Wuhan University Journal of Natural Sciences

, Volume 11, Issue 6, pp 1601–1604 | Cite as

A practical approach to attaining chosen ciphertext security



Strong security in public key cryptography is not enough; the encryption has to be achieved in an efficient way. OAEP or SAEP is only suitable for special applications (e. g. key transport), and securely transporting message of any length is a challenge. Motivated by the hybrid encryption, we present a practical approach to achieve the (adaptively) chosen ciphertext security. The time cost of encryption/decryption of proposed scheme is similar to OAEP and the bandwidth of message recovery is 92% for standard security parameter, while RSA-OAEP is 84%. The scheme is also provably secure against adaptively chosen ciphertext attacks in the random oracle model. We conclude that the approach is practical in more extensive application.

Key words

public-key encryption chosen ciphertext security random oracle model bandwidth of message recovery 

CLC number

TP 305 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Rackoff C, Simon D. Noninteractive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack[C]//Proceedings of Crypto'91. California: Springer-Verlag, 1991: 433–444.Google Scholar
  2. [2]
    Bellare M, Rogaway P. Optimal Asymmetric Encryption[C] //Proceedings of Eurocrypts'[94]. Perugia: Springer-Verlag, 1994: 92–111.Google Scholar
  3. [3]
    Cramer R, Shoup V. A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack [C]//Proceedings of Crypto'98. Berlin: Springer-Verlag, 1998: 13–25.Google Scholar
  4. [4]
    Fujisaki E, Okamoto T. Secure Integration of Asymmetric and Symmetric Encryption Schemes[C]//Proceedings of Crypto'99. California: Springer-Verlag, 1999: 537–554.Google Scholar
  5. [5]
    Shoup V. Using Hash Functions as a Hedge against Chosen Ciphertext Attack [C]//Proceedings of Eurocrypt'00. Bruges, Belgium: Springer-Verlag, 2000: 275–288.Google Scholar
  6. [6]
    Okamoto T, Pointcheval D. REACT: Rapid Enhanced Security Asymmetric Cryptosystem Transform [C]//Proceedings of CT-RSA'00. San Jose: Springer-Verlag, 2001: 159–175.Google Scholar
  7. [7]
    Boneh D. Simplified OAEP for the RSA and Rabin Functions [C]//Proceedings of Crypto'01. Berlin: Springer-Verlag, 2001: 275–291.Google Scholar
  8. [8]
    Phan D H, Pointcheval D. OAEP 3-Round: A Generic and Secure Asymmetric Encryption Padding[C]//Proceedings of Asiacrypt'04. Jeju Island: Springer-Verlag, 2004: 63–77.Google Scholar
  9. [9]
    Phan D H, Pointcheval D. Chosen-Ciphertext Security without Redundancy[C]//Proceedings of Asiacrypt'03. Taipei: Springer-Verlag, 2003: 1–18.Google Scholar
  10. [10]
    Bellare M, Rogaway P. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols[C]//Proceedings of the 1st ACM Conference on Computer and Communications Security. Virginia: ACM Press, 1993: 62–73.Google Scholar
  11. [11]
    Rabin M O.Digitized Signatures and Public-Key Functions as Intractable as Factorization. Technical Report LCS/TR-212[R]. Cambridge: MIT Laboratory for Computer Science, 1979.Google Scholar
  12. [12]
    Menezes A, Oorschot P, Vanstone S.Handbook of Applied Cryptography[M]. New York: CRC Press, 1997: 75.Google Scholar

Copyright information

© Springer 2006

Authors and Affiliations

  1. 1.College of Computer Science and TechnologyHuazhong University of Science and TechnologyWuhan, HubeiChina

Personalised recommendations