Results 1 
9 of
9
E±cient cryptographic schemes provably as secure as subset sum
 Proc. 30th IEEE Symposium on Foundations of Computer Science
, 1989
"... ..."
(Show Context)
Practical Approaches to Attaining Security Against Adaptively Chosen Ciphertext Attacks
 In Advances in Cryptology–Crypto ’92
, 1992
"... Abstract. This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with any ciphertexts, except for the e ..."
Abstract

Cited by 25 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks. In an adaptively chosen ciphertext attack, an attacker can query the deciphering algorithm with any ciphertexts, except for the exact object ciphertext to be cryptanalyzed. The rst strengthening method is based on the use of oneway hash functions, the second on the use of universal hash functions and the third on the use of digital signature schemes. Each method is illustrated by an example ofapublickey cryptosystem based on the intractability ofcomputing discrete logarithms in nite elds. Two other issues, namely applications of the methods to public key cryptosystems based on other intractable problems and enhancement of information authentication capability to the cryptosystems, are also discussed. 1
On the Provable Security of an Efficient RSABased Pseudorandom Generator
, 2006
"... Pseudorandom Generators (PRGs) based on the RSA inversion (onewayness) problem have been extensively studied in the literature over the last 25 years. These generators have the attractive feature of provable pseudorandomness security assuming the hardness of the RSA inversion problem. However, de ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
Pseudorandom Generators (PRGs) based on the RSA inversion (onewayness) problem have been extensively studied in the literature over the last 25 years. These generators have the attractive feature of provable pseudorandomness security assuming the hardness of the RSA inversion problem. However, despite extensive study, the most efficient provably secure RSAbased generators output asymptotically only at most O(log n) bits per multiply modulo an RSA modulus of bitlength n, and hence are too slow to be used in many practical applications. To bring theory closer to practice, we present a simple modification to the proof of security by Fischlin and Schnorr of an RSAbased PRG, which shows that one can obtain an RSAbased PRG which outputs Ω(n) bits per multiply and has provable pseudorandomness security assuming the hardness of a wellstudied variant of the RSA inversion problem, where a constant fraction of the plaintext bits are given. Our result gives a positive answer to an open question posed by Gennaro (J. of Cryptology, 2005) regarding finding a PRG beating the rate O(log n) bits per multiply at the cost of a reasonable assumption on RSA inversion.
Survey of computational assumptions used in cryptography broken or not by Shor’s algorithm
, 2001
"... ..."
(Show Context)
Time/Memory/Data Tradeoffs for Variants of the RSA
 Problem, in "Computing and Combinatorics, 19th International Conference, COCOON 2013
"... Abstract. In this paper, we study the security of the MicaliSchnorr pseudorandom number generator. The security of this cryptographic scheme is based on two computational problems which are variants of the RSA problem. The RSA problem essentially aims at recovering the plaintext from a random ciphe ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we study the security of the MicaliSchnorr pseudorandom number generator. The security of this cryptographic scheme is based on two computational problems which are variants of the RSA problem. The RSA problem essentially aims at recovering the plaintext from a random ciphertext. In the analysis of the MicaliSchnorr pseudorandom generator, we are interested in instances of this problem where the plaintext is small and where the ciphertext is not entirely known. We will describe time / memory tradeoff techniques to solve these hard problems which provides the first analysis of this pseudorandom generator 25 years after its publication.
Recovering Private Keys Generated With Weak PRNGs
"... Abstract. Suppose that the private key of discrete logarithmbased or factoringbased publickey primitive is obtained by concatenating the outputs of a linear congruential generator. How seriously is the scheme weakened as a result? While linear congruential generators are cryptographically very we ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Suppose that the private key of discrete logarithmbased or factoringbased publickey primitive is obtained by concatenating the outputs of a linear congruential generator. How seriously is the scheme weakened as a result? While linear congruential generators are cryptographically very weak “pseudorandom ” number generators, the answer to that question is not immediately obvious, since an adversary in such a setting does not get to examine the outputs of the congruential generator directly, but can only obtain an implicit hint about them—namely the public key. In this paper, we take a closer look at that problem, and show that, in most cases, an attack does exist to retrieve the key much faster than with a naive exhaustive search on the seed of the generator. The problem is similar to the one considered by Bellare, Goldwasser and Micciancio regarding DSA and “pseudorandomness”, and this line of work arguably has renewed relevance in view of the sensitive role that random number generation has been found to play in a number of recent noted papers, such as the one by Lenstra et al. at CRYPTO 2012.
ChosenCiphertext Secure RSAtype
"... Abstract. This paper explains how to design fully secure RSAtype cryptosystems from schemes only secure against passive attacks, in the standard model. We rely on instanceindependence assumptions, which, roughly speaking, conjecture that for certain problems, an interactive access to a solver for ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. This paper explains how to design fully secure RSAtype cryptosystems from schemes only secure against passive attacks, in the standard model. We rely on instanceindependence assumptions, which, roughly speaking, conjecture that for certain problems, an interactive access to a solver for another problem does not help the challenger. Previously, instanceindependence assumptions were used in a “negative” way, to prove that certain schemes proven in the random oracle model were not provable in the standard model. Our paradigm applies virtually to all (weakly secure) RSAtype encryption schemes for which publickey RSA exponent can be arbitrarily chosen. As an illustration, we present a chosenciphertext secure variant of the NaccacheStern encryption scheme. Keywords: Chosenciphertext security, publickey encryption, standard model, RSAbased encryption schemes, instanceindependence assumptions, onetime mappable chameleon hashing. 1
Abstract
, 2003
"... We present a simple to implement and efficient pseudorandom generator based on the factoring assumption. It outputs more than pn/2 pseudorandom bits per p exponentiations, each with the same base and an exponent shorter than n/2 bits. Our generator is based on results by H˚astad, Schrift and Shamir ..."
Abstract
 Add to MetaCart
We present a simple to implement and efficient pseudorandom generator based on the factoring assumption. It outputs more than pn/2 pseudorandom bits per p exponentiations, each with the same base and an exponent shorter than n/2 bits. Our generator is based on results by H˚astad, Schrift and Shamir [HSS93], but unlike their generator and its improvement by Goldreich and Rosen [GR00], it does not use hashing or extractors, and is thus simpler and somewhat more efficient. In addition, we present a general technique that can be used to speed up pseudorandom generators based on iterating oneway permutations. We construct our generator by applying this technique to results of [HSS93]. We also show how the generator given by Gennaro [Gen00] can be simply derived from results of Patel and Sundaram [PS98] using our technique.