Public-key encryption in a multi-user setting: Security proofs and improvements
M Bellare, A Boldyreva, S Micali - … on the Theory and Application of …, 2000 - Springer
M Bellare, A Boldyreva, S Micali
Advances in Cryptology—EUROCRYPT 2000: International Conference on the Theory …, 2000•SpringerThis paper addresses the security of public-key cryptosystems in a “multi-user” setting,
namely in the presence of attacks involving the encryption of related messages under
different public keys, as exemplified by Håstad's classical attacks on RSA. We prove that
security in the single-user setting implies security in the multi-user setting as long as the
former is interpreted in the strong sense of “indistinguishability,” thereby pin-pointing many
schemes guaranteed to be secure against Håstad-type attacks. We then highlight the …
namely in the presence of attacks involving the encryption of related messages under
different public keys, as exemplified by Håstad's classical attacks on RSA. We prove that
security in the single-user setting implies security in the multi-user setting as long as the
former is interpreted in the strong sense of “indistinguishability,” thereby pin-pointing many
schemes guaranteed to be secure against Håstad-type attacks. We then highlight the …
Abstract
This paper addresses the security of public-key cryptosystems in a “multi-user” setting, namely in the presence of attacks involving the encryption of related messages under different public keys, as exemplified by Håstad’s classical attacks on RSA. We prove that security in the single-user setting implies security in the multi-user setting as long as the former is interpreted in the strong sense of “indistinguishability,” thereby pin-pointing many schemes guaranteed to be secure against Håstad-type attacks. We then highlight the importance, in practice, of considering and improving the concrete security of the general reduction, and present such improvements for two Diffie-Hellman based schemes, namely El Gamal and Cramer-Shoup.
Springer