Sponge-based CCA2 secure asymmetric encryption for arbitrary length message (extended version) Online publication date: Sun, 03-Sep-2017
by Tarun Kumar Bansal; Donghoon Chang; Somitra Kumar Sanadhya
International Journal of Applied Cryptography (IJACT), Vol. 3, No. 3, 2017
Abstract: OAEP and other similar schemes, proven secure in random-oracle model, require one or more hash functions with an output size larger than those of the standard hash functions. In this paper, we show that by using the popular Sponge construction in the OAEP framework, we can eliminate the need for such a hash function. We provide a new scheme in the OAEP framework and call our scheme Sponge-based asymmetric encryption padding (SpAEP). The scheme SpAEP is based on two functions: Sponge and SpongeWrap, and requires only standard output sizes proposed and standardised for Sponge functions. Our scheme is CCA2 secure for any trapdoor one-way permutation in the ideal permutation model for arbitrary length messages. Our scheme utilises the versatile Sponge function to enhance the capability and efficiency of the OAEP framework. Prior to this work, the only scheme proven secure in the ideal permutation model was OAEP-3R. However this scheme is not efficient in practice as it utilises a full domain permutation which is hard to find and construct efficiently in practice. Therefore, the author of OAEP-3R provided another version of OAEP-3R but in random oracle model. Our scheme SpAEP utilises the ideal permutation model in a novel manner which makes SpAEP efficient and practical to construct a public key encryption. We also propose a key encapsulation mechanism for hybrid encryption using SpAEP with any trapdoor one-way permutation.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Applied Cryptography (IJACT):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook