Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks

  title={Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks},
  author={Ivan Damg{\aa}rd},
  • I. Damgård
  • Published in CRYPTO 11 August 1991
  • Mathematics, Computer Science
We present two efficient constructions aimed at making public key systems secure against chosen ciphertext attacks. The first one applies to any deterministic public key system and modifies it into a system that is provably as hard to break under a passive attack as the original one, but has the potential of making a chosen ciphertext attack useless to an enemy. The second construction applies to the El Gamal/Diffie-Hellman public key system. Again, the modified system is provably as hard to… 
How to Enhance the Security of Public-Key Encryption at Minimum Cost
This paper presents a simple and efficient conversion from a semantically secure public-key encryption scheme against passive adversaries to a non-malleable (or semantically secure) public-key
Practical Approaches to Attaining Security Against Adaptively Chosen Ciphertext Attacks (Extended Abstract)
This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks, based on the use of one-way hash functions, universal hash functions and the Use of digital signature schemes.
An Efficient Public Key Cryptosystem Secure Against Chosen Ciphertext Attack
The main advantage of the schemes is that they employ a problem equivalent to the well-studied RSA problem, and thus the resulting schemes are as secure as the RSA system.
Immunizing Public Key Cryptosystems Against Chosen Ciphertext Attacks
Three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks are presented and security of the three example cryptosSystems is formally proved.
Another Method for Attaining Security Against Adaptively Chosen Ciphertext Attacks
A new method for immunizing public key cryptosystems against adaptively chosen ciphertext attacks, where the deciphering algorithm first checks that the ciphertext is legitimate and then outputs the matching plaintext only when the check is successful.
Securing Threshold Cryptosystems against Chosen Ciphertext Attack
This paper presents two very practical threshold cryptosystems and proves that they are secure against chosen ciphertext attack in the random oracle model, and not only are these protocols computationally very efficient, but they are also non-interactive, which means they can be easily run over an asynchronous communication network.
Cryptanalysis of the Immunized LL Public Key Systems
This paper demonstrates that the RSA based scheme is insecure under an adaptive chosen ciphertext attack, and point weaknesses in the design of both their RSA and EI Gamal based schemes regarding the use of pseudorandom-generators.
A New Security Definition for Public Key Encryption Schemes and Its Applications
A slightly weaker version of IND-CCA is proposed, which requires ciphertexts of two randomly selected messages are indistinguishable under chosen ciphertext attacks, and it is shown that highly efficient schemes proven secure in the standard model can be built in a straightforward way.
A Study on Efficient Identification Schemes Secure against Concurrent Man-in-the-Middle Attacks
The ID schemes obtained from the proposed generic conversion from a KEM to an ID scheme are cMiM secure and show the highest efficiency in both computational amount and message length as compared with previously known c MiM secure ID schemes.
Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack
A new public-key encryption scheme, along with several variants, is proposed and analyzed that appear to be the first public- key encryption schemes in the literature that are simultaneously practical and provably secure.


Public-key cryptosystems provably secure against chosen ciphertext attacks
We show how to construct a public-key cryptosystem (as originally defined by DiNe and Hellman) secure against chosen ciphertezt attacks, given a public-key cryptosystern secure against passive
An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information
This paper introduces the first probabilistic public-key encryption scheme which combines the following two properties: perfect secrecy with respect to polynomial time eavesdroppers and effectiveness in both encoding and decoding time and bandwidth expansion.
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
A formalization of chosen ciphertext attack is given in the model which is stronger than the "lunchtime attack" considered by Naor and Yung, and it is proved a non-interactive public-key cryptosystem based on non-Interactive zero-knowledge proof of knowledge to be secure against it.
A public key cryptosystem and a signature scheme based on discrete logarithms
A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the
A "Paradoxical'"Solution to the Signature Problem (Abstract)
A general signature scheme which uses any pair of trap-door permutations for which it is infeasible to find any x, y with f0(x) = f1(y) and possesses the novel property of being robust against an adaptive chosen message attack.
Diffie-Hellman is as Strong as Discrete Log for Certain Primes
It is proven that both the discrete log problem and the Diffie-Hellman key exchange scheme are (probabilisticly) polynomial-time equivalent if the totient of P-l has only small prime factors with respect to a (fixed)Polynomial in 2logP.
On the Composition of Zero-Knowledge Proof Systems
A basic question concerning zero-knowledge proof systems is whether their (sequential and/or parallel) composition is zero-knowledge too. This question is not only of natural theoretical interest,
Zero-knowledge proofs of identity
This paper defines the definition of unrestricted input zero- knowledge proofs of knowledge in which the prover demonstrates possession of knowledge without revealing any computational information whatsoever (not even the one bit revealed in zero-knowledge proofs of assertions).