A Public-Key Encryption Scheme with Pseudo-random Ciphertexts

This work presents a practical public-key encryption scheme that offers security under adaptive chosen-ciphertext attack (CCA) and has pseudo-random ciphertexts, i.e. ciphertexts indistinguishable from random bit strings. Ciphertext pseudo-randomness has applications in steganography. The new scheme features short ciphertexts due to the use of elliptic curve cryptography, with ciphertext pseudo-randomness achieved through a new key encapsulation mechanism (KEM) based on elliptic curve Diffie-Hellman with a pair of elliptic curves where each curve is a twist of the other. The public-key encryption scheme resembles the hybrid DHIES construction; besides by using the new KEM, it differs from DHIES in that it uses an authenticate-then-encrypt (AtE) rather than encrypt-then-authenticate (EtA) approach for symmetric cryptography.

[1]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[2]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[3]  Robert Harley,et al.  Finding Secure Curves with the Satoh-FGH Algorithm and an Early-Abort Strategy , 2001, EUROCRYPT.

[4]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[5]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[6]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[7]  R. Lercier,et al.  "Finding good random elliptic curves for cryptosystems defined over F_ ," EUROCRYPT '97 , 1997 .

[8]  Nicholas Hopper,et al.  Public-Key Steganography , 2003, EUROCRYPT.

[9]  David Naccache,et al.  Topics in Cryptology — CT-RSA 2001 , 2001, Lecture Notes in Computer Science.

[10]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[11]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[12]  Morris J. Dworkin,et al.  SP 800-38A 2001 edition. Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[13]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[14]  Burton S. Kaliski,et al.  One-way permutations on elliptic curves , 2004, Journal of Cryptology.

[15]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[16]  Junji Shikata,et al.  Equivalence between Semantic Security and Indistinguishability against Chosen Ciphertext Attacks , 2003, Public Key Cryptography.

[17]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[18]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[19]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[20]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[21]  R. Lercier Finding Good Random Elliptic Curves for Cryptosystems Defined over % MathType!MTEF!2!1!+-% feaafiart1ev1aaatCvAUfKttLearuqr1ngBPrgarmWu51MyVXgatC% vAUfeBSjuyZL2yd9gzLbvyNv2CaeHbd9wDYLwzYbItLDharyavP1wz% ZbItLDhis9wBH5garqqtubsr4rNCHbGeaGqiVu0Je9sqqrpepC0xbb% L8F4rqqrFfpeea0xe9Lq-Jc9vqaqpepm0xbba9pwe , 1997 .

[22]  Klaus P. Jantke,et al.  Analogical and Inductive Inference , 1986, Lecture Notes in Computer Science.

[23]  S. Galbraith,et al.  The Probability that the Number of Points on an Elliptic Curve over a Finite Field is Prime , 2000 .

[24]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[25]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[26]  David Lubicz,et al.  Counting Points on Elliptic Curves over Finite Fields of Small Characteristic in Quasi Quadratic Time , 2003, EUROCRYPT.

[27]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[28]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[29]  James W. Moore,et al.  Institute of Electrical and Electronics Engineers (IEEE) , 2002 .

[30]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[31]  Victor Shoup,et al.  A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[32]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[33]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[34]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[35]  David Pointcheval,et al.  The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[36]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[37]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[38]  Michael Backes,et al.  Public-Key Steganography with Active Attacks , 2005, TCC.

[39]  Burton S. Kaliski,et al.  A Pseudo-Random Bit Generator Based on Elliptic Logarithms , 1986, CRYPTO.

[40]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[41]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[42]  Mihir Bellare,et al.  DHAES: An Encryption Scheme Based on the Diffie-Hellman Problem , 1999, IACR Cryptol. ePrint Arch..

[43]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..