T. Okamoto, E. Fujisaki, and H. Morita. PSEC: Provably Secure Elliptic Curve Encryption Scheme. Submission to IEEE P1363a. March 1999. Available from http://grouper.ieee.org/groups/1363/.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....a basic requirement for any new cryptographic protocol. Therefore, for the last twoyears, many cryptosystems have been proposed. Some furthermore introduced new problems [17, 21, 18, 23, 26] other are intricate constructions, over old schemes, to reach chosen ciphertext security (from El Gamal [33, 32, 9, 1, 20], OkamotoUchiyama [22] D RSA [25] or Paillier [24] with specific security proofs. 10 Indeed, it is easy to describe a one way cryptosystem from any trapdoor problem. Furthermore, such trapdoor problems are not so rare (Diffie Hellman [10] factorization, RSA [29] elliptic curves, McEliece ....

T. Okamoto, E. Fujisaki, and H. Morita. PSEC: Provably Secure Elliptic Curve Encryption Scheme. Submission to IEEE P1363a. March 1999. Available from http://grouper.ieee.org/groups/1363/.

....commonly used in practice does not satisfy basic security notions (even under the Decision Die Hellman assumption [5] 1 . To obtain secure systems using RSA and ElGamal one must apply a preprocessing function to the plaintext prior to encryption, or a conversion to the encryption function (see [10, 16, 13] for instance) Recent standards for RSA [15] use Optimal Asymmetric Encryption 1 Implementations of ElGamal often use an element g 2 Z p of prime order q where q is much smaller than p. When the set of plaintexts is equal to the subgroup generated by g, the Decision Die Hellman assumption ....

....secure the ciphertext leaks the Legendre symbol of the plaintext. Padding (OAEP) which is known to be secure against a chosen ciphertext attack in the random oracle model [4] Currently, there is no equivalent preprocessing standard for ElGamal encryption, although several proposals exist [1, 10, 16, 13]. Unfortunately, many textbook descriptions of RSA and ElGamal do not view these preprocessing functions as an integral part of the encryption scheme. Instead, common descriptions are content with an explanation of the plain systems. In this paper we give a simple, yet powerful, attack against ....

[Article contains additional citation context not shown here]

T. Okamoto and D. Pointcheval, \PSEC-3: Provably Secure Elliptic Curve Encryption Scheme", Submission to IEEE P1363a, 2000.

....requires the permutation property. Very recently the authors, together with other people [13, 14, 26, 22] proposed some generic conversions from any probabilistic trapdoor one way function into a chosen ciphertext secure encryption scheme. The first two conversions led to the EPOC [24] and PSEC [21] IEEE P1363a proposals. The most recent conversion can apply to any (partially) trapdoor one way function into a chosen ciphertext secure encryption scheme, in an optimal way, from the computational point of view. Indeed, all the previous conversions required a re encryption in the decryption ....

T. Okamoto, E. Fujisaki, and H. Morita. PSEC: Provably Secure Elliptic Curve Encryption Scheme. Submission to IEEE P1363a. March 1999. Available from http://grouper.ieee.org/groups/1363/.

....2 ( m) y c 3 : E sym hash1 ( m) then m : m else m : return (c 1 ; c 2 ; c 3 ) return m. Note 15. Let k = jqj be a security parameter. The ElGamal encryption primitive, associated with 1 k , is 2 k uniform. For an application to the elliptic curve encryption system, see [15]. 6.2 Implementation for the Okamoto Uchiyama Scheme Let n = p 2 q be a large positive integer such that p and q are both primes of the same size, i.e. jpj = jqj = k 1. Let Z=nZ and (Z=nZ) be the integer ring modulo n and the multiplicative group of Z=nZ. We assume that the factoring ....

T. Okamoto, E. Fujisaki and H. Morita, \PSEC: Provably Secure Elliptic Curve Encryption Scheme", Submission to IEEE P1363a, March 1999.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC