Designing generic asymmetric key cryptosystem with message paddings

Abstract

RSA-OAEP is being used in PKCS #1 2.0 standard for a long time. OAEP (optimal asymmetric encryption padding) provides security strength to RSA and other deterministic one-way asymmetric primitives (trapdoor one-way permutations). OAEP has been found to be useful in case of hybrid encryption, signcryption, hybrid signcryption and also as randomness recovery scheme. With time, several proposals modifying OAEP were published in the literature. These proposals give different OAEP versions which differ regarding efficiency, provable security, compatibility with a type of asymmetric one-way cryptosystem (deterministic or probabilistic), extending the use of OAEP in other applications, etc. Our work helps in understanding the development of OAEP framework and its use. As part of our contribution, we describe a different kind of message padding which works as an alternative of OAEP type scheme. This new message padding scheme is based on iterated Sponge permutation structure. Usage of famous Sponge permutation structure comes from symmetric cryptography where iterated permutation as Sponge functions has provided a great feature to align security and efficiency. We call our scheme Sponge based asymmetric encryption padding (SpAEP). Our scheme achieves semantic security under chosen ciphertext attack (IND-CCA) using any trapdoor one-way permutation in the ideal permutation model for arbitrary length messages. This IND-CCA security is considered as highest and strongest security notion, whereas one-wayness security notion is weaker one. We also propose a key encapsulation mechanism for hybrid encryption using SpAEP with any trapdoor one-way permutation. SpAEP utilizes the permutation model efficiently in the setting of public key encryption in a novel manner. A primary limitation with the OAEP-type schemes is their incompatibility with a probabilistic asymmetric one-way secure cryptosystem (e.g., ElGamal). We study the reasons behind this limitation and are able to extend the scope of iii usage from deterministic (e.g., RSA) to probabilistic (e.g., ElGamal) functions along with efficiency improvements in SpAEP. We denote new modified Sponge based padding as SpPad–Pe where SpPad–Pe stands for Sponge based Padding (SpPad) with asymmetric one-way cryptosystem (Pe). The concept and techniques which are used as a base for constructing Sponge based message padding, also result in a strongly secure generic asymmetric encryption scheme using weakly secure asymmetric cryptosystem. Instead of using specific Sponge based construction, we introduce a more generic framework to build a CCA-secure PKE, called REAL. REAL stands for Real time CCA-secure Encryption for Arbitrary Long Messages. An asymmetric one-way secure cryptosystem, a one-time secure symmetric encryption scheme and two hash functions are sufficient for this design. Proposed design provides streaming option without compromising other valuable features, compared to previous works. We exploit versatile nature of Sponge construction into another area of cryptography known as signcryption. The aim of signcryption is to provide both confidentiality and authentication of messages more efficiently than performing encryption and signing independently. “Commit-then-Sign&Encrypt” (CtS&E ) composition method allows to perform encryption and signing in parallel. Parallel execution of cryptographic algorithms decreases the computation time needed to signcrypt a message. We put forward the application of sponge structure based message padding as an alternative of commitment scheme in constructing signcryption scheme. We propose a provably secure signcryption scheme using weak asymmetric primitives such as trapdoor one-way encryption and universal unforgeable signature. Using simple tricks, we also demonstrate how different combinations of probabilistic/deterministic encryption and signature schemes following weaker security requirements can be utilized without compromising the security of the scheme. To the best of our knowledge, this is the first signcryption scheme based on sponge structure and offers maximum security using weak underlying asymmetric primitives along with the ability to handle long messages. This thesis follows a step-by-step formation of efficient and secure cryptosystem, starting from basic to complex structure. This thesis emphasizes the importance of message pre-processing technique and its usage by providing generic and efficient cryptosystem.