论文信息 - NAEP: Provable Security in the Presence of Decryption Failures

NAEP: Provable Security in the Presence of Decryption Failures

We consider the impact of the possibility of decryption failures in proofs of security for padding schemes, where these failures are both message and key dependent. We explain that an average case failure analysis is not necessarily sufficient to achieve provable security with existing CCA2-secure schemes. On a positive note, we introduce NAEP, an efficient padding scheme similar to PSS-E designed especially for the NTRU one-way function. We show that with this padding scheme we can prove security in the presence of decryption failures, under certain explicitly stated assumptions. We also discuss the applicability of proofs of security to instantiated cryptosystems in general, introducing a more practical notion of cost to describe the power of an adversary.

[1] Tatsuaki Okamoto,et al. How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[2] David Pointcheval,et al. Analysis and Improvements of NTRU Encryption Paddings , 2002, CRYPTO.

[3] Joseph H. Silverman,et al. Random small Hamming weight products with applications to cryptography , 2003, Discret. Appl. Math..

[4] Dan Boneh,et al. Simplified OAEP for the RSA and Rabin Functions , 2001, CRYPTO.

[5] John Proos. Imperfect Decryption and an Attack on the NTRU Encryption Scheme , 2003, IACR Cryptol. ePrint Arch..

[6] J. Silverman. Invertibility in Truncated Polynomial Rings , 1998 .

[7] Mihir Bellare,et al. Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[8] Joseph H. Silverman,et al. Optimizations for NTRU , 2001 .

[9] Joseph H. Silverman,et al. Dimension Reduction Methods for Convolution Modular Lattices , 2001, CaLC.