Abstract
Since the appearance of public-key cryptography in the Diffie-Hellman seminal paper, many schemes have been proposed, but many have been broken. Indeed, for a long time, the simple fact that a cryptographic algorithm had withstood cryptanalytic attacks for several years was considered as a kind of validation. But some schemes took a long time before being widely studied, and maybe thereafter being broken.
A much more convincing line of research has tried to provide “provable” security for cryptographic protocols, in a complexity theory sense: if one can break the cryptographic protocol, one can efficiently solve the underlying problem. Unfortunately, this initially was a purely theoretical work: very few practical schemes could be proven in this so-called “standard model” because such a security level rarely meets with efficiency. Ten years ago, Bellare and Rogaway proposed a trade-off to achieve some kind of validation of efficient schemes, by identifying some concrete cryptographic objects with ideal random ones. The most famous identification appeared in the so-called “random-oracle model”. More recently, another direction has been taken to prove the security of efficient schemes in the standard model (without any ideal assumption) by using stronger computational assumptions.
In these lectures, we focus on practical asymmetric protocols together with their “reductionist” security proofs, mainly in the random-oracle model. We cover the two main goals that public-key cryptography is devoted to solve: authentication with digital signatures, and confidentiality with public-key encryption schemes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
American National Standards Institute. Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm. ANSI X9.62-1998. January 1999.
N. Barić and B. Pfitzmann. Collision-Free Accumulators and Fail-Stop Signature Schemes without Trees. In Eurocrypt ′97, LNCS 1233, pages 480–484. Springer-Verlag, Berlin, 1997.
O. Baudron, D. Pointcheval, and J. Stern. Extended Notions of Security for Multicast Public Key Cryptosystems. In Proc. of the 27th ICALP, LNCS 1853, pages 499–511. Springer-Verlag, Berlin, 2000.
M. Bellare. Practice-Oriented Provable Security. In ISW ′97, LNCS 1396. Springer-Verlag, Berlin, 1997.
M. Bellare, A. Boldyreva, and S. Micali. Public-key Encryption in a Multi-User Setting: Security Proofs and Improvements. In Eurocrypt ′00, LNCS 1807, pages 259–274. Springer-Verlag, Berlin, 2000.
M. Bellare, A. Boldyreva, and A. Palacio. A Separation between the Random-Oracle Model and the Standard Model for a Hybrid Encryption Problem, 2003. Cryptology ePrint Archive 2003/077.
M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among Notions of Security for Public-Key Encryption Schemes. In Crypto ′98, LNCS 1462, pages 26–45. Springer-Verlag, Berlin, 1998.
M. Bellare and A. Palacio. GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks. In Crypto ′02, LNCS 2442, pages 162–177. Springer-Verlag, Berlin, 2002.
M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated Key Exchange Secure Against Dictionary Attacks. In Eurocrypt ′00, LNCS 1807, pages 139–155. Springer-Verlag, Berlin, 2000.
M. Bellare and P. Rogaway. Random Oracles Are Practical: a Paradigm for Designing Efficient Protocols. In Proc. of the 1st CCS, pages 62–73. ACM Press, New York, 1993.
M. Bellare and P. Rogaway. Optimal Asymmetric Encryption — How to Encrypt with RSA. In Eurocrypt ′94, LNCS 950, pages 92–111. Springer-Verlag, Berlin, 1995.
M. Bellare and P. Rogaway. The Exact Security of Digital Signatures — How to Sign with RSA and Rabin. In Eurocrypt ′96, LNCS 1070, pages 399–416. Springer-Verlag, Berlin, 1996.
E. Biham and A. Shamir. Differential Fault Analysis of Secret Key Cryptosystems. In Crypto ′97, LNCS 1294, pages 513–525. Springer-Verlag, Berlin, 1997.
D. Bleichenbacher. Generating El Gamal Signatures without Knowing the Secret Key. In Eurocrypt ′96, LNCS 1070, pages 10–18. Springer-Verlag, Berlin, 1996.
D. Bleichenbacher. A Chosen Ciphertext Attack against Protocols based on the RSA Encryption Standard PKCS #1. In Crypto ′98, LNCS 1462, pages 1–12. Springer-Verlag, Berlin, 1998.
D. Boneh, R. DeMillo, and R. Lipton. On the Importance of Checking Cryptographic Protocols for Faults. In Eurocrypt ′97, LNCS 1233, pages 37–51. Springer-Verlag, Berlin, 1997.
