Chosen Ciphertext Secure Encryption under Factoring Assumption Revisited

Mei, Qixiang; Li, Bao; Lu, Xianhui; Jia, Dingding

doi:10.1007/978-3-642-19379-8_13

Cited by 19 publications

(13 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, Hofheinz, Kiltz, and Shoup [16] introduced a simplified version of [15] over the group of signed quadratic residue modulo N, QR + N . Later, Mei et al [24] instantiated the first scheme of Hofheinz and Kiltz over a a semi-smooth subgroup. Because the exponent domain of this group is much smaller than the original one, the efficiency is substantially improved.…”

Section: B Chosen Ciphertext Security In the Standard Modelmentioning

confidence: 98%

Toward Construction of PVPKE in the Standard Model Based on Factoring Assumption

Wang

Nie

Ding

et al. 2013

2013 5th International Conference on Intelligent Networking and Collaborative Systems

View full text Add to dashboard Cite

Recently, we introduced an interesting cryptographic primitive: CCA Secure Publicly verifiable Public Key Encryption Without Pairings In the Standard Model (PVPKE) and discussed its application in constructing of chosen ciphertext secure proxy re-encryption (PRE) and chosen ciphertext secure threshold public key encryption (TPKE) [32]. Recently Hofheiz and Kiltz [16] proposed a practical chosen ciphertext secure encryption from factoring assumption in the signed quadratic residues group (HK09 scheme). In this paper, we try to modify the HK09 scheme to meet the requirements of PVPKE, that is, how to publicly verify the ciphertext's validity. Towards this goal, we propose three schemes and roughly analysis its feature and security. We believe our results will be useful to guide a final good result.

show abstract

Section: B Chosen Ciphertext Security In the Standard Modelmentioning

confidence: 98%

Toward Construction of PVPKE in the Standard Model Based on Factoring Assumption

Wang

Nie

Ding

et al. 2013

2013 5th International Conference on Intelligent Networking and Collaborative Systems

View full text Add to dashboard Cite

show abstract

“…Its security is proved under the existence of such KEMs, a KDF, and a PRF in the StdM. IND-CCA secure KEM schemes have been shown from the hardness of integer factoring [HK09a,MLLJ11], code-based problems [McE78,DMQN09], or lattice problems [PW08,Pei09,CHKP10,ABB10a,ABB10b,SSTX09,LPR10]. To the best of our knowledge, our generic construction provides the first CK + secure AKE protocols based on the hardness of the above problems.…”

Section: Our Contributionmentioning

confidence: 99%

“…The Hofheinz-Kiltz PKE [HK09a] and the Mei-Li-Lu-Jia PKE [MLLJ11] are IND-CCA secure in the StdM under the factoring assumption. Furthermore, by applying the fact [HK09b] For concreteness the expected ciphertext overhead for a 128-bit implementation is also given.…”

Section: Factoring-basedmentioning

confidence: 99%

Strongly secure authenticated key exchange from factoring, codes, and lattices

Fujioka

Suzuki

Xagawa

et al. 2014

Des. Codes Cryptogr.

View full text Add to dashboard Cite

Abstract. An unresolved problem in research on authenticated key exchange (AKE) is to construct a secure protocol against advanced attacks such as key compromise impersonation and maximal exposure attacks without relying on random oracles. HMQV, a state of the art AKE protocol, achieves both efficiency and the strong security proposed by Krawczyk (we call it the CK + model), which includes resistance to advanced attacks. However, the security proof is given under the random oracle model. We propose a generic construction of AKE from a key encapsulation mechanism (KEM). The construction is based on a chosen-ciphertext secure KEM, and the resultant AKE protocol is CK + secure in the standard model. The construction gives the first CK + secure AKE protocols based on the hardness of integer factorization problem, code-based problems, or learning problems with errors. In addition, instantiations under the Diffie-Hellman assumption or its variant can be proved to have strong security without non-standard assumptions such as πPRF and KEA1. Furthermore, we extend the CK + model to identity-based (called the id-CK + model), and propose a generic construction of identity-based AKE (ID-AKE) based on identity-based KEM, which satisfies id-CK + security. The construction leads first strongly secure ID-AKE protocols under the hardness of integer factorization problem, or learning problems with errors.

show abstract

“…However, it is important to note that our scheme is constructed from Rabin's one‐way trapdoor permutation instead of ElGamal OW‐TDF. When we consider the instantiation of our scheme over signed semismooth subgroup, it has even more efficient encryption and decryption than the second scheme of Mei et al In fact, all the PKE schemes presented here and in are CCA‐secure key encapsulation mechanisms (KEMs). Moreover, we remark that the technique described in to construct CCA‐secure hybrid public‐key encryption (HPKE) scheme from a CCA‐secure KEM combined with a CCA‐secure one‐time symmetric key encryption (SKE) scheme fits our result.…”

Section: Introductionmentioning

confidence: 99%

“…Hence, extra squaring operations during the decryption process can be avoided, simplifying the original scheme. Later, Mei et al instantiated the first scheme of Hofheinz and Kiltz over a much smaller subgroup of quadratic residue group, namely a semismooth subgroup. Because the exponent domain of this instantiation is much smaller than the original one, the efficiency is substantially improved.…”

Section: Introductionmentioning

confidence: 99%

Efficient chosen ciphertext secure public‐key encryption under factoring assumption

Qin

Liu

2012

Security Comm Networks

View full text Add to dashboard Cite

In EUROCRYPT 2009, Hofheinz and Kiltz introduced a new practical chosen ciphertext secure public-key encryption scheme under the assumption that factoring is intractable. They also proposed a variant that features a slightly more efficient decryption but unfortunately leads to large public key, of size about O(k), where k is a security parameter. In this paper, we propose a novel method to balance the efficiency and the key size of those previous two schemes. Although the public key in our scheme only consists of one RSA modulus and three group elements, it is still more efficient at decrypting than Hofheinz and Kiltz's scheme. By remarking that under certain assumptions factoring the modulus is still hard over much smaller subgroups of signed quadratic residues (i.e., semismooth subgroup), we were able to construct a new scheme that performs extremely efficient decryption. In fact, to date, this is the most efficient scheme for decryption among all public-key encryption schemes (mainly including Hofheinz and Kiltz's schemes and their follow-up works) whose security against chosen ciphertext attacks is based on the intractability of factoring in the standard model.

show abstract

Chosen Ciphertext Secure Encryption under Factoring Assumption Revisited

Cited by 19 publications

References 30 publications

Toward Construction of PVPKE in the Standard Model Based on Factoring Assumption

Toward Construction of PVPKE in the Standard Model Based on Factoring Assumption

Strongly secure authenticated key exchange from factoring, codes, and lattices

Efficient chosen ciphertext secure public‐key encryption under factoring assumption

Contact Info

Product

Resources

About