The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
A CCA Secure Hybrid Damgård's ElGamal Encryption
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Using hash functions as a hedge against chosen ciphertext attack
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Secure hybrid encryption from weakened key encapsulation
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
A new security proof for damgård’s elgamal
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
A New Randomness Extraction Paradigm for Hybrid Encryption
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
On the CCA1-security of Elgamal and Damgård's Elgamal
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Hi-index | 0.00 |
In 1991, Damgård proposed a simple public-key cryptosystem that he proved CCA1-secure under the Diffie-Hellman Knowledge assumption. Only in 2006, Gjøsteen proved its CCA1-security under a more standard but still new and strong assumption. The known CCA2-secure public-key cryptosystems are considerably more complicated. We propose a hybrid variant of Damgård's public-key cryptosystem and show that it is CCA1-secure if the used symmetric cryptosystem is CPA-secure, the used MAC is unforgeable, the used key-derivation function is secure, and the underlying group is a DDH group. The new cryptosystem is the most efficient known CCA1-secure hybrid cryptosystem based on standard assumptions.