TransWikia.com

IND-CCA1 RSA padding?

Cryptography Asked on October 24, 2021

I’ve found a way to complete a task which I’d solve with passwords or by sending keys over the wire (otherwise) by using RSA’s homomorphic property.

I’m restricted to RSA (any padding; for hardware reasons) to implement “blindable decryption”, where one party holds some encrypted data, blinds it, sends it to the decryption oracle, receives it and recovers the embedded key by unblinding.

For this a “secure-as-possible” version of RSA is required which still has the multiplicative homomorphic property.

So what is the best padding for RSA that keeps this property?

Note: An IND-CCA1 version of RSA would be perfectly fine.
My definition of best (in order of preference): Highest security level, easiest implementability, fastest run-time.

Edit: I removed the ECDH unit as the question is way more interesting this way. The ECDH unit can solve the problem using ElGamal and an ECIES like approach.

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP