Skip to main content
SpringerLink
Log in

Provable Security for Public Key Schemes

  • Chapter
Contemporary Cryptology

Part of the book series: Advanced Courses in Mathematics - CRM Barcelona ((ACMBIRK))

Abstract

Since the appearance of public-key cryptography in the Diffie-Hellman seminal paper, many schemes have been proposed, but many have been broken. Indeed, for a long time, the simple fact that a cryptographic algorithm had withstood cryptanalytic attacks for several years was considered as a kind of validation. But some schemes took a long time before being widely studied, and maybe thereafter being broken.

A much more convincing line of research has tried to provide “provable” security for cryptographic protocols, in a complexity theory sense: if one can break the cryptographic protocol, one can efficiently solve the underlying problem. Unfortunately, this initially was a purely theoretical work: very few practical schemes could be proven in this so-called “standard model” because such a security level rarely meets with efficiency. Ten years ago, Bellare and Rogaway proposed a trade-off to achieve some kind of validation of efficient schemes, by identifying some concrete cryptographic objects with ideal random ones. The most famous identification appeared in the so-called “random-oracle model”. More recently, another direction has been taken to prove the security of efficient schemes in the standard model (without any ideal assumption) by using stronger computational assumptions.

In these lectures, we focus on practical asymmetric protocols together with their “reductionist” security proofs, mainly in the random-oracle model. We cover the two main goals that public-key cryptography is devoted to solve: authentication with digital signatures, and confidentiality with public-key encryption schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.95
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. American National Standards Institute. Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm. ANSI X9.62-1998. January 1999.

    Google Scholar 

  2. N. Barić and B. Pfitzmann. Collision-Free Accumulators and Fail-Stop Signature Schemes without Trees. In Eurocrypt ′97, LNCS 1233, pages 480–484. Springer-Verlag, Berlin, 1997.

    Google Scholar 

  3. O. Baudron, D. Pointcheval, and J. Stern. Extended Notions of Security for Multicast Public Key Cryptosystems. In Proc. of the 27th ICALP, LNCS 1853, pages 499–511. Springer-Verlag, Berlin, 2000.

    Google Scholar 

  4. M. Bellare. Practice-Oriented Provable Security. In ISW ′97, LNCS 1396. Springer-Verlag, Berlin, 1997.

    Google Scholar 

  5. M. Bellare, A. Boldyreva, and S. Micali. Public-key Encryption in a Multi-User Setting: Security Proofs and Improvements. In Eurocrypt ′00, LNCS 1807, pages 259–274. Springer-Verlag, Berlin, 2000.

    Google Scholar 

  6. M. Bellare, A. Boldyreva, and A. Palacio. A Separation between the Random-Oracle Model and the Standard Model for a Hybrid Encryption Problem, 2003. Cryptology ePrint Archive 2003/077.

    Google Scholar 

  7. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among Notions of Security for Public-Key Encryption Schemes. In Crypto ′98, LNCS 1462, pages 26–45. Springer-Verlag, Berlin, 1998.

    Google Scholar 

  8. M. Bellare and A. Palacio. GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks. In Crypto ′02, LNCS 2442, pages 162–177. Springer-Verlag, Berlin, 2002.

    Google Scholar 

  9. M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated Key Exchange Secure Against Dictionary Attacks. In Eurocrypt ′00, LNCS 1807, pages 139–155. Springer-Verlag, Berlin, 2000.

    Google Scholar 

  10. M. Bellare and P. Rogaway. Random Oracles Are Practical: a Paradigm for Designing Efficient Protocols. In Proc. of the 1st CCS, pages 62–73. ACM Press, New York, 1993.

    Google Scholar 

  11. M. Bellare and P. Rogaway. Optimal Asymmetric Encryption — How to Encrypt with RSA. In Eurocrypt ′94, LNCS 950, pages 92–111. Springer-Verlag, Berlin, 1995.

    Google Scholar 

  12. M. Bellare and P. Rogaway. The Exact Security of Digital Signatures — How to Sign with RSA and Rabin. In Eurocrypt ′96, LNCS 1070, pages 399–416. Springer-Verlag, Berlin, 1996.

