## Improved public key cryptosystems secure against chosen ciphertext attacks (1994)

### Cached

### Download Links

Citations: | 5 - 1 self |

### BibTeX

@TECHREPORT{Zheng94improvedpublic,

author = {Yuliang Zheng},

title = {Improved public key cryptosystems secure against chosen ciphertext attacks},

institution = {},

year = {1994}

}

### OpenURL

### Abstract

This short note describes an improvement to the rst two of the three public key cryptosystems proposed by Zheng and Seberry, which are provably secure against chosen ciphertext attacks. The improvement removes a shortcoming with the original cryptosystems, which occurs when they are used for both con dentiality and sender authentication purposes. 1

### Citations

2714 | New directions in cryptography, in
- Diffie, Hellman
(Show Context)
Citation Context ...the RSA function and the exponentiation function on elliptic or hyper-elliptic curves defined over large finite fields. 2 Notation The cryptosystems are reminiscent of the Diffie-Hellman cryptosystem =-=[DH76]-=- and El Gamal cryptosystem [ElG85] in their use of a n-bit (public) prime p and a (public) generator g of the multiplicative group GF (p) of the finite field GF (p). Here n is a security parameter whi... |

1334 | Random oracles are practical: A paradigm for designing efficient protocols
- Bellare, Rogaway
- 1993
(Show Context)
Citation Context ...xt attacks. These cryptosystems are the first which feature both practicality and provable security against chosen ciphertext attacks, and have attracted notable attention from the research community =-=[BR93, LL94]-=-. In particular, main ideas in [ZS93] have been further developed by Bellare and Rogaway to design practical digital signature schemes and zero-knowledge protocols [BR93]. In addition to their practic... |

1113 |
A public key cryptosystem and a signature scheme based on discrete logarithms
- ElGamal
- 1985
(Show Context)
Citation Context ...iation function on elliptic or hyper-elliptic curves defined over large finite fields. 2 Notation The cryptosystems are reminiscent of the Diffie-Hellman cryptosystem [DH76] and El Gamal cryptosystem =-=[ElG85]-=- in their use of a n-bit (public) prime p and a (public) generator g of the multiplicative group GF (p) of the finite field GF (p). Here n is a security parameter which is greater than 512 bits, while... |

668 | Universal classes of hash functions - Carter, Wegman - 1977 |

604 | How to generate cryptographically strong sequences of pseudorandom bits - Blum, Micali - 1984 |

583 |
Efficient Signature Generation by Smart Cards
- Schnorr
- 1991
(Show Context)
Citation Context ...o a system employing both probabilistic encryption [BG85] and El Gamal's digital signature [ElG85]. Efficiency of the cryptosystem C sig can be improved by adapting Schnorr's digital signature scheme =-=[Sch91], or SHS [-=-NIS92], instead of El Gamal's. In the case where the sender has more computing power than the receiver or simply is willing to do more computation, the calculation of "c c 3 2 mod p" can be ... |

331 | New Hash Functions and Their Use in Authentication and Set Equality - Wegman, Carter - 1981 |

248 |
New directions in cryptography
- e, Hellman
- 1976
(Show Context)
Citation Context ...ential problem. For completeness, the third cryptosystem proposed Zheng and Seberry is also included in the descriptions. 2 Notation The cryptosystems are reminiscent of the Di e-Hellman cryptosystem =-=[DH76]-=- and El Gamal cryptosystem [ElG85] in their use of a n-bit (public) prime p and a (public) generator g of the multiplicative group GF (p) of the nite eld GF (p). Here n is a security parameter which i... |

112 |
An efficient probabilistic public-key encryption scheme which hides all partial information
- Blum, Goldwasser
- 1985
(Show Context)
Citation Context ...c 3 2 (mod p) then output (m 0 ) else output (��). end Clearly, when enhanced with a sender authentication capability, the cryptosystem degenerates to a system employing both probabilistic encrypt=-=ion [BG85]-=- and El Gamal's digital signature [ElG85]. Efficiency of the cryptosystem C sig can be improved by adapting Schnorr's digital signature scheme [Sch91], or SHS [NIS92], instead of El Gamal's. In the ca... |

