RCCA-secure public-key encryption based on SM2

Abstract

SM2 cryptographic algorithms have become vital in achieving independently controllable security for national networks and information systems. However, recent studies have shown that in a real-world implementation, the SM2 encryption algorithm might suffer from effective algorithm substitution attacks, which enable attackers to obtain the randomness used in the next-round encryption from the current ciphertext, and thus could decrypt all the successive ciphertexts without a decryption key. A cryptographic reverse firewall has been considered a useful tool to defend against such an attack by rerandomizing a ciphertext, which, however, is incompatible with the CCA security of the SM2 encryption algorithm. To tackle this problem, this work improves the SM2 encryption algorithm for Replayable-CCA (RCCA) security, which could offer a similar security guarantee as CCA while supporting ciphertext rerandomizability for using cryptographic reverse firewalls. The core idea is to apply the OAEP three-round design paradigm by Phan et al. to the context of the SM2 encryption algorithm and rigorously prove its RCCA security in the random oracle model. The proposed scheme is the first rerandomizable RCCA-secure public-key encryption scheme based on SM serial algorithms and could help enhance the security of the SM2 encryption algorithm in real-world applications.