    Google Scholar 

  13. E. Biham and A. Shamir. Differential Fault Analysis of Secret Key Cryptosystems. In Crypto ′97, LNCS 1294, pages 513–525. Springer-Verlag, Berlin, 1997.

    Google Scholar 

  14. D. Bleichenbacher. Generating El Gamal Signatures without Knowing the Secret Key. In Eurocrypt ′96, LNCS 1070, pages 10–18. Springer-Verlag, Berlin, 1996.

    Google Scholar 

  15. D. Bleichenbacher. A Chosen Ciphertext Attack against Protocols based on the RSA Encryption Standard PKCS #1. In Crypto ′98, LNCS 1462, pages 1–12. Springer-Verlag, Berlin, 1998.

    Google Scholar 

  16. D. Boneh, R. DeMillo, and R. Lipton. On the Importance of Checking Cryptographic Protocols for Faults. In Eurocrypt ′97, LNCS 1233, pages 37–51. Springer-Verlag, Berlin, 1997.

    Google Scholar 

  17. E. Brickell, D. Pointcheval, S. Vaudenay, and M. Yung. Design Validations for Discrete Logarithm Based Signature Schemes. In PKC ′00, LNCS 1751, pages 276–292. Springer-Verlag, Berlin, 2000.

    Google Scholar 

  18. D. R. L. Brown and D. B. Johnson. Formal Security Proofs for a Signature Scheme with Partial Message Recovery. In CT — RSA ′01, LNCS 2020, pages 126–142. Springer-Verlag, Berlin, 2001.

    Google Scholar 

  19. R. Canetti, O. Goldreich, and S. Halevi. The Random Oracles Methodology, Revisited. In Proc. of the 30th STOC, pages 209–218. ACM Press, New York, 1998.

    Google Scholar 

  20. S. Cavallar, B. Dodson, A. K. Lenstra, W. Lioen, P. L. Montgomery, B. Murphy, H. te Riele, K. Aardal, J. Gilchrist, G. Guillerm, P. Leyland, J. Marchand, F. Morain, A. Muffett, Ch. Putnam, Cr. Putnam, and P. Zimmermann. Factorization of a 512-bit RSA Modulus. In Eurocrypt ′00, LNCS 1807, pages 1–18. Springer-Verlag, Berlin, 2000.

    Google Scholar 

  21. B. Chor and R. L. Rivest. A Knapsack Type Public Key Cryptosystem based on Arithmetic in Finite Fields. In Crypto ′84, LNCS 196, pages 54–65. Springer-Verlag, Berlin, 1985.

    Google Scholar 

  22. J.-S. Coron. On the Exact Security of Full-Domain-Hash. In Crypto ′00, LNCS 1880, pages 229–235. Springer-Verlag, Berlin, 2000.

    Google Scholar 

  23. R. Cramer and V. Shoup. A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack. In Crypto ′98, LNCS 1462, pages 13–25. Springer-Verlag, Berlin, 1998.

    Google Scholar 

  24. R. Cramer and V. Shoup. Signature Scheme based on the Strong RSA Assumption. In Proc. of the 6th CCS, pages 46–51. ACM Press, New York, 1999.

    Google Scholar 

  25. W. Diffie and M. E. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654, November 1976.

    MathSciNet  Google Scholar 

  26. D. Dolev, C. Dwork, and M. Naor. Non-Malleable Cryptography. SIAM Journal on Computing, 30(2):391–437, 2000.

    Article  MathSciNet  Google Scholar 

  27. T. El Gamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory, IT-31(4):469–472, July 1985.

    Google Scholar 

  28. A. Fiat and A. Shamir. How to Prove Yourself: Practical Solutions of Identification and Signature Problems. In Crypto ′86, LNCS 263, pages 186–194. Springer-Verlag, Berlin, 1987.

    Google Scholar 

  29. E. Fujisaki and T. Okamoto. Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations. In Crypto ′97, LNCS 1294, pages 16–30. Springer-Verlag, Berlin, 1997.

    Google Scholar 

  30. E. Fujisaki and T. Okamoto. How to Enhance the Security of Public-Key Encryption at Minimum Cost. In PKC ′99, LNCS 1560, pages 53–68. Springer-Verlag, Berlin, 1999.

