International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Sebastià Martín Molleví

Publications

Year
Venue
Title
2018
EUROCRYPT
2013
CRYPTO
2004
EPRINT
Evaluating elliptic curve based KEMs in the light of pairings
David Galindo Sebastià Martín Molleví Jorge Luis Villar
Several efforts have been made recently to put forward a set of cryptographic primitives for public key encryption, suitable to be standardized. In two of them (in the first place the NESSIE european evaluation project, already finished, and in the second place the standardisation bodies ISO/IEC), the methodology by Victor Shoup for hybrid encryption, known as {\em Key Encapsulation Method-Data Encapsulation Mechanism} (KEM-DEM), has been accepted. In this work we re-evaluate the elliptic curve based KEMs studied to become standards, which are called ACE-KEM, ECIES-KEM and PSEC-KEM. Their security is based on different assumptions related to the elliptic curve discrete logarithm (ECDL) problem on a random elliptic curve. First of all, we fix some inexact results claimed in the previous literature. As a consequence, the performance features of PSEC-KEM are dramatically affected. In second place, we analyse both their security properties and performance when elliptic curves with computable bilinear maps ({\em pairing curves} for short) are used. It turns out that these KEMs present a very tight security reduction to the same problem, namely the ECDH problem on such curves; moreover, one can even relate their security to the ECDL problem in certain curves with a small security loss. It is also argued that ECIES-KEM arises as the best option among these KEMs when pairing curves are used. This is remarkable, since NESSIE did not include ECIES-KEM over a random curve in its portfolio of recommended cryptographic primitives. It is concluded that for medium security level applications, which is likely the case for many embedded systems (e.g. smart cards), implementing these KEMs over pairing curves should be considered a very reasonable option.
2003
PKC
2003
EPRINT
Fujisaki-Okamoto IND-CCA hybrid encryption revisited
David Galindo Sebastià Martín Molleví Paz Morillo Jorge Luis Villar
At Crypto'99, Fujisaki and Okamoto~\cite{FO99} presented a nice generic transformation from weak asymmetric and symmetric schemes into an IND-CCA hybrid encryption scheme in the Random Oracle Model. From this transformation, two specific candidates to standardization were designed: EPOC-2~\cite{EPOC} and PSEC-2~\cite{PSEC}, based on Okamoto-Uchiyama and El Gamal primitives, respectively. Since then, several cryptanalysis of EPOC have been published, one in the Chosen Ciphertext Attack game and others making use of a poor implementation that is vulnerable to reject timing attacks. The aim of this work is to avoid these attacks from the generic transformation, identifying the properties that an asymmetric scheme must hold to obtain a secure hybrid scheme. To achieve this, some ambiguities in the proof of the generic transformation~\cite{FO99} are described, which can lead to false claims. As a result the original conversion is modified and the range of asymmetric primitives that can be used is shortened. In second place, the concept of {\it Easy Verifiable Primitive} is formalized, showing its connection with the Gap problems. Making use of these ideas, a {\it new} security proof for the modified transformation is given. The good news is that the reduction is {\it tight}, improving the concrete security claimed in the original work for the Easy Verifiable Primitives. For the rest of primitives the concrete security is improved at the cost of stronger assumptions. Finally, the resistance of the new conversion against reject timing attacks is addressed.
2002
EPRINT
An efficient semantically secure elliptic curve cryptosystem based on KMOV
David Galindo Sebastià Martín Molleví Paz Morillo Jorge Luis Villar
We propose an elliptic curve scheme over the ring $\entq$, which is efficient and semantically secure in the standard model. There appears to be no previous elliptic curve cryptosystem based on factoring that enjoys both of these properties. KMOV scheme has been used as an underlying primitive to obtain efficiency and probabilistic encryption. Semantic security of the scheme is based on a new decisional assumption, namely, the Decisional Small-$x$ $e$-Multiples Assumption. Confidence on this assumption is also discussed.
2002
EPRINT
A semantically secure elliptic curve RSA scheme with small expansion factor
David Galindo Sebastià Martín Molleví Paz Morillo Jorge Luis Villar
We propose an elliptic curve scheme over the ring $\entq$, which is efficient and semantically secure in the standard model, and it has expansion factor 2 (previous schemes with similar features present expansion factors greater or equal than 4). Demytko's RSA type scheme has been used as an underlying primitive to obtain efficiency and probabilistic encryption. Semantic security of the scheme is based on a new decisional assumption, namely, the Decisional Small Root Assumption. Confidence on this assumption is also discussed.
2001
EPRINT
Improving the trade-off between storage and communication in broadcast encryption schemes
Ignacio Gracia Sebastià Martín Molleví Carles Padró
The most important point in the design of broadcast encryption schemes (BESs) is obtain a good trade-off between the amount of secret information that must be stored by every user and the length of the broadcast message, which are measured, respectively, by the information rate $\rho$ and the broadcast information rate $\rho_B$. In this paper we present a simple method to combine two given BESs in order to improve the trade-off between $\rho$ and $\rho_B$ by finding BESs with good information rate $\rho$ for arbitrarily many different values of the broadcast information rate $\rho_B$. We apply this technique to threshold $(R,T)$-BESs and we present a method to obtain, for every rational value $1/R \le \rho_B \le 1$, a $(R,T)$-BES with optimal information rate $\rho$ among all $(R,T)$-BESs that can be obtained by combining two of the $(R,T)$-BESs proposed by Blundo et al.
2001
EPRINT
Linear broadcast encryption schemes
Carles Padró Ignacio Gracia Sebastià Martín Molleví Paz Morillo
A new family of broadcast encryption schemes (BESs), which will be called linear broadcast encryption schemes (LBESs), is presented in this paper by using linear algebraic techniques. This family generalizes most previous proposals and provide a general framework to the study of broadcast encryption schemes. We present a method to construct LBESs for a general specification structure in order to find schemes that fit in situations that have not been considered before.

Program Committees

PKC 2011