The Experts below are selected from a list of 4281 Experts worldwide ranked by ideXlab platform
David Pointcheval - One of the best experts on this subject based on the ideXlab platform.
-
oaep optimal Asymmetric Encryption padding
Encyclopedia of Cryptography and Security (2nd Ed.), 2005Co-Authors: David PointchevalAbstract:A gravity feed rotary head tray dropper is provided which may be universally adjusted for different tray sizes, shapes and lip thicknesses. The device includes a rotatable blade to separate the bottom tray from a stack of trays and a rotatable tray support disc to hold the stack of trays in position between tray separations. The rotatable tray support disc is positioned beneath the rotatable blade and is vertically adjustable to accommodate tray lips of varying thicknesses.
-
oaep 3 round a generic and secure Asymmetric Encryption padding
Lecture Notes in Computer Science, 2004Co-Authors: Duong Hieu Phan, David PointchevalAbstract:The OAEP construction is already 10 years old and well-established in many practical applications. But after some doubts about its actual security level, four years ago, the first efficient and provably IND-CCA1 secure Encryption padding was formally and fully proven to achieve the expected IND-CCA2 security level, when used with any trapdoor permutation. Even if it requires the partial-domain one-wayness of the permutation, for the main application (with the RSA permutation family) this intractability assumption is equivalent to the classical (full-domain) one-wayness, but at the cost of an extra quadratic-time reduction. The security proof which was already not very tight to the RSA problem is thus much worse. However, the practical optimality of the OAEP construction is two-fold, hence its attractivity: from the efficiency point of view because of two extra hashings only, and from the length point of view since the ciphertext has a minimal bit-length (the encoding of an image by the permutation.) But the bandwidth (or the ratio ciphertext/plaintext) is not optimal because of the randomness (required by the semantic security) and the redundancy (required by the plaintext-awareness, the sole way known to provide efficient CCA2 schemes.) At last Asiacrypt '03, the latter intuition had been broken by exhibiting the first IND-CCA2 secure Encryption schemes without redundancy, and namely without achieving plaintext-awareness, while in the random-oracle model: the OAEP 3-round construction. But this result achieved only similar practical properties as the original OAEP construction: the security relies on the partial-domain one-wayness, and needs a trapdoor permutation, which limits the application to RSA, with still a quite bad reduction. This paper improves this result: first we show the OAEP 3-round actually relies on the (full-domain) one-wayness of the permutation (which improves the reduction), then we extend the application to a larger class of Encryption primitives (including ElGamal, Paillier, etc.) The extended security result is still in the random-oracle model, and in a relaxed CCA2 model (which lies between the original one and the replayable CCA scenario).
-
chosen ciphertext security without redundancy
Lecture Notes in Computer Science, 2003Co-Authors: Duong Hieu Phan, David PointchevalAbstract:We propose Asymmetric Encryption schemes for which all ciphertexts are valid (which means here reachable: the Encryption function is not only a probabilistic injection, but also a surjection). We thus introduce the Full-Domain Permutation Encryption scheme which uses a random permutation. This is the first IND-CCA cryptosystem based on any trapdoor one-way permutation without redundancy, and more interestingly, the bandwidth is optimal: the ciphertext is over k more bits only than the plaintext, where 2 -k is the expected security level. Thereafter, we apply it into the random oracle model by instantiating the random permutation with a Feistel network construction, and thus using OAEP. Unfortunately, the usual 2-round OAEP does not seem to be provably secure, but a 3-round can be proved IND-CCA even without the usual redundancy m∥0 k 1, under the partial-domain one-wayness of any trapdoor permutation. Although the bandwidth is not as good as in the random permutation model, absence of redundancy is quite new and interesting: many implementation risks are ruled out.
-
optimal chosen ciphertext secure Encryption of arbitrary length messages
Public Key Cryptography, 2002Co-Authors: Jean-sébastien Coron, David Pointcheval, Pascal Paillier, Helena Handschuh, Marc Joye, Christophe TymenAbstract:This paper considers arbitrary-length chosen-ciphertext secure Asymmetric Encryption, thus addressing what is actually needed for a practical usage of strong public-key cryptography in the real world. We put forward two generic constructions, gem-1 and gem-2 which apply to explicit fixed-length weakly secure primitives and provide a strongly secure (IND-CCA2) public-key Encryption scheme for messages of unfixed length (typically computer files). Our techniques optimally combine a single call to any one-way trapdoor function with repeated Encryptions through some weak block-cipher (a simple xor is fine) and hash functions of fixed-length input so that a minimal number of calls to these functions is needed. Our Encryption/decryption throughputs are comparable to the ones of standard methods (Asymmetric Encryption of a session key + symmetric Encryption with multiple modes). In our case, however, we formally prove that our designs are secure in the strongest sense and provide complete security reductions holding in the random oracle model.