52 | HAVAL - A One-Way Hashing Algorithm with Variable Length of Output
- Zheng, Pieprzyk, et al.
- 1993
(Show Context)
Citation Context ...ring into an output string whose length can be an arbitrary polynomial in n. Two examples of G follow. The first example is STRANDOM [Zhe93], a generator based on a one-way hash function called HAVAL =-=[ZPS93]-=-. Like its parent HAVAL, STRANDOM is very fast and extremely suitable for software implementation. The second example is the generator based on the difficulty of computing discrete logarithms in finit... |

38 | Computation of discrete logarithms in prime fields
- LaMacchia, Odlyzko
- 1991
(Show Context)
Citation Context ...e multiplicative group GF (p) of the finite field GF (p). Here n is a security parameter which is greater than 512 bits, while the prime p must be chosen such that p \Gamma 1 has a large prime factor =-=[LO91]. In this -=-note the alphabet \Sigma = f0; 1g will be employed, and jxj denotes length of a string x over \Sigma. Concatenation of string are denoted using the "jj" symbol and the bit-wise XOR operation... |

27 | Immunizing public key cryptosystems against chosen ciphertext attacks
- Zheng, Seberry
- 1993
(Show Context)
Citation Context ...ement removes a shortcoming with the original cryptosystems, which occurs when they are used for both confidentiality and sender authentication purposes. 1 Introduction Zheng and Seberry presented in =-=[ZS93]-=- three practical public key cryptosystems that are secure against chosen ciphertext attacks. These cryptosystems are the first which feature both practicality and provable security against chosen ciph... |

23 |
An E cient Probabilistic Public-key Encryption Scheme Which Hides All
- Blum, Goldwasser
- 1985
(Show Context)
Citation Context ...yr0 B c c3 2 (mod p) then output (m0) else output ( ). Clearly, when enhanced with a sender authentication capability, the cryptosystem degenerates to a system employing both probabilistic encryption =-=[BG85]-=- and El Gamal's digital signature [ElG85]. E ciency of Csig can be improved by adapting Schnorr's digital signature scheme [Sch91], or SHS [Nat95], instead of El Gamal's. In the case where the sender ... |

18 | Simultaneous security of bits in the discrete log - Peralta - 1986 |

12 | The discrete logarithm hides O(log n) bits - Long, Wigderson - 1988 |

11 |
A proposed federal information processing standard for digital signature standard
- NIST
- 1999
(Show Context)
Citation Context ...ying both probabilistic encryption [BG85] and El Gamal's digital signature [ElG85]. Efficiency of the cryptosystem C sig can be improved by adapting Schnorr's digital signature scheme [Sch91], or SHS =-=[NIS92], instead -=-of El Gamal's. In the case where the sender has more computing power than the receiver or simply is willing to do more computation, the calculation of "c c 3 2 mod p" can be carried out by t... |

10 | A practical digital multisignature scheme bansed on discrete logarithms
- Hardjono, Zheng
- 1993
(Show Context)
Citation Context ...re the sender has more computing power than the receiver or simply is willing to do more computation, the calculation of "c c 3 2 mod p" can be carried out by the sender. This has been point=-=ed out in [HZ93]-=-. Acknowledgments This work was supported in part by the Australian Research Council under the reference number A49232172. Thanks go to Lim and Lee and also to Hardjono for pointing out and providing ... |

2 |
STRANDOM --- a cryptographically strong pseudo-random number generator based on HAVAL
- Zheng
- 1993
(Show Context)
Citation Context ...rong pseudorandom string generator that stretches an n-bit input string into an output string whose length can be an arbitrary polynomial in n. Two examples of G follow. The first example is STRANDOM =-=[Zhe93]-=-, a generator based on a one-way hash function called HAVAL [ZPS93]. Like its parent HAVAL, STRANDOM is very fast and extremely suitable for software implementation. The second example is the generato... |

1 |
Another method for obtaining security against chosen ciphertext attacks
- Lim, Lee
- 1994
(Show Context)
Citation Context ...yed in such applications as electronic mail systems and financial transactions, where both confidentiality and sender authenticity of messages are required. However, as was pointed out by Lim and Lee =-=[LL94], and inde-=-pendently by Hardjono [Har93], when the first two cryptosystems are used for checking messages' origin, their sender authentication capability might be compromised by an "inside" enemy who c... |