Advertisement

On Sufficient Randomness for Secure Public-Key Cryptosystems

  • Takeshi Koshiba
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2274)

Abstract

In this paper, we consider what condition is sufficient for random inputs to secure probabilistic public-key encryption schemes. Although a framework given in [16] enables us to discuss uniformly and comprehensively security notions of public-key encryption schemes even for the case where cryptographically weak pseudorandom generator is used as random nonce generator to encrypt single plaintext messages, the results are rather theoretical. Here we naturally generalize the framework in order to handle security for the situation where we want to encrypt many messages with the same key. We extend some results w.r.t. single message security in [16] — separation results between security notions and a non-trivial sufficient condition for the equivalence between security notions - to multiple messages security. Besides the generalization, we show another separation between security notions for k-tuple messages and for (k+1)-tuple messages. The natural generalization, obtained here, rather improves to understand the security of public-key encryption schemes and eases the discussion of the security of practical public-key encryption schemes. In other words, the framework contributes to elucidating the role of randomness in public-key encryption scheme. As application of results in the generalized framework, we consider compatibility between the ElGamal encryption scheme and some sequence generators. Especially, we consider the applicability of the linear congruential generator (LCG) to the ElGamal encryption scheme.

References

  1. 1.
    M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of security for public-key encryption schemes. In H. Krawczyk, editor, Advances in Cryptology — CRYPTO’98, volume 1462 of Lecture Notes in Computer science, pages 26–45. Springer-Verlag, 1998.CrossRefGoogle Scholar
  2. 2.
    M. Bellare, S. Goldwasser, and D. Micciancio. Pseudo-random number generation within cryptographic algorithms: The DSS case. In B. S. Kaliski Jr., editor, Advances in Cryptology — CRYPTO’97, volume 1294 of Lecture Notes in Computer Science, pages 277–291. Springer-Verlag, 1997.CrossRefGoogle Scholar
  3. 3.
    M. Bellare and A. Sahai. Non-malleable encryption: Equivalence between two notions, and an indistinguishability-based characterization. In M. Wiener, editor, Advances in Cryptology — CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 519–536. Springer-Verlag, 1999.CrossRefGoogle Scholar
  4. 4.
    M. Blum and S. Micali. How to generate cryptographically strong sequences of pseudo-random bits. SIAM Journal on Computing, 13(4):850–864, 1984.zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    D. Boneh. The decision Diffie-Hellman problem. In J. P. Buhler, editor, Proceedings of the 3rd International Symposium on Algorithmic Number Theory (ANTS-3), volume 1423 of Lecture Notes in Computer science, pages 48–63. Springer-Verlag, 1998.Google Scholar
  6. 6.
    J. Boyar. Inferring sequences produced by pseudo-random number generators. Journal of the Association for Computing Machinery, 36(1):129–141, 1989.zbMATHMathSciNetGoogle Scholar
  7. 7.
    W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654, 1976.CrossRefMathSciNetGoogle Scholar
  8. 8.
    D. Dolev, C. Dwork, and M. Naor. Non-malleable cryptography. In Proceedings of the 23rd Annual ACM Symposium on Theory of Computing, pages 542–552. ACM Press, 1991.Google Scholar
  9. 9.
    D. Dolev, C. Dwork, and M. Naor. Non-malleable cryptography. SIAM Journal on Computing, 30(2):391–437, 2000.zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, IT-31(4):469–472, 1985.CrossRefMathSciNetGoogle Scholar
  11. 11.
    O. Goldreich. Foundation of Cryptography (Fragment of a Book-Version 2.03), 1998.Google Scholar
  12. 12.
    O. Goldreich. Modern Cryptography, Probabilistic Proofs and Pseudorandomness, volume 17 of Algorithms and Combinatorics. Springer-Verlag, 1999.Google Scholar
  13. 13.
    O. Goldreich. Foundations of Cryptography: Basic Tools. Cambridge University Press, 2001.Google Scholar
  14. 14.
    S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270–299, 1984.zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    T. Koshiba. A theory of randomness for public key cryptosystems: The ElGamal cryptosystem case. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E83-A(4):614–619, 2000.Google Scholar
  16. 16.
    T. Koshiba. A new aspect for security notions: Secure randomness in publickey encryption schemes. In K. Kim, editor, Proceeding of the 4th International Workshop on Practice and Theory in Public Key Cryptography (PKC2001), volume 1992 of Lecture Notes in Computer science, pages 87–103. Springer-Verlag, 2001.Google Scholar
  17. 17.
    H. Krawczyk. How to predict congruential generators. Journal of Algorithms, 13(4):527–545, 1992.zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    M. Luby. Pseudorandomness and Cryptographic Applications. Princeton Univ. Press, 1996.Google Scholar
  19. 19.
    U. M. Maurer and S. Wolf. Diffie-Hellman protocol. Designs, Codes and Cryptography, 19(2–3):147–171, 2000.zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    S. Micali, C. Racko., and B. Sloan. The notion of security for probabilistic cryptosystems. SIAM Journal on Computing, 17(2):412–426, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    M. Naor and M. Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, pages 427–437. ACM Press, 1990.Google Scholar
  22. 22.
    C. Racko. and D. R. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In J. Feigenbaum, editor, Advances in Cryptology —CRYPTO’91, volume 576 of Lecture Notes in Computer science, pages 433–444. Springer-Verlag, 1992.Google Scholar
  23. 23.
    T. Saito, T. Koshiba, and A. Yamamura. The decision Diffie-Hellman assumption and the quadratic residuosity assumption. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E84-A(1):165–171, 2001.Google Scholar
  24. 24.
    J. Stern. Secret linear congruential generators are not cryptographically secure. In Proceedings of the 28th Annual IEEE Symposium on Foundations of Computer Science, pages 421–426. IEEE Computer Society Press, 1987.Google Scholar
  25. 25.
    Y. Tsiounis and M. Yung. On the security of ElGamal based encryption. In H. Imai and Y. Zheng, editors, Proceedings of the 1st International Workshop on Practice and Theory in Public Key Cryptography (PKC’98), volume 1431 of Lecture Notes in Computer Science, pages 117–134. Springer-Verlag, 1998.Google Scholar
  26. 26.
    A. C. Yao. Theory and applications of trapdoor functions. In Proceedings of the 23rd Annual IEEE Symposium on Foundations of Computer Science, pages 80–91. IEEE Computer Society Press, 1982.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Takeshi Koshiba
    • 1
  1. 1.Secure Computing Lab.Fujitsu Laboratories Ltd.KawasakiJapan

Personalised recommendations