    Google Scholar 

  31. E. Fujisaki and T. Okamoto. Secure Integration of Asymmetric and Symmetric Encryption Schemes. In Crypto ′99, LNCS 1666, pages 537–554. Springer-Verlag, Berlin, 1999.

    Google Scholar 

  32. E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. RSA-OAEP is Secure under the RSA Assumption. In Crypto ′01, LNCS 2139, pages 260–274. Springer-Verlag, Berlin, 2001. Also appeared as RSA-OAEP is Still Alive in the Cryptology ePrint Archive 2000/061. November 2000. Available from http://eprint.iacr.org/.

    Google Scholar 

  33. E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. RSA-OAEP is Secure under the RSA Assumption. Journal of Cryptology, 17(2):81–104, 2004.

    Article  MathSciNet  Google Scholar 

  34. O. Goldreich, S. Goldwasser, and S. Micali. How to Construct Random Functions. Journal of the ACM, 33(4):792–807, 1986.

    Article  MathSciNet  Google Scholar 

  35. S. Goldwasser and S. Micali. Probabilistic Encryption. Journal of Computer and System Sciences, 28:270–299, 1984.

    Article  MathSciNet  Google Scholar 

  36. S. Goldwasser, S. Micali, and C. Rackoff. The Knowledge Complexity of Interactive Proof Systems. In Proc. of the 17th STOC, pages 291–304. ACM Press, New York, 1985.

    Google Scholar 

  37. S. Goldwasser, S. Micali, and R. Rivest. A “Paradoxical” Solution to the Signature Problem. In Proc. of the 25th FOCS, pages 441–448. IEEE, New York, 1984.

    Google Scholar 

  38. S. Goldwasser, S. Micali, and R. Rivest. A Digital Signature Scheme Secure Against Adaptative Chosen-Message Attacks. SIAM Journal of Computing, 17(2):281–308, April 1988.

    Article  MathSciNet  Google Scholar 

  39. C. Hall, I. Goldberg, and B. Schneier. Reaction Attacks Against Several Public-Key Cryptosystems. In Proc. of ICICS ′99, LNCS, pages 2–12. Springer-Verlag, 1999.

    Google Scholar 

  40. J. Håstad. Solving Simultaneous Modular Equations of Low Degree. SIAM Journal of Computing, 17:336–341, 1988.

    MATH  Google Scholar 

  41. A. Joux and R. Lercier. Improvements to the general Number Field Sieve for discrete logarithms in prime fields. Mathematics of Computation, 2000. to appear.

    Google Scholar 

  42. M. Joye, J. J. Quisquater, and M. Yung. On the Power of Misbehaving Adversaries and Security Analysis of the Original EPOC. In CT — RSA ′01, LNCS 2020, pages 208–222. Springer-Verlag, Berlin, 2001.

    Google Scholar 

  43. KCDSA Task Force Team. The Korean Certificate-based Digital Signature Algorithm. Submission to IEEE P1363a. August 1998. Available from http://grouper.ieee.org/groups/1363/.

    Google Scholar 

  44. P. C. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Crypto ′96, LNCS 1109, pages 104–113. Springer-Verlag, Berlin, 1996.

    Google Scholar 

  45. P. C. Kocher, J. Jaffe, and B. Jun. Differential Power Analysis. In Crypto ′99, LNCS 1666, pages 388–397. Springer-Verlag, Berlin, 1999.

    Google Scholar 

  46. A. Lenstra and H. Lenstra. The Development of the Number Field Sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, 1993.

    Google Scholar 

  47. A. Lenstra and E. Verheul. Selecting Cryptographic Key Sizes. In PKC ′00, LNCS 1751, pages 446–465. Springer-Verlag, Berlin, 2000.

    Google Scholar 

  48. H.W. Lenstra. On the Chor-Rivest Knapsack Cryptosystem. Journal of Cryptology, 3:149–155, 1991.

    Article  MATH  MathSciNet  Google Scholar 

  49. J. Manger. A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1. In Crypto ′01, LNCS 2139, pages 230–238. Springer-Verlag, Berlin, 2001.