-
how to encrypt properly with rsa
2002Co-Authors: David PointchevalAbstract:In 1993, Bellare and Rogaway formalized the concept of a random oracle, imported from complexity theory for cryptographic purposes. This new tool allowed them to present several Asymmetric Encryption and signature schemes that are both ecien t and provably secure (in the random oracle model). The Optimal Asymmetric Encryption Padding (OAEP) is the most signican t application of the random ora- cle model to date. It gives an ecien t RSA Encryption scheme with a strong security guarantee (semantic security against chosen-ciphertext attacks). After Bleichenbacher's devastating attack on RSA{PKCS #1 v1.5 in 1998, RSA{OAEP became the natural successor (RSA{PKCS #1 v2.0) and thus a de facto international standard. Surpris- ingly, Shoup recently showed that the original proof of security for OAEP is incorrect. Without a proof, RSA{OAEP cannot be trusted to provide an adequate level of security. Luckily, shortly after Shoup's discovery a formal and complete proof was found in joint work by the author and others that rearmed the strong level of security provided by RSA{OAEP. However, this new security proof still does not guarantee security for key sizes used in practice due to the ineciency of the security reduction (the reduction to inverting RSA takes quadratic time). Recent alternatives to OAEP, such as OAEP + , SAEP + , and REACT, admit more ecien t proofs and thus provide adequate security for key sizes used in practice.
Yongkook Kim - One of the best experts on this subject based on the ideXlab platform.
-
concurrent error detection schemes for fault based side channel cryptanalysis of symmetric block ciphers
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2002Co-Authors: Ramesh Karri, Piyush Mishra, Yongkook KimAbstract:Fault-based side-channel cryptanalysis is very effective against symmetric and Asymmetric Encryption algorithms. Although straightforward hardware and time redundancy-based concurrent error detection (CED) architectures can be used to thwart such attacks, they entail significant overheads (either area or performance). The authors investigate systematic approaches to low-cost low-latency CED techniques for symmetric Encryption algorithms based on inverse relationships that exist between Encryption and decryption at algorithm level, round level, and operation level and develop CED architectures that explore tradeoffs among area overhead, performance penalty, and fault detection latency. The proposed techniques have been validated on FPGA implementations of Advanced Encryption Standard (AES) finalist 128-bit symmetric Encryption algorithms.
-
fault based side channel cryptanalysis tolerant rijndael symmetric block cipher architecture
Defect and Fault Tolerance in VLSI and Nanotechnology Systems, 2001Co-Authors: Ramesh Karri, Piyush Mishra, Yongkook KimAbstract:Fault-based side channel cryptanalysis is very effective against symmetric and Asymmetric Encryption algorithms. Although straightforward hardware and time redundancy based Concurrent Error Detection (CED) architectures can be used to thwart such attacks, they entail significant overhead (either area or performance). In this paper we investigate systematic approaches to low-cost, low-latency CED for Rijndael symmetric Encryption algorithm. These approaches exploit the inverse relationship that exists between Rijndael Encryption and decryption at various levels and develop CED architectures that explore the trade-off between area overhead, performance penalty and error detection latency. The proposed techniques have been validated on FPGA implementations.
-
concurrent error detection of fault based side channel cryptanalysis of 128 bit symmetric block ciphers
Design Automation Conference, 2001Co-Authors: Ramesh Karri, Piyush Mishra, Yongkook KimAbstract:Fault-based side channel cryptanalysis is very effective against symmetric and Asymmetric Encryption algorithms. Although straightforward hardware and time redundancy based concurrent error detection (CED) architectures can be used to thwart such attacks, they entail significant overhead (either area or performance). In this paper we investigate systematic approaches to low-cost, low-latency CED for symmetric Encryption algorithms based on the inverse relationship that exists between Encryption and decryption at algorithm level, round level and operation level and develop CED architectures that explore the trade-off between area overhead, performance penalty and error detection latency. The proposed techniques have been validated on FPGA implementations of AES finalist 128-bit symmetric Encryption algorithms.
Tatsuaki Okamoto - One of the best experts on this subject based on the ideXlab platform.
-
Secure Integration of Asymmetric and Symmetric Encryption Schemes
Journal of Cryptology, 2013Co-Authors: Eiichiro Fujisaki, Tatsuaki OkamotoAbstract:This paper presents a generic conversion from weak Asymmetric and symmetric Encryption schemes to an Asymmetric Encryption scheme that is chosen-ciphertext secure in the random oracle model. Our conversion is the first generic transformation from an arbitrary one-way Asymmetric Encryption scheme to a chosen-ciphertext secure Asymmetric Encryption scheme in the random oracle model.
