Another look at "provable security"

Journal of Cryptology

Volumn 20, Issue 1, 2007, Pages 3-37

  Koblitz, Neal ^a   Menezes, Alfred J ^b  

^a UNIVERSITY OF WASHINGTON   (United States)

^b UNIVERSITY OF WATERLOO   (Canada)

Author keywords

Cryptography; Provable security; Public key

Indexed keywords

INFORMAL ANALYSIS; MATHEMATICAL PUBLIC; PROVABLE SECURITY; THEOREM PROOF PARADIGM;

MATHEMATICAL TECHNIQUES; PUBLIC KEY CRYPTOGRAPHY; TERMINOLOGY; THEOREM PROVING;

SECURITY OF DATA;

EID: 33846856917     PISSN: 09332790     EISSN: 14321378     Source Type: Journal    
DOI: 10.1007/s00145-005-0432-z     Document Type: Article

References (63)

1. D. Agrawal, B. Archambeault, J. Rao and P. Rohatgi, The EM side-channel(s), Cryptographic Hardware and Embedded Systems - CHES 2002, LNCS 2523, Springer-Verlag, Berlin, 2002, pp. 29-45.
2. M. Agrawal, N. Kayal and N. Saxena, PRIMES is in P, Ann. of Math., 160 (2004), 781-793.
3. M. Bellare, Practice-oriented provable-security, Proc. First International Workshop on Information Security (ISW '97), LNCS 1396, Springer-Verlag, Berlin, 1998, pp. 221-231.
4. M. Bellare, A. Boldyreva and A. Palacio, An uninstantiable random-oracle-model scheme for a hybrid-encryption problem, Cryptology ePrint Archive, Report 2003/077, 2004.
5. M. Bellare, A. Boldyreva and A. Palacio, An uninstantiable random-oracle-model scheme for a hybrid-encryption problem, Advances in Cryptology - Eurocrypt 2004, LNCS 3027, Springer-Verlag, Berlin, 2004, pp. 171-188.
6. M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, Proc. First Annual Conf. Computer and Communications Security, ACM, New York, 1993, pp. 62-73.
7. M. Bellare and P. Rogaway, Optimal asymmetric encryption - how to encrypt with RSA, Advances in Cryptology - Eurocrypt '94, LNCS 950, Springer-Verlag, Berlin, 1994, pp. 92-111.
8. M. Bellare and P. Rogaway, The exact security of digital signatures - how to sign with RSA and Rabin, Advances in Cryptology - Eurocrypt '96, LNCS 1070, Springer-Verlag, Berlin, 1996, pp. 399-416.
9. D. Bernstein, Proving tight security for standard Rabin-Williams signatures, Preprint, 2003.
10. D. Bleichenbacher, A chosen ciphertext attack against protocols based on the RSA encryption standard PKCS #1, Advances in Cryptology - Crypto '98, LNCS 1462, Springer-Verlag, Berlin, 1998, pp. 1-12.
11. D. Boneh, The decision Diffie-Hellman problem, Five. Third Algorithmic Number Theory Symp., LNCS 1423, Springer-Verlag, Berlin, 1998, pp. 48-63.
12. D. Boneh, Simplified OAEP for the RSA and Rabin functions, Advances in Cryptology - Crypto 2001, LNCS 2139, Springer-Verlag, Berlin, 2001, pp. 275-291.
13. D. Boneh, R. DeMillo and R. Lipton, On the importance of checking cryptographic protocols for faults, Advances in Cryptology - Eurocrypt '97, LNCS 1233, Springer-Verlag, Berlin, 1997, pp. 37-51.
14. D. Boneh and R. Lipton, Algorithms for black-box fields and their application to cryptography, Advances in Cryptology - Crypto '96, LNCS 1109, Springer-Verlag, Berlin, 1996, pp. 283-297.
15. D. Boneh, B. Lynn and H. Shacham, Short signatures from the Weil pairing, J. Cryptology, 17 (2004), 297-319.
16. D. Boneh and R. Venkatesan, Breaking RSA may not be equivalent to factoring, Advances in Cryptology - Eurocrypt '98, LNCS 1233, Springer-Verlag, Berlin, 1998, pp. 59-71.
17. D. Branstad and M. Smid, Responses to comments on the NIST proposed digital signature standard, Advances in Cryptology - Crypto '92, LNCS 740, Springer-Verlag, Berlin, 1993, pp. 76-88.