    Google Scholar 

  50. G. Miller. Riemann’s Hypothesis and Tests for Primality. Journal of Computer and System Sciences, 13:300–317, 1976.

    MATH  MathSciNet  Google Scholar 

  51. D. M’Raïhi, D. Naccache, D. Pointcheval, and S. Vaudenay. Computational Alternatives to Random Number Generators. In Fifth Annual Workshop on Selected Areas in Cryptography (SAC ′98), LNCS 1556, pages 72–80. Springer-Verlag, Berlin, 1998.

    Google Scholar 

  52. M. Naor and M. Yung. Public-Key Cryptosystems Provably Secure against Chosen Ciphertext Attacks. In Proc. of the 22nd STOC, pages 427–437. ACM Press, New York, 1990.

    Google Scholar 

  53. V. I. Nechaev. Complexity of a Determinate Algorithm for the Discrete Logarithm. Mathematical Notes, 55(2):165–172, 1994.

    Article  MATH  MathSciNet  Google Scholar 

  54. J. B. Nielsen. Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case. In Crypto ′02, LNCS 2442, pages 111–126. Springer-Verlag, Berlin, 2002.

    Google Scholar 

  55. NIST. Digital Signature Standard (DSS). Federal Information Processing Standards PU Blication 186, November 1994.

    Google Scholar 

  56. NIST. Secure Hash Standard (SHS). Federal Information Processing Standards PU Blication 180-1, April 1995.

    Google Scholar 

  57. NIST. Descriptions of SHA-256, SHA-384, and SHA-512. Available from http://www.nist.gov/sha/, October 2000.

    Google Scholar 

  58. K. Ohta and T. Okamoto. On Concrete Security Treatment of Signatures Derived from Identification. In Crypto ′98, LNCS 1462, pages 354–369. Springer-Verlag, Berlin, 1998.

    Google Scholar 

  59. T. Okamoto and D. Pointcheval. REACT: Rapid Enhanced-security Asymmetric Cryptosystem Transform. In CT — RSA ′01, LNCS 2020, pages 159–175. Springer-Verlag, Berlin, 2001.

    Google Scholar 

  60. T. Okamoto and D. Pointcheval. The Gap-Problems: a New Class of Problems for the Security of Cryptographic Schemes. In PKC ′01, LNCS 1992. Springer-Verlag, Berlin, 2001.

    Google Scholar 

  61. D. Pointcheval. Les Preuves de Connaissance et leurs Preuves de Sécurité. PhD thesis, université de Caen, December 1996.

    Google Scholar 

  62. D. Pointcheval. Chosen-Ciphertext Security for any One-Way Cryptosystem. In PKC ′00, LNCS 1751, pages 129–146. Springer-Verlag, Berlin, 2000.

    Google Scholar 

  63. D. Pointcheval. About Generic Conversions from any Weakly Secure Encryption Scheme into a Chosen-Ciphertext Secure Scheme. In Proceedings of the Fourth Conference on Algebraic Geometry, Number Theory, Coding Theory and Cryptography, pages 145–162, Tokyo, Japan, 2001.

    Google Scholar 

  64. D. Pointcheval. Practical Security in Public-Key Cryptography. In Proc. of ICISC ′01, LNCS 2288. Springer-Verlag, Berlin, 2001.

    Google Scholar 

  65. D. Pointcheval. How to Encrypt Properly with RSA. CryptoBytes, 5(1):10–19, winter/spring 2002.

    Google Scholar 

  66. D. Pointcheval. Le chiffrement asymétrique et la sécurité prouvée. PhD thesis, université de Paris VII, May 2002. Thèse d’habilitation.

    Google Scholar 

  67. D. Pointcheval and J. Stern. Security Proofs for Signature Schemes. In Eurocrypt ′96, LNCS 1070, pages 387–398. Springer-Verlag, Berlin, 1996.

    Google Scholar 

  68. D. Pointcheval and J. Stern. Security Arguments for Digital Signatures and Blind Signatures. Journal of Cryptology, 13(3):361–396, 2000.

    Article  Google Scholar 

  69. D. Pointcheval and S. Vaudenay. On Provable Security for Digital Signature Algorithms. Technical Report LIENS-96-17, LIENS, October 1996.