E. Brickell, D. Pointcheval, S. Vaudenay, and M. Yung. Design Validations for Discrete Logarithm Based Signature Schemes. In PKC ′00, LNCS 1751, pages 276–292. Springer-Verlag, Berlin, 2000.
D. R. L. Brown and D. B. Johnson. Formal Security Proofs for a Signature Scheme with Partial Message Recovery. In CT — RSA ′01, LNCS 2020, pages 126–142. Springer-Verlag, Berlin, 2001.
R. Canetti, O. Goldreich, and S. Halevi. The Random Oracles Methodology, Revisited. In Proc. of the 30th STOC, pages 209–218. ACM Press, New York, 1998.
S. Cavallar, B. Dodson, A. K. Lenstra, W. Lioen, P. L. Montgomery, B. Murphy, H. te Riele, K. Aardal, J. Gilchrist, G. Guillerm, P. Leyland, J. Marchand, F. Morain, A. Muffett, Ch. Putnam, Cr. Putnam, and P. Zimmermann. Factorization of a 512-bit RSA Modulus. In Eurocrypt ′00, LNCS 1807, pages 1–18. Springer-Verlag, Berlin, 2000.
B. Chor and R. L. Rivest. A Knapsack Type Public Key Cryptosystem based on Arithmetic in Finite Fields. In Crypto ′84, LNCS 196, pages 54–65. Springer-Verlag, Berlin, 1985.
J.-S. Coron. On the Exact Security of Full-Domain-Hash. In Crypto ′00, LNCS 1880, pages 229–235. Springer-Verlag, Berlin, 2000.
R. Cramer and V. Shoup. A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack. In Crypto ′98, LNCS 1462, pages 13–25. Springer-Verlag, Berlin, 1998.
R. Cramer and V. Shoup. Signature Scheme based on the Strong RSA Assumption. In Proc. of the 6th CCS, pages 46–51. ACM Press, New York, 1999.
W. Diffie and M. E. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654, November 1976.
D. Dolev, C. Dwork, and M. Naor. Non-Malleable Cryptography. SIAM Journal on Computing, 30(2):391–437, 2000.
T. El Gamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory, IT-31(4):469–472, July 1985.
A. Fiat and A. Shamir. How to Prove Yourself: Practical Solutions of Identification and Signature Problems. In Crypto ′86, LNCS 263, pages 186–194. Springer-Verlag, Berlin, 1987.
E. Fujisaki and T. Okamoto. Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations. In Crypto ′97, LNCS 1294, pages 16–30. Springer-Verlag, Berlin, 1997.
E. Fujisaki and T. Okamoto. How to Enhance the Security of Public-Key Encryption at Minimum Cost. In PKC ′99, LNCS 1560, pages 53–68. Springer-Verlag, Berlin, 1999.
E. Fujisaki and T. Okamoto. Secure Integration of Asymmetric and Symmetric Encryption Schemes. In Crypto ′99, LNCS 1666, pages 537–554. Springer-Verlag, Berlin, 1999.
E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. RSA-OAEP is Secure under the RSA Assumption. In Crypto ′01, LNCS 2139, pages 260–274. Springer-Verlag, Berlin, 2001. Also appeared as RSA-OAEP is Still Alive in the Cryptology ePrint Archive 2000/061. November 2000. Available from http://eprint.iacr.org/.
E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. RSA-OAEP is Secure under the RSA Assumption. Journal of Cryptology, 17(2):81–104, 2004.
O. Goldreich, S. Goldwasser, and S. Micali. How to Construct Random Functions. Journal of the ACM, 33(4):792–807, 1986.
S. Goldwasser and S. Micali. Probabilistic Encryption. Journal of Computer and System Sciences, 28:270–299, 1984.
S. Goldwasser, S. Micali, and C. Rackoff. The Knowledge Complexity of Interactive Proof Systems. In Proc. of the 17th STOC, pages 291–304. ACM Press, New York, 1985.
S. Goldwasser, S. Micali, and R. Rivest. A “Paradoxical” Solution to the Signature Problem. In Proc. of the 25th FOCS, pages 441–448. IEEE, New York, 1984.
S. Goldwasser, S. Micali, and R. Rivest. A Digital Signature Scheme Secure Against Adaptative Chosen-Message Attacks. SIAM Journal of Computing, 17(2):281–308, April 1988.