18. R. Canetti, O. Goldreich and S. Halevi, The random oracle model revisited, Proc. 30th Annual Symp. Theory of Computing, ACM, New York, 1998, pp. 209-218.
19. Certicom Corp., Certicom announces elliptic curve cryptography challenge winner, Press Release, 27 April 2004.
20. D. Coppersmith, Finding a small root of a univariate modular equation, Advances in Cryptology Eurocrypt '96, LNCS 1070. Springer-Verlag, Berlin, 1996, pp. 155-165.
21. J.-S. Coron, On the exact security of full domain hash, Advances in Cryptology - Crypto 2000, LNCS 1880, Springer-Verlag, Berlin, 2000, pp. 229-235.
22. J.-S. Coron, Optimal security proofs for PSS and other signature schemes, Advances in Cryptology Eurocrypt 2002, LNCS 2332, Springer-Verlag, Berlin, 2002, pp. 272-287.
23. R. Cramer and V. Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack, Advances in Cryptology - Crypto '98, LNCS 1462, Springer-Verlag, Berlin, 1998, pp. 13-25.
24. W. Diffie and M. Hellman, New directions in cryptography, IEEE Trans. Inform. Theory, IT-22 (1976), 644-654.
25. T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inform. Theory, IT-31 (1985), 469-472.
26. A. Fiat and A. Shamir, How to prove yourself: practical solutions to identification and signature problems, Advances in Cryptology - Crypto '86, LNCS 263, Springer-Verlag, Berlin, 1987, pp. 186-194.
27. E. Fujisaki, T. Okamoto, D. Pointcheval and J. Stern, RSA-OAEP is secure under the RSA assumption, Advances in Cryptology - Crypto 2001, LNCS 2139, Springer-Verlag, Berlin, 2001, pp. 260-274.
28. M. Garey and D. Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness, Freeman, San Franicsco, CA, 1979.
29. E. Goh and S. Jarecki, A signature scheme as secure as the Diffie-Hellman problem, Advances in Cryptology - Eurocrypt 2003, LNCS 2656, Springer-Verlag, Berlin, 2003, pp. 401-415.
30. O. Goldreich, Foundations of Cryptography, Vol. 2, Cambridge University Press, Cambridge, 2004.
31. S. Goldwasser and S. Micali, Probabilistic encryption and how to play mental poker keeping secret all partial information, Proc. 14th Annual Symp. Theory of Computing, ACM, New York, 1982, pp. 365-377.
32. S. Goldwasser and S. Micali, Probabilistic encryption, J. Comput. System Sci., 28 (1984), 270-299.
33. S. Goldwasser, S. Micali and R. Rivest, A "paradoxical" solution to the signature problem, Proc. 25th Annual Symp. Foundations of Comput. Science, 1984, pp. 441-448.
34. S. Goldwasser, S. Micali and R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks, SIAM J. Comput., 17 (1988), 281-308.
35. S. Goldwasser and Y. Tauman, On the (in)security of the Fiat-Shamir paradigm, Proc. 44th Annual Symp. Foundations of Comput. Science, 2003, pp. 102-113.
36. S. Goldwasser and Y. Tauman, On the (in)security of the Fiat-Shamir paradigm, Cryptology ePrint Archive, Report 2003/034, 2003.
37. A. Joux and K. Nguyen, Separating Decision Diffie-Hellman from Computational Diffie-Hellman in cryptographic groups, J. Cryptology, 16 (2003), 239-247.
38. J. Katz and N. Wang, Efficiency improvements for signature schemes with tight security reductions, Proc. 10th ACM Conf. Computer and Communications Security, 2003, pp. 155- 164.
39. N. Koblitz, A Course in Number Theory and Cryptography, Springer-Verlag, Berlin, 1987.
40. P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, Advances in Cryptology - Crypto '96, LNCS 1109, Springer-Verlag, Berlin, 1996, pp. 104-113.
