A Fast and Key-Efficient Reduction of Chosen-Ciphertext to Known-Plaintext Security
Ueli Maurer and Johan Sjödin
Motivated by the quest for reducing assumptions in security proofs in cryptography, this paper is concerned with designing efficient symmetric encryption and authentication schemes based on any weak pseudorandom function (PRF) which can be much more efficiently implemented than PRFs. Damgård and Nielsen (CRYPTO '02) have shown how to construct an efficient symmetric encryption scheme based on any weak PRF that is provably secure against chosen- plaintext attacks. The main ingredient is a range-extension construction for weak PRFs. By using well-known techniques, they also showed how their scheme can be made secure against the stronger chosen- ciphertext attacks.
The results of our paper are three-fold. First, we give a range-extension construction for weak PRFs that is optimal (within a large and natural class of constructions, especially all constructions that are known today). Second, we propose a strengthening of a weak PRF to a PRF. Third, these two results imply a (for long messages) much more efficient chosen-ciphertext secure encryption scheme than the one proposed by Damgård and Nielsen. The results also solve open questions posed by Naor and Reingold (CRYPTO '98) and by Damgård and Nielsen.
BibTeX Citation
@inproceedings{MauSjo07, author = {Ueli Maurer and Johan Sjödin}, title = {A Fast and Key-Efficient Reduction of Chosen-Ciphertext to Known-Plaintext Security}, editor = {Moni Naor}, booktitle = {Advances in Cryptology --- EUROCRYPT 2007}, pages = 498--516, series = {Lecture Notes in Computer Science}, volume = 4515, year = 2007, month = 5, publisher = {Springer-Verlag}, }