”: the encryption function is not only a probabilistic injection, but also a surjection). We thus introduce the Full-Domain Permutation encryption scheme which uses a random permutation. This is the first IND-CCA cryptosystem based on any trapdoor one-way permutation without redundancy, and more interestingly, the bandwidth is optimal: the ciphertext is over k more bits only than the plaintext, where 2−k is the expected security level. Thereafter, we apply it into the random oracle model by instantiating the random permutation with a Feistel network construction, and thus using OAEP. Unfortunately, the usual 2-round OAEP does not seem to be provably secure, but a 3-round can be proved IND-CCA even without the usual redundancy m‖01 , under the partial-domain one-wayness of any trapdoor permutation. Although the bandwidth is not as good as in the random permutation model, absence of redundancy is quite new and interesting: many implementation risks are ruled out.

J. van Leeuwen

[1] Mihir Bellare,et al. A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost , 1997, EUROCRYPT.

[2] G. Edward Suh,et al. AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003 .

[3] Miklós Ajtai,et al. Generating Hard Instances of Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[4] Manuel Blum,et al. Checking the correctness of memories , 2005, Algorithmica.

[5] G. Edward Suh,et al. Offline Integrity Checking of Untrusted Storage , 2003 .

[6] Moni Naor,et al. Small-Bias Probability Spaces: Efficient Constructions and Applications , 1993, SIAM J. Comput..

[7] Mihir Bellare,et al. Incremental Cryptography: The Case of Hashing and Signing , 1994, CRYPTO.

[8] Mihir Bellare,et al. XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions , 1995, CRYPTO.

[9] Oded Goldreich,et al. Collision-Free Hashing from Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[10] Mihir Bellare,et al. Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.