    Google Scholar 

  70. J. M. Pollard. Monte Carlo Methods for Index Computation (mod p). Mathematics of Computation, 32(143):918–924, July 1978.

    MATH  MathSciNet  Google Scholar 

  71. C. Rackoff and D. R. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Crypto ′91, LNCS 576, pages 433–444. Springer-Verlag, Berlin, 1992.

    Google Scholar 

  72. R. Rivest. The MD5 Message-Digest Algorithm. RFC 1321, The Internet Engineering Task Force, April 1992.

    Google Scholar 

  73. R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, 21(2):120–126, February 1978.

    Article  MathSciNet  Google Scholar 

  74. RSA Data Security, Inc. Public Key Cryptography Standards — PKCS. Available from http://www.rsa.com/rsalabs/pubs/PKCS/.

    Google Scholar 

  75. C. P. Schnorr. Efficient Identification and Signatures for Smart Cards. In Crypto ′89, LNCS 435, pages 235–251. Springer-Verlag, Berlin, 1990.

    Google Scholar 

  76. C. P. Schnorr. Efficient Signature Generation by Smart Cards. Journal of Cryptology, 4(3):161–174, 1991.

    Article  MATH  MathSciNet  Google Scholar 

  77. C. P. Schnorr and M. Jakobsson. Security of Signed ElGamal Encryption. In Asiacrypt ′00, LNCS 1976, pages 458–469. Springer-Verlag, Berlin, 2000.

    Google Scholar 

  78. D. Shanks. Class Number, a Theory of Factorization, and Genera. In Proceedings of the Symposium on Pure Mathematics, volume 20, pages 415–440. AMS, 1971.

    MATH  MathSciNet  Google Scholar 

  79. H. Shimizu. On the Improvement of the Håstad Bound. In 1996 IEICE Fall Conference, Volume A-162, 1996. In Japanese.

    Google Scholar 

  80. V. Shoup. Lower Bounds for Discrete Logarithms and Related Problems. In Eurocrypt ′97, LNCS 1233, pages 256–266. Springer-Verlag, Berlin, 1997.

    Google Scholar 

  81. V. Shoup. A Proposal for an ISO Standard for Public-Key Encryption, december 2001. ISO/IEC JTC 1/SC27.

    Google Scholar 

  82. V. Shoup. OAEP Reconsidered. In Crypto ′01, LNCS 2139, pages 239–259. Springer-Verlag, Berlin, 2001. Also appeared in the Cryptology ePrint Archive 2000/060. November 2000. Available from http://eprint.iacr.org/.

    Google Scholar 

  83. V. Shoup. OAEP Reconsidered. Journal of Cryptology, 15(4):223–249, September 2002.

    MATH  MathSciNet  Google Scholar 

  84. J. Stern, D. Pointcheval, J. Malone-Lee, and N. Smart. Flaws in Applying Proof Methodologies to Signature Schemes. In Crypto ′02, LNCS 2442, pages 93–110. Springer-Verlag, Berlin, 2002.

    Google Scholar 

  85. Y. Tsiounis and M. Yung. On the Security of El Gamal based Encryption. In PKC ′98, LNCS. Springer-Verlag, Berlin, 1998.

    Google Scholar 

  86. S. Vaudenay. Cryptanalysis of the Chor-Rivest Scheme. In Crypto ′98, LNCS 1462, pages 243–256. Springer-Verlag, Berlin, 1998.

    Google Scholar 

  87. G. S. Vernam. Cipher Printing Telegraph Systems for Secret Wire and Radio Telegraphic Communications. Journal of the American Institute of Electrical Engineers, 45:109–115, 1926.

    Google Scholar 

Download references

Authors
  1. David Pointcheval
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Birkhäuser Verlag

About this chapter

Cite this chapter

Pointcheval, D. (2005). Provable Security for Public Key Schemes. In: Contemporary Cryptology. Advanced Courses in Mathematics - CRM Barcelona. Birkhäuser Basel. https://doi.org/10.1007/3-7643-7394-6_4

Download citation

  • DOI: https://doi.org/10.1007/3-7643-7394-6_4

  • Publisher Name: Birkhäuser Basel

  • Print ISBN: 978-3-7643-7294-1

  • Online ISBN: 978-3-7643-7394-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation