SIAM Journal on Computing
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Chosen-ciphertext secure key-encapsulation based on gap hashed Diffie-Hellman
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Secure hybrid encryption from weakened key encapsulation
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Authenticated key exchange and key encapsulation in the standard model
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
The twin Diffie-Hellman problem and applications
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
A public key cryptosystem and a signature scheme based on discrete logarithms
IEEE Transactions on Information Theory
Hi-index | 0.89 |
Kiltz proposed a practical key encapsulation mechanism (Kiltz07-KEM) which is secure against adaptive chosen ciphertext attacks (IND-CCA2) under the gap hashed Diffie-Hellman (GHDH) assumption [Eike Kiltz, Chosen-ciphertext secure key encapsulation based on hashed gap decisional Diffie-Hellman, in: Proceedings of the 10th International Workshop on Practice and Theory in Public-Key Cryptography, PKC 2007, in: LNCS, vol. 4450, Springer-Verlag, 2007, pp. 282-297. Full version available on Cryptology ePrint Archive: Report 2007/036]. We propose a variant of Kiltz07-KEM with improved efficiency in encryption. The new scheme can be proved IND-CCA2 secure under the same hardness assumption. This makes the most efficient KEM provably IND-CCA2 secure in the standard model until today.