Abstract
This paper provides security analysis for the public-key encryption scheme DHIES (formerly named DHES and DHAES), which was proposed in [7] and is now in several draft standards. DHIES is a Diffie-Hellman based scheme that combines a symmetric encryption method, a message authentication code, and a hash function, in addition to number-theoretic operations, in a way which is intended to provide security against chosen-ciphertext attacks. In this paper we find natural assumptions under which DHIES achieves security under chosen-ciphertext attack. The assumptions we make about the Diffie-Hellman problem are interesting variants of the customary ones, and we investigate relationships among them, and provide security lower bounds. Our proofs are in the standard model; no random-oracle assumption is required.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
M. Abdalla, M. Bellare, and P. Rogaway. DHIES: An Encryption Scheme Based on the Diffie-Hellman Problem. Full version of current paper, available from authors’ web pages.
American National Standards Institute (ANSI) X9.F1 subcommittee, ANSI X9.63 Public key cryptography for the Financial Services Industry: Elliptic curve key agreement and key transport schemes, Working draft, January 8, 1999.
M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. Advances in Cryptology ‐ CRYPTO’ 96, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed., Springer-Verlag, 1996.
M. Bellare, A. Desai, D. Pointcheval and P. Rogaway, Relations among notions of security for public-key encryption schemes. Advances in Cryptology ‐ CRYPTO’ 98, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.
M. Bellare, A. Desai, E. Jokipii and P. Rogaway, A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation. Current version available at URL of first author. Preliminary version in Proc. of the 38th IEEE FOCS, IEEE, 1997.
M. Bellare, J. Kilian and P. Rogaway, The security of cipher block chaining. Advances in Cryptology — CRYPTO’ 94, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.
M. Bellare and P. Rogaway, Minimizing the use of random oracles in authenticated encryption schemes. Information and Communications Security, Lecture Notes in Computer Science, vol. 1334, Springer-Verlag, 1997, pp. 1–16.
M. Bellare and P. Rogaway, Optimal asymmetric encryption‐ How to encrypt with RSA. Current version available at URL of either author. Preliminary version in Advances in Cryptology— EUROCRYPT’ 94, Lecture Notes in Computer Science Vol. 950, A. De Santis ed., Springer-Verlag, 1994.
M. Bellare and P. Rogaway, The exact security of digital signatures‐ How to sign with RSA and Rabin. Current version available at URL of either author. Preliminary version in Advances in Cryptology— EUROCRYPT’ 96, Lecture Notes in Computer Science Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.
D. Boneh, The decision Diffie-Hellman problem. Invited paper for the Third Algorithmic Number Theory Symposium (ANTS), Lecture Notes in Computer Science Vol. 1423, Springer-Verlag, 1998.
D. Boneh and R. Venkatesan, Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. Advances in Cryptology— CRYPTO’ 96, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed., Springer-Verlag, 1996.
Certicom Research, Standards for Efficient Crpytography Group (SECG) —SEC 1: Elliptic Curve Cryptography. Version 1.0, September 20, 2000. See http://www.secg.org/secg docs.htm.
R. Cramer and V. Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. Advances in Cryptology— CRYPTO’ 98, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.
W. Diffie and M. Hellman, New directions in cryptography. IEEE Transactions on Information Theory, 22, pp. 644–654, 1976.
D. Dolev, C. Dwork and M. Naor. Non-malleable cryptography. Proc. of the 23rd ACM STOC, ACM, 1991.
D. Dolev, C. Dwork and M. Naor. Non-malleable cryptography. Manuscript, March 1998.
T. ElGamal. A public key cryptosystem and signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, vol 31, pp. 469–472, 1985.
E. Fujisaki and T. Okamoto Secure Integration of Asymmetric and Symmetric Encryption Schemes. Advances in Cryptology— CRYPTO’ 99, Lecture Notes in Computer Science Vol. 1666, M. Wiener ed., Springer-Verlag, 1999.
O. Goldreich, A uniform complexity treatment of encryption and zero-knowledge. Journal of Cryptology, vol. 6, 1993, pp. 21–53.
S. Goldwasser and S. Micali, Probabilistic encryption. Journal of Computer and System Sciences, vol. 28, 270–299, April 1984.
S. Hada and T. Tanaka, On the Existence of 3-Round Zero-Knowledge Protocols. Advances in Cryptology— CRYPTO’ 98, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.
IEEE P1363a Committee, IEEE P1363a, Version D6, November 9, 2000. Standard specifications for public-key cryptography. See http://www.manta.ieee.org/groups/1363/P1363a/draft.html
D. Johnson, S. Matyas, M. Peyravian, Encryption of long blocks using a short-block encryption procedure. November 1996. Available in http://stdsbbs.ieee.org/groups/1363/index.html.
C. Lim and P. Lee, Another method for attaining security against adaptively chosen ciphertext attacks. Advances in Cryptology— CRYPTO’ 93, Lecture Notes in Computer Science Vol. 773, D. Stinson ed., Springer-Verlag, 1993.
S. Micali, C. Rackoff and B. Sloan, The notion of security for probabilistic cryptosystems. SIAM J. of Computing, April 1988.
M. Naor and O. Reingold, Number-Theoretic Constructions of Efficient Pseudo-Random Functions. Proc. of the 38th IEEE FOCS, IEEE, 1997.
M. Naor and M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks. Proc. of the 22nd ACM STOC, ACM, 1990.
C. Rackoff and D. Simon. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack. Advances in Cryptology— CRYPTO’ 91, Lecture Notes in Computer Science Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.
V. Shoup, Lower bounds for Discrete Logarithms and Related Problems. Advances in Cryptology— EUROCRYPT’ 97, Lecture Notes in Computer Science Vol. 1233, W. Fumy ed., Springer-Verlag, 1997.
V. Shoup, Personal Communication.
V. Shoup, Using Hash Functions as a Hedge against Chosen Ciphertext Attack. Advances in Cryptology— EUROCRYPT’ 00, Lecture Notes in Computer Science Vol. 1807, B. Preneel ed., Springer-Verlag, 2000.
Y. Zheng, Public key authenticated encryption schemes using universal hashing. ContributiontoP1363. ftp://stdsbbs.ieee.org/pub/p1363/contributions/aes-uhf.ps
Y. Zheng and J. Seberry, Immunizing public key cryptosystems against chosen ciphertext attack. IEEE Journal on Selected Areas in Communications, vol. 11, no. 5, 715–724 (1993).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abdalla, M., Bellare, M., Rogaway, P. (2001). The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES. In: Naccache, D. (eds) Topics in Cryptology — CT-RSA 2001. CT-RSA 2001. Lecture Notes in Computer Science, vol 2020. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45353-9_12
Download citation
DOI: https://doi.org/10.1007/3-540-45353-9_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41898-6
Online ISBN: 978-3-540-45353-6
eBook Packages: Springer Book Archive