C. Hall, I. Goldberg, and B. Schneier. Reaction Attacks Against Several Public-Key Cryptosystems. In Proc. of ICICS ′99, LNCS, pages 2–12. Springer-Verlag, 1999.
J. Håstad. Solving Simultaneous Modular Equations of Low Degree. SIAM Journal of Computing, 17:336–341, 1988.
A. Joux and R. Lercier. Improvements to the general Number Field Sieve for discrete logarithms in prime fields. Mathematics of Computation, 2000. to appear.
M. Joye, J. J. Quisquater, and M. Yung. On the Power of Misbehaving Adversaries and Security Analysis of the Original EPOC. In CT — RSA ′01, LNCS 2020, pages 208–222. Springer-Verlag, Berlin, 2001.
KCDSA Task Force Team. The Korean Certificate-based Digital Signature Algorithm. Submission to IEEE P1363a. August 1998. Available from http://grouper.ieee.org/groups/1363/.
P. C. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Crypto ′96, LNCS 1109, pages 104–113. Springer-Verlag, Berlin, 1996.
P. C. Kocher, J. Jaffe, and B. Jun. Differential Power Analysis. In Crypto ′99, LNCS 1666, pages 388–397. Springer-Verlag, Berlin, 1999.
A. Lenstra and H. Lenstra. The Development of the Number Field Sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, 1993.
A. Lenstra and E. Verheul. Selecting Cryptographic Key Sizes. In PKC ′00, LNCS 1751, pages 446–465. Springer-Verlag, Berlin, 2000.
H.W. Lenstra. On the Chor-Rivest Knapsack Cryptosystem. Journal of Cryptology, 3:149–155, 1991.
J. Manger. A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1. In Crypto ′01, LNCS 2139, pages 230–238. Springer-Verlag, Berlin, 2001.
G. Miller. Riemann’s Hypothesis and Tests for Primality. Journal of Computer and System Sciences, 13:300–317, 1976.
D. M’Raïhi, D. Naccache, D. Pointcheval, and S. Vaudenay. Computational Alternatives to Random Number Generators. In Fifth Annual Workshop on Selected Areas in Cryptography (SAC ′98), LNCS 1556, pages 72–80. Springer-Verlag, Berlin, 1998.
M. Naor and M. Yung. Public-Key Cryptosystems Provably Secure against Chosen Ciphertext Attacks. In Proc. of the 22nd STOC, pages 427–437. ACM Press, New York, 1990.
V. I. Nechaev. Complexity of a Determinate Algorithm for the Discrete Logarithm. Mathematical Notes, 55(2):165–172, 1994.
J. B. Nielsen. Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case. In Crypto ′02, LNCS 2442, pages 111–126. Springer-Verlag, Berlin, 2002.
NIST. Digital Signature Standard (DSS). Federal Information Processing Standards PU Blication 186, November 1994.
NIST. Secure Hash Standard (SHS). Federal Information Processing Standards PU Blication 180-1, April 1995.
NIST. Descriptions of SHA-256, SHA-384, and SHA-512. Available from http://www.nist.gov/sha/, October 2000.
K. Ohta and T. Okamoto. On Concrete Security Treatment of Signatures Derived from Identification. In Crypto ′98, LNCS 1462, pages 354–369. Springer-Verlag, Berlin, 1998.
T. Okamoto and D. Pointcheval. REACT: Rapid Enhanced-security Asymmetric Cryptosystem Transform. In CT — RSA ′01, LNCS 2020, pages 159–175. Springer-Verlag, Berlin, 2001.
T. Okamoto and D. Pointcheval. The Gap-Problems: a New Class of Problems for the Security of Cryptographic Schemes. In PKC ′01, LNCS 1992. Springer-Verlag, Berlin, 2001.
D. Pointcheval. Les Preuves de Connaissance et leurs Preuves de Sécurité. PhD thesis, université de Caen, December 1996.
D. Pointcheval. Chosen-Ciphertext Security for any One-Way Cryptosystem. In PKC ′00, LNCS 1751, pages 129–146. Springer-Verlag, Berlin, 2000.
D. Pointcheval. About Generic Conversions from any Weakly Secure Encryption Scheme into a Chosen-Ciphertext Secure Scheme. In Proceedings of the Fourth Conference on Algebraic Geometry, Number Theory, Coding Theory and Cryptography, pages 145–162, Tokyo, Japan, 2001.
D. Pointcheval. Practical Security in Public-Key Cryptography. In Proc. of ICISC ′01, LNCS 2288. Springer-Verlag, Berlin, 2001.
