A study on provable security of public-key encryption schemes and key agreement protocols

Abstract

The design of cryptosystems which guarantees sound security has been regarded as a fundamental, but a difficult task. The reason is that it is sometimes vague to determine from which attacks the designed cryptosystems should be protected and to what extent the designed crytosystems withstand the attacks. In spite of these difficulties, various research on security of cryptosystems has been performed. In the field of public-key encryption schemes, provable security has gained great attention as the design principle of secure public-key encryption schemes. In provable security for public-key encryption schemes, precise definitions of various attacks are given and then, with complexity theoretical tools such as cryptographic reductions, their security is analyzed in mathematical way. However, the situation is somewhat complex in the field of key agreement protocols. Because of the great variety of security goals of the key establishment, it is hard to formalize general attack models for key agreement protocols. Although there have been several attempts to build formal security models for key agreement protocols, there are still needs of elaborate models covering all aspects of security. Two contributions to research on security of cryptosystems are presented on this thesis. Firstly, new provably secure of cryptosystems are presented in this thesis. Firstly, new provably secure EIGamal type encryption schemes are proposed. Security of proposed schemes is based on the computational Diffie-Hellman assumption and the elliptic curve computational Diffie-Hellman assumption respectively, which are weaker computational assumptions than that of other public-key encryption schemes. Also, the proposed schemes have a new feature that they are length-efficient which provide shorter ciphertexts than those of other schemes. Secondly, concerning the unknown key-share(UKS) attack, which is one of the security goals key agreement protocols should attain, some flaws in the ...