We show that two well-known and widely employed public-key encryption schemes – RSA Optimal Asymmetric Encryption Padding (RSA-OAEP) and Diffie-Hellman Integrated Encryption Standard (DHIES), the latter one instantiated with a one-time pad, – are secure under (the strong, simulation-based security notion of) selective opening security against chosen-ciphertext attacks in the random oracle model. Both schemes are obtained via known generic transformations that transform relatively weak primitives (with security in the sense of one-wayness) to INDCCA secure encryption schemes.We prove that selective opening security comes for free in these two transformations. Both DHIES and RSA-OAEP are important building blocks in several standards for public key encryption and key exchange protocols. They are the first practical cryptosystems that meet the strong notion of simulation-based selective opening (SIM-SO-CCA) security.
CITATION STYLE
Heuer, F., Jager, T., Kiltz, E., & Schäge, S. (2015). On the selective opening security of practical public-key encryption schemes. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9020, pp. 27–51). Springer Verlag. https://doi.org/10.1007/978-3-662-46447-2_2
Mendeley helps you to discover research relevant for your work.