On Achieving Chosen Ciphertext Security with Decryption Errors

Perfect decryption has been always assumed in the research of public key encryption, however, this is not true all the time. For some public key encryption primitives, like NTRU [9] or Ajtai-Dwork [1], the decryption process may not obtain the corresponding message even the encryption and decryption are run correctly. Furthermore, such a kind of decryption errors will lead to some dangerous attacks against the underlying primitive. Another interesting point is that, those primitives are not based on the factoring, nor the discrete log problem which are subject to the Shor's algorithm [18] with quantum computers. This kind of primitives may be promising in the post-quantum cryptography. Therefore, the decryption errors deserve much attention and should be coped with carefully. In this paper, our main technique is not to use any error-correcting codes to eliminate the errors, but to use some padding (transform) to hide bad errors from attacker's control. We 1) efficiently enhance these error-prone public key encryption primitives to the chosen ciphertext security, even in the presence of the decryption errors, and 2) show that the solution is more generic, rather than some specific padding methods previously presented, to thwart the decryption errors based attacks successfully.

[1]  Jean-Sébastien Coron,et al.  Universal Padding Schemes for RSA , 2002, CRYPTO.

[2]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[3]  Cynthia Dwork,et al.  A public-key cryptosystem with worst-case/average-case equivalence , 1997, STOC '97.

[4]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[5]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[6]  Moni Naor,et al.  Immunizing Encryption Schemes from Decryption Errors , 2004, EUROCRYPT.

[7]  David Pointcheval,et al.  The Impact of Decryption Failures on the Security of NTRU Encryption , 2003, CRYPTO.

[8]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[9]  Mihir Bellare,et al.  Optimal Asymmetric Encryption-How to Encrypt with RSA , 1995 .

[10]  Oded Goldreich,et al.  Eliminating Decryption Errors in the Ajtai-Dwork Cryptosystem , 1997, Electron. Colloquium Comput. Complex..

[11]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[12]  Phong Q. Nguyen Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97 , 1999, CRYPTO.

[13]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[14]  David Pointcheval,et al.  OAEP 3-Round: A Generic and Secure Asymmetric Encryption Padding , 2004, ASIACRYPT.

[15]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[16]  John Proos Imperfect Decryption and an Attack on the NTRU Encryption Scheme , 2003, IACR Cryptol. ePrint Arch..

[17]  David Pointcheval,et al.  Chosen-Ciphertext Security without Redundancy , 2003, ASIACRYPT.

[18]  David Pointcheval,et al.  REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform , 2001, CT-RSA.