D. Pointcheval. How to Encrypt Properly with RSA. CryptoBytes, 5(1):10–19, winter/spring 2002.
D. Pointcheval. Le chiffrement asymétrique et la sécurité prouvée. PhD thesis, université de Paris VII, May 2002. Thèse d’habilitation.
D. Pointcheval and J. Stern. Security Proofs for Signature Schemes. In Eurocrypt ′96, LNCS 1070, pages 387–398. Springer-Verlag, Berlin, 1996.
D. Pointcheval and J. Stern. Security Arguments for Digital Signatures and Blind Signatures. Journal of Cryptology, 13(3):361–396, 2000.
D. Pointcheval and S. Vaudenay. On Provable Security for Digital Signature Algorithms. Technical Report LIENS-96-17, LIENS, October 1996.
J. M. Pollard. Monte Carlo Methods for Index Computation (mod p). Mathematics of Computation, 32(143):918–924, July 1978.
C. Rackoff and D. R. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. In Crypto ′91, LNCS 576, pages 433–444. Springer-Verlag, Berlin, 1992.
R. Rivest. The MD5 Message-Digest Algorithm. RFC 1321, The Internet Engineering Task Force, April 1992.
R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, 21(2):120–126, February 1978.
RSA Data Security, Inc. Public Key Cryptography Standards — PKCS. Available from http://www.rsa.com/rsalabs/pubs/PKCS/.
C. P. Schnorr. Efficient Identification and Signatures for Smart Cards. In Crypto ′89, LNCS 435, pages 235–251. Springer-Verlag, Berlin, 1990.
C. P. Schnorr. Efficient Signature Generation by Smart Cards. Journal of Cryptology, 4(3):161–174, 1991.
C. P. Schnorr and M. Jakobsson. Security of Signed ElGamal Encryption. In Asiacrypt ′00, LNCS 1976, pages 458–469. Springer-Verlag, Berlin, 2000.
D. Shanks. Class Number, a Theory of Factorization, and Genera. In Proceedings of the Symposium on Pure Mathematics, volume 20, pages 415–440. AMS, 1971.
H. Shimizu. On the Improvement of the Håstad Bound. In 1996 IEICE Fall Conference, Volume A-162, 1996. In Japanese.
V. Shoup. Lower Bounds for Discrete Logarithms and Related Problems. In Eurocrypt ′97, LNCS 1233, pages 256–266. Springer-Verlag, Berlin, 1997.
V. Shoup. A Proposal for an ISO Standard for Public-Key Encryption, december 2001. ISO/IEC JTC 1/SC27.
V. Shoup. OAEP Reconsidered. In Crypto ′01, LNCS 2139, pages 239–259. Springer-Verlag, Berlin, 2001. Also appeared in the Cryptology ePrint Archive 2000/060. November 2000. Available from http://eprint.iacr.org/.
V. Shoup. OAEP Reconsidered. Journal of Cryptology, 15(4):223–249, September 2002.
J. Stern, D. Pointcheval, J. Malone-Lee, and N. Smart. Flaws in Applying Proof Methodologies to Signature Schemes. In Crypto ′02, LNCS 2442, pages 93–110. Springer-Verlag, Berlin, 2002.
Y. Tsiounis and M. Yung. On the Security of El Gamal based Encryption. In PKC ′98, LNCS. Springer-Verlag, Berlin, 1998.
S. Vaudenay. Cryptanalysis of the Chor-Rivest Scheme. In Crypto ′98, LNCS 1462, pages 243–256. Springer-Verlag, Berlin, 1998.
G. S. Vernam. Cipher Printing Telegraph Systems for Secret Wire and Radio Telegraphic Communications. Journal of the American Institute of Electrical Engineers, 45:109–115, 1926.
Rights and permissions
Copyright information
© 2005 Birkhäuser Verlag
About this chapter
Cite this chapter
Pointcheval, D. (2005). Provable Security for Public Key Schemes. In: Contemporary Cryptology. Advanced Courses in Mathematics - CRM Barcelona. Birkhäuser Basel. https://doi.org/10.1007/3-7643-7394-6_4
Download citation
DOI: https://doi.org/10.1007/3-7643-7394-6_4
Publisher Name: Birkhäuser Basel
Print ISBN: 978-3-7643-7294-1
Online ISBN: 978-3-7643-7394-8
eBook Packages: Computer ScienceComputer Science (R0)