ETH Zürich » Computer Science » Theory » Cryptography

Publications: Abstract

A Fast and Key-Efficient Reduction of Chosen-Ciphertext to Known-Plaintext Security

Ueli Maurer and Johan Sjödin

Motivated by the quest for reducing assumptions in security proofs in cryptography, this paper is concerned with designing efficient symmetric encryption and authentication schemes based on any weak} pseudorandom function (PRF) which can be much more efficiently implemented than PRFs. Damg{å}rd and Nielsen (CRYPTO '02) have shown how to construct an efficient symmetric encryption scheme based on any weak PRF that is provably secure against chosen- plaintext} attacks. The main ingredient is a range-extension construction for weak PRFs. By using well-known techniques, they also showed how their scheme can be made secure against the stronger chosen- ciphertext} attacks.

The results of our paper are three-fold. First, we give a range-extension construction for weak PRFs that is optimal (within a large and natural class of constructions, especially all constructions that are known today). Second, we propose a strengthening of a weak PRF to a PRF. Third, these two results imply a (for long messages) much more efficient chosen-ciphertext secure encryption scheme than the one proposed by Damg{å}rd and Nielsen. The results also solve open questions posed by Naor and Reingold (CRYPTO '98) and by Damg{å}rd and Nielsen.