Minimizing the use of random oracles in authenticated encryption schemes

A cryptographic scheme is “provably secure” if an attack on the scheme implies an attack on the underlying primitives it employs. A cryptographic scheme is “provably secure in the random-oracle model” if it uses a cryptographic hash function F and is provably secure when F is modeled by a public random function. Demonstrating that a crypto graphic scheme is provably secure in the random-oracle model engenders much assurance in the scheme's correctness. But there may remain some lingering fear that the concrete hash function which instantiates the random oracle differs from a random function in some significant way. So it is good to limit reliance on random oracles. Here we describe two encryption schemes which use their random oracles in a rather limited way. The schemes achieve semantic security and plaintext awareness under specified assumptions. One scheme uses the RSA primitive; another uses Diffie-Hellman. In either case messages longer than the modulus length can be safely and directly encrypted without relying on the hash functions modeled as random-oracles to be good for private-key encryption.

[1]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2]  Manuel Blum,et al.  An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985, CRYPTO.

[3]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[4]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[5]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[6]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[7]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[8]  J. Feigenbaum Advances in cryptology--CRYPTO '91 : proceedings , 1992 .

[9]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[10]  Jennifer Seberry,et al.  Immunizing Public Key Cryptosystems Against Chosen Ciphertext Attacks , 1993, IEEE J. Sel. Areas Commun..

[11]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[12]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[13]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[14]  Shafi Goldmer An Eflcient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985 .

[15]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[16]  Mihir Bellare,et al.  Optimal Asymmetric Encryption-How to Encrypt with RSA , 1995 .