We compare the relative strengths of popular notions of security for public-key encryption schemes. We consider the goals of privacy and non-malleability, each under chosen-plaintext attack and two kinds of chosen-ciphertext attack. For each of the resulting pairs of definitions we prove either an implication (every scheme meeting one notion must meet the other) or a separation (there is a sche...

In this paper, we discuss the strong attack model security for public key encryption scheme and digital signature scheme. Recently, Barbosa and Farshim introduced strong chosen ciphertext attack (SCCA) which is stronger than chosen ciphertext attack. The main motivation of this paper is to find an essential mechanism of secure schemes under strong attack model. So, we prove several impossibilit...

A well-known attack on RSA with low secret-exponent d was given by Wiener about 15 years ago. Wiener showed that using continued fractions, one can efficiently recover the secret-exponent d from the public key (N, e) as long as d < N. Interestingly, Wiener stated that his attack may sometimes also work when d is slightly larger than N . This raises the question of how much larger d can be: coul...

We provide a framework enabling the construction of IBE schemes that are secure under related-key attacks (RKAs). Specific instantiations of the framework yield RKA-secure IBE schemes for sets of related key derivation functions that are non-linear, thus overcoming a current barrier in RKA security. In particular, we obtain IBE schemes that are RKA secure for sets consisting of all affine funct...

In this paper, we describe efficient forgery and full-key recovery attacks on the `-IC− signature scheme recently proposed at PKC 2007. This cryptosystem is a multivariate scheme based on a new internal quadratic primitive which avoids some drawbacks of previous multivariate schemes: the scheme is extremely fast since it requires one exponentiation in a finite field of medium size and the publi...

We propose a new variant of the Cramer-Shoup KEM (key encapsulation mechanism). The proposed variant is more efficient than the original Cramer-Shoup KEM scheme in terms of public key size and encapsulation cost, but is proven to be (still) secure against chosen ciphertext attack in the standard model, relative to the Decisional Diffie-Hellman problem.

Ronald A. Gove 85.1 Some Basic Definitions....................................................... 1095 85.2 Some Historical Notes........................................................ 1096 85.3 The Basics of Modern Cryptography................................ 1098 85.4 Stream Ciphers.................................................................... 1099 85.5 Block Ciphers .....................

In this paper, we pioneer a key security level gradation scheme which is proved to efficient to counteract Iterative-Encrypting-Attack against RSA. And we make it clear that the bug which hides after the traditional key generation algorithm is exploited by Iterative-EncryptingAttack and weakens RSA security, and that the case can be improved if the traditional key generation algorithm is modifi...

Key establishment protocols are among the most important security mechanisms via which two or more parties can encrypt their communications over an insecure network. This paper is concerned with the vulnerability of onepass two-party key establishment protocols to key-compromise impersonation (K-CI) attacks. The latter may occur once an adversary has obtained the longterm private key of an hone...

At CRYPTO 2000, a new public-key encryption based on braid groups was introduced. This paper demonstrates how to solve its underlying problem using the Burau representation. By this method, we show that the private-key can be recovered from the public-key for several parameters with significant probability in a reasonable time. Our attack can be mounted directly on the revised scheme mentioned ...