We show that the widely deployed RSA-OAEP encryption scheme of Bellare and Rogaway (Eurocrypt 1994), which combines RSA with two rounds of an underlying Feistel network whose hash...
Abstract— Under CPA and CCA1 attacks, a secure bit encryption scheme can be applied bit-by-bit to construct a secure many-bit encryption scheme. The same construction fails, howe...
In the analysis of security protocols, the knowledge of attackers is often described in terms of message deducibility and indistinguishability relations. In this paper, we pursue ...
Imagine many small devices send data to a single receiver, encrypted using the receiver’s public key. Assume an adversary that has the power to adaptively corrupt a subset of the...
Serge Fehr, Dennis Hofheinz, Eike Kiltz, Hoeteck W...
Abstract. Whereas encryption schemes withstanding passive chosenplaintext attacks (CPA) can be constructed based on a variety of computational assumptions, only a few assumptions a...
Ronald Cramer, Goichiro Hanaoka, Dennis Hofheinz, ...