Securing Threshold Cryptosystems against Chosen Ciphertext Attack

Abstract. For the most compelling applications of threshold cryptosystems, security against chosen cipher text attack is a requirement. However, prior to the results presented here, there appeared to be no practical threshold cryptosystems in the literature that were provably chosen ciphertext secure, even in the idealized random oracle model. The contribution of this paper is to present two very practical threshold cryptosystems, and to prove that they are secure against chosen ciphertext attack in the random oracle model. Not only are these protocols computationally very efficient, but they are also non-interactive, which means they can be easily run over an asynchronous communication network.

[1]  Ran Canetti,et al.  An Efficient Threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack , 1999, EUROCRYPT.

[2]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[5]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 1996, CRYPTO.

[6]  Jacques Stern,et al.  RSA-OAEP Is Secure under the RSA Assumption , 2001, Journal of Cryptology.

[7]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[8]  Stanislav,et al.  Robust and E cient Sharing of RSA FunctionsRosario , 1996 .

[9]  Amit Sahai,et al.  Non-malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization , 1999, CRYPTO.

[10]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[11]  Chae Hoon Lim,et al.  Another Method for Attaining Security Against Adaptively Chosen Ciphertext Attacks , 1993, CRYPTO.

[12]  이필중,et al.  Another method for attaining security against adaptively chosen ciphertext attacks , 1994 .

[13]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[14]  Markus Jakobsson,et al.  A Practical Mix , 1998, EUROCRYPT.

[15]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[16]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[17]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, EUROCRYPT.

[18]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[19]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[20]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[21]  Matthew K. Franklin,et al.  Verifiable Signature Sharing , 1995, EUROCRYPT.

[22]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[23]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[24]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[25]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[26]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[27]  Moti Yung,et al.  Cryptanalysis of the Immunized LL Public Key Systems , 1995, CRYPTO.

[28]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[29]  Yvo Desmedt,et al.  How to Break a Practical MIX and Design a New One , 2000, EUROCRYPT.

[30]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[31]  Ronald Cramer,et al.  A Secure and Optimally Efficient Multi-Authority Election Scheme ( 1 ) , 2000 .

[32]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[33]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[34]  Masayuki Abe,et al.  Robust Distributed Multiplicaton with out Interaction , 1999, CRYPTO.

[35]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[36]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[37]  Michael K. Reiter,et al.  How to securely replicate services , 1992, TOPL.

[38]  Alfredo De Santis,et al.  Zero-knowledge proofs of knowledge without interaction , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[39]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[40]  Chae Hoon Lim,et al.  More Flexible Exponentiation with Precomputation , 1994, CRYPTO.

[41]  Victor Shoup,et al.  Secure and Efficient Asynchronous Broadcast Protocols , 2001, CRYPTO.

[42]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[43]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[44]  David Pointcheval,et al.  Chosen-Ciphertext Security for Any One-Way Cryptosystem , 2000, Public Key Cryptography.

[45]  Victor Shoup,et al.  Using Hash Functions as a Hedge against Chosen Ciphertext Attack , 2000, EUROCRYPT.

[46]  Jennifer Seberry,et al.  Practical Approaches to Attaining Security Against Adaptively Chosen Ciphertext Attacks (Extended Abstract) , 1992, CRYPTO.

[47]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[48]  Joonsang Baek,et al.  Secure Length-Saving ElGamal Encryption under the Computational Diffie-Hellman Assumption , 2000, ACISP.

[49]  Mihir Bellare,et al.  DHAES: An Encryption Scheme Based on the Diffie-Hellman Problem , 1999, IACR Cryptol. ePrint Arch..

[50]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[51]  Stanislaw Jarecki,et al.  Adaptively Secure Threshold Cryptography: Introducing Concurrency, Removing Erasures , 2000, EUROCRYPT.

[52]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[53]  Yiannis Tsiounis,et al.  On the Security of ElGamal Based Encryption , 1998, Public Key Cryptography.

[54]  Moti Yung,et al.  How to share a function securely , 1994, STOC '94.

[55]  S. Micali,et al.  Noninteractive Zero-Knowledge , 1990, SIAM J. Comput..

[56]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, EUROCRYPT.

[57]  Rosario Gennaro,et al.  New Efficient and Secure Protocols for Verifiable Signature Sharing and Other Applications , 1998, J. Comput. Syst. Sci..

[58]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, CRYPTO.

[59]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.