Hybrid Damgård Is CCA1-Secure under the DDH Assumption

Authors:
Yvo Desmedt;Helger Lipmaa;Duong Hieu Phan
Affiliations:
University College London, UK;Cybernetica AS, Estonia;University of Paris 8, France
Venue:
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
Year:
2008

Citing 8
Cited 2

The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack

SIAM Journal on Computing
A CCA Secure Hybrid Damgård's ElGamal Encryption

ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Using hash functions as a hedge against chosen ciphertext attack

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Secure hybrid encryption from weakened key encapsulation

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
A new security proof for damgård’s elgamal

CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology

A New Randomness Extraction Paradigm for Hybrid Encryption

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
On the CCA1-security of Elgamal and Damgård's Elgamal

Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

In 1991, Damgård proposed a simple public-key cryptosystem that he proved CCA1-secure under the Diffie-Hellman Knowledge assumption. Only in 2006, Gjøsteen proved its CCA1-security under a more standard but still new and strong assumption. The known CCA2-secure public-key cryptosystems are considerably more complicated. We propose a hybrid variant of Damgård's public-key cryptosystem and show that it is CCA1-secure if the used symmetric cryptosystem is CPA-secure, the used MAC is unforgeable, the used key-derivation function is secure, and the underlying group is a DDH group. The new cryptosystem is the most efficient known CCA1-secure hybrid cryptosystem based on standard assumptions.