Practical Security in Public-Key Cryptography

Since the appearance of public-key cryptography in Diffie-Hellman seminal paper, many schemes have been proposed, but many have been broken. Indeed, for many people, the simple fact that a cryptographic algorithm withstands cryptanalytic attacks for several years is considered as a kind of validation. But some schemes took a long time before being widely studied, and maybe thereafter being broken.A much more convincing line of research has tried to provide "provable" security for cryptographic protocols, in a complexity theory sense: if one can break the cryptographic protocol, one can "efficiently" solve the underlying problem. Unfortunately, very few practical schemes can be proven in this so-called "standard model" because such a security level rarely meets with efficiency. Moreover, for a long time the security proofs have only been performed in an asymptotic framework, which provides some confidence in the scheme but for very huge parameters only, and thus for unpractical schemes.A recent trend consists in providing very efficient reductions, with a practical meaning: with usual parameters (such as 1024-bit RSA moduli) the computational cost of any attack is actually 272, given the state of the art about classical problems (e.g. integer factoring).In this paper, we focus on practical schemes together with their "reductionist" security proofs. We cover the two main goals that public-key cryptography is devoted to solve: authentication with digital signatures and confidentiality with public-key encryption schemes.

[1]  Serge Vaudenay,et al.  Cryptanalysis of the Chor-Rivest Cryptosystem , 1998, CRYPTO.

[2]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[3]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[4]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[5]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[6]  David Pointcheval,et al.  Chosen-Ciphertext Security for Any One-Way Cryptosystem , 2000, Public Key Cryptography.

[7]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[8]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[9]  Bruce Schneier,et al.  Reaction Attacks against several Public-Key Cryptosystems , 1999, ICICS.

[10]  Mihir Bellare,et al.  Practice-Oriented Provable Security , 1998, Lectures on Data Security.

[11]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[12]  Chae Hoon Lim,et al.  The Korean certificate-based digital signature algorithm , 1999 .

[13]  V. Nechaev Complexity of a determinate algorithm for the discrete logarithm , 1994 .

[14]  Mihir Bellare,et al.  Optimal Asymmetric Encryption-How to Encrypt with RSA , 1995 .

[15]  Ronald L. Rivest,et al.  A knapsack-type public key cryptosystem based on arithmetic in finite fields , 1988, IEEE Trans. Inf. Theory.

[16]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[17]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[18]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[19]  David Pointcheval,et al.  The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[20]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[21]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[22]  Moti Yung,et al.  On the Security of ElGamal based , 1998 .

[23]  T. Sejnowski,et al.  Practical Security in Public-Key Cryptography , 2002 .

[24]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[25]  Kazuo Ohta,et al.  On Concrete Security Treatment of Signatures Derived from Identification , 1998, CRYPTO.

[26]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[27]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[28]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[29]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[30]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[31]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[32]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[33]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[34]  Yiannis Tsiounis,et al.  On the Security of ElGamal Based Encryption , 1998, Public Key Cryptography.

[35]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[36]  William M. Daley,et al.  Digital Signature Standard (DSS) , 2000 .

[37]  Jacques Stern,et al.  RSA-OAEP Is Secure under the RSA Assumption , 2001, Journal of Cryptology.

[38]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 1999, CCS '99.

[39]  David Pointcheval,et al.  REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform , 2001, CT-RSA.

[40]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[41]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[42]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.