RSA-type Encryption Schemes against CPA and CCA2 in Standard Model; [标准模型下抗CPA与抗CCA2的RSA型加密方案]

RSA and its modified schemes (which are called by a joint name, RSA-type encryption schemes) are still deployed in many commercial systems where data security is very important. Analyzing RSA-type encryption schemes, we find that: (1) to the best of our knowledge, all these schemes are merely secure against adaptive chosen-ciphertext attack(CCA2) in the random oracle(RO) model, and there is no RSA-type schemes yet that is indistinguishable under adaptive chosen-ciphertext attack in the standard model; (2) there is no RSA-type scheme that is secure against chosen plaintext attack(CPA) but keeping multiplicative homomorphism, whereas encryption schemes with homomorphism are important for secure multi-party computations and secure cloud services; (3) except for the Hybrid Dependent RSA(HD-RSA), all the schemes introduce randomness into ciphertext by a Feistel network with hash functions; hence, this brings all the schemes to achieve IND-CCA2 security merely in RO model. In this paper, we propose two RSA-type encryption schemes that only need a few more modular arithmetic operations. One is indistinguishable against chosen plaintext attack with homomorphism, while another is indistinguishable against adaptive chosen ciphertext attack in standard model. Both schemes are probabilistic without plaintext padding. Furthermore, we propose a new variant RSA problem, which is called RSA decisional problem(denote by DRSA). © 2018, Chinese Institute of Electronics. All right reserved.