Trading One-Wayness Against Chosen-Ciphertext Security in Factoring-Based Encryption

@inproceedings{Paillier2006TradingOA,
  title={Trading One-Wayness Against Chosen-Ciphertext Security in Factoring-Based Encryption},
  author={Pascal Paillier and Jorge Luis Villar},
  booktitle={ASIACRYPT},
  year={2006}
}
We revisit a long-lived folklore impossibility result for factoring-based encryption and properly establish that reaching maximally secure one-wayness (i.e. equivalent to factoring) and resisting chosenciphertext attacks (CCA) are incompatible goals for single-key cryptosystems. We pinpoint two tradeoffs between security notions in the standard model that have always remained unnoticed in the Random Oracle (RO) model. These imply that simple RO-model schemes such as Rabin/RW-SAEP[+]/OAEP… CONTINUE READING
Highly Cited
This paper has 47 citations. REVIEW CITATIONS