Securely combining public-key cryptosystems

Stuart Haber, Benny Pinkas

Research output: Contribution to journalConference articlepeer-review

47 Scopus citations

Abstract

It is a maxim of sound computer-security practice that a cryptographic key should have only a single use. For example, an RSA key pair should be used only for public-key encryption or only for digital signatures, and not for both. In this paper we show that in many cases, the simultaneous use of related keys for two cryptosystems, e.g. for a public-key encryption system and for a public-key signature system, does not compromise their security. We demonstrate this for a variety of public-key encryption schemes that are secure against chosen-ciphertext attacks, and for a variety of digital signature schemes that are secure against forgery under chosen-message attacks. The precise form of the statement of security that we are able to prove depends on the particular cryptographic schemes in question and on the cryptographic assumptions needed for their proofs of security; but in every case, our proof of security does not require any additional cryptographic assumptions. Among the cryptosystems that we analyze in this manner are the public-key encryption schemes of Cramer and Shoup, Naor and Yung, and Dolev, Dwork, and Naor, which are all defined in the standard model, while in the random-oracle model we analyze plaintext-aware encryption schemes (as defined by Bellare and Rogaway) and in particular the OAEP + cryptosystem. Among public-key signature schemes, we analyze those of Cramer and Shoup and of Gennaro, Halevi, and Rabin in the standard model, while in the random-oracle model we analyze the RSA PSS scheme as well as variants of the El Gamal and Schnorr schemes. (See references within).

Original languageEnglish
Pages (from-to)215-224
Number of pages10
JournalProceedings of the ACM Conference on Computer and Communications Security
DOIs
StatePublished - 2001
Externally publishedYes
EventProceedings of the 8th ACM Conference on Computer and Communications Security (CCS-8) - Philadelphia, PA, United States
Duration: 5 Nov 20018 Nov 2001

Fingerprint

Dive into the research topics of 'Securely combining public-key cryptosystems'. Together they form a unique fingerprint.

Cite this