-
secure integration of Asymmetric and symmetric Encryption schemes
Lecture Notes in Computer Science, 1999Co-Authors: Eiichiro Fujisaki, Tatsuaki OkamotoAbstract:This paper shows a generic and simple conversion from weak Asymmetric and symmetric Encryption schemes into an Asymmetric Encryption scheme which is secure in a very strong sense- indistinguishability against adaptive chosen-ciphertext attacks in the random oracle model. In particular, this conversion can be applied efficiently to an Asymmetric Encryption scheme that provides a large enough coin space and, for every message, many enough variants of the Encryption, like the ElGamal Encryption scheme.
Ramesh Karri - One of the best experts on this subject based on the ideXlab platform.
-
concurrent error detection schemes for fault based side channel cryptanalysis of symmetric block ciphers
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2002Co-Authors: Ramesh Karri, Piyush Mishra, Yongkook KimAbstract:Fault-based side-channel cryptanalysis is very effective against symmetric and Asymmetric Encryption algorithms. Although straightforward hardware and time redundancy-based concurrent error detection (CED) architectures can be used to thwart such attacks, they entail significant overheads (either area or performance). The authors investigate systematic approaches to low-cost low-latency CED techniques for symmetric Encryption algorithms based on inverse relationships that exist between Encryption and decryption at algorithm level, round level, and operation level and develop CED architectures that explore tradeoffs among area overhead, performance penalty, and fault detection latency. The proposed techniques have been validated on FPGA implementations of Advanced Encryption Standard (AES) finalist 128-bit symmetric Encryption algorithms.
-
fault based side channel cryptanalysis tolerant rijndael symmetric block cipher architecture
Defect and Fault Tolerance in VLSI and Nanotechnology Systems, 2001Co-Authors: Ramesh Karri, Piyush Mishra, Yongkook KimAbstract:Fault-based side channel cryptanalysis is very effective against symmetric and Asymmetric Encryption algorithms. Although straightforward hardware and time redundancy based Concurrent Error Detection (CED) architectures can be used to thwart such attacks, they entail significant overhead (either area or performance). In this paper we investigate systematic approaches to low-cost, low-latency CED for Rijndael symmetric Encryption algorithm. These approaches exploit the inverse relationship that exists between Rijndael Encryption and decryption at various levels and develop CED architectures that explore the trade-off between area overhead, performance penalty and error detection latency. The proposed techniques have been validated on FPGA implementations.
-
concurrent error detection of fault based side channel cryptanalysis of 128 bit symmetric block ciphers
Design Automation Conference, 2001Co-Authors: Ramesh Karri, Piyush Mishra, Yongkook KimAbstract:Fault-based side channel cryptanalysis is very effective against symmetric and Asymmetric Encryption algorithms. Although straightforward hardware and time redundancy based concurrent error detection (CED) architectures can be used to thwart such attacks, they entail significant overhead (either area or performance). In this paper we investigate systematic approaches to low-cost, low-latency CED for symmetric Encryption algorithms based on the inverse relationship that exists between Encryption and decryption at algorithm level, round level and operation level and develop CED architectures that explore the trade-off between area overhead, performance penalty and error detection latency. The proposed techniques have been validated on FPGA implementations of AES finalist 128-bit symmetric Encryption algorithms.
Eiichiro Fujisaki - One of the best experts on this subject based on the ideXlab platform.
-
Secure Integration of Asymmetric and Symmetric Encryption Schemes
Journal of Cryptology, 2013Co-Authors: Eiichiro Fujisaki, Tatsuaki OkamotoAbstract:This paper presents a generic conversion from weak Asymmetric and symmetric Encryption schemes to an Asymmetric Encryption scheme that is chosen-ciphertext secure in the random oracle model. Our conversion is the first generic transformation from an arbitrary one-way Asymmetric Encryption scheme to a chosen-ciphertext secure Asymmetric Encryption scheme in the random oracle model.
-
secure integration of Asymmetric and symmetric Encryption schemes
Lecture Notes in Computer Science, 1999Co-Authors: Eiichiro Fujisaki, Tatsuaki OkamotoAbstract:This paper shows a generic and simple conversion from weak Asymmetric and symmetric Encryption schemes into an Asymmetric Encryption scheme which is secure in a very strong sense- indistinguishability against adaptive chosen-ciphertext attacks in the random oracle model. In particular, this conversion can be applied efficiently to an Asymmetric Encryption scheme that provides a large enough coin space and, for every message, many enough variants of the Encryption, like the ElGamal Encryption scheme.