41. P. Kocher, J. Jaffe and B. Jun, Differential power analysis, Advances in Cryptology - Crypto '99, LNCS 1666, Springer-Verlag, Berlin, 1999, pp. 388-397.
42. J. Manger, A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS #1 v2.0, Advances in Cryptology - Crypto 2001, LNCS 2139, Springer-Verlag, Berlin, 2001, pp. 230-238.
43. U. Maurer, Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete logarithms, Advances in Cryptology - Crypto '94, LNCS 839, Springer-Verlag, Berlin, 1994, pp. 271-281.
44. U. Maurer and S. Wolf, The relationship between breaking the Diffie-Hellman protocol and computing discrete logarithms, SIAM J. Comput., 28(5) (1999), 1689-1731.
45. A. J. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer, Dordrecht, 1993.
46. S. Micali, C. Rackoff and B. Sloan, The notion of security for probabilistic cryptosystems, SIAM J. Comput., 17 (1988), 412-426.
47. A. Miyaji, M. Nakabayashi and S. Takano, New explicit conditions of elliptic curve traces for FR-reduction, IEICE-Trans. Fund. Election., Commun. Comput. Sci., E84-A(5) (2001), 1234-1243.
48. M. Naor and M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks, Proc. 22nd Annual Symp. Theory of Computing, ACM, New York, 1990, pp. 427-437.
49. D. Pointcheval and J. Stern, Security proofs for signature schemes, Advances in Cryptology - Eurocrypt '96, LNCS 1070, Springer-Verlag, Berlin, 1996, pp. 387-398.
50. D. Pointcheval and J. Stern, Security arguments for digital signatures and blind signatures, J. Cryptology, 13 (2000), 361-396.
51. M. Rabin, Digitalized signatures and public-key functions as intractable as factorization, Technical Report LCS/TR-212, MIT Lab. for Computer Science, 1979.
52. C. Rackoff and D. Simon, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack, Advances in Cryptology - Crypto '91, LNCS 576, Springer-Verlag, Berlin, 1992, pp. 433-444.
53. R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems, Commun. ACM, 21(2) (1978), 120-126.
54. RSA Security Inc., Mathematicians from around the world collaborate to solve latest RSA factoring challenge, Press Release, 27 April 2004.
55. C. P. Schnorr, Efficient signature generation for smart cards, J. Cryptology, 4 (1991), 161-174.
56. V. Shoup, Using hash functions as a hedge against chosen ciphertext attack, Advances in Cryptology - Eurocrypt 2000, LNCS 1807, Springer-Verlag, Berlin, 2000, pp. 275-288.
57. V. Shoup, OAEP reconsidered, Advances in Cryptology - Crypto 2001, LNCS 2139, Springer-Verlag, Berlin, 2001, pp. 239-259.
58. J. Stern, Why provable security matters, Advances in Cryptology - Eurocrypt 2003, LNCS 2656, Springer-Verlag, Berlin, 2003, pp. 449-461.
59. J. Stern, D. Pointcheval, J. Malone-Lee and N. Smart, Flaws in applying proof methodologies to signature schemes, Advances in Cryptology - Crypto 2002, LNCS 2442, Springer- Verlag, Berlin, 2002, pp. 93-110.
60. R. Taylor and A. Wiles, Ring-theoretic properties of certain Hecke algebras, Ann. of Math., 141 (1995), 553-572.
61. Y. Watanabe, J. Shikata and H. Imai, Equivalence between semantic security and indistinguishability against chosen ciphertext attacks, Public Key Cryptography - PKC 2003, LNCS 2567, Springer-Verlag, Berlin, 2003, pp. 71-84.
62. A. Wiles, Modular elliptic curves and Fermat's Last Theorem, Ann. of Math., 141 (1995), 443-551.
63. H. Williams, A modification of the RSA public-key encryption procedure, IEEE Trans. Inform. Theory, IT-26 (1980), 726-729.