Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Handbook of Applied Cryptography
Handbook of Applied Cryptography
The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Efficiency improvements for signature schemes with tight security reductions
Proceedings of the 10th ACM conference on Computer and communications security
Direct chosen ciphertext security from identity-based techniques
Proceedings of the 12th ACM conference on Computer and communications security
An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Chosen-ciphertext secure key-encapsulation based on gap hashed Diffie-Hellman
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Chosen ciphertext secure public key threshold encryption without random oracles
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Identity based encryption without redundancy
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Improved efficiency for CCA-secure cryptosystems built using identity-based encryption
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Communication-efficient non-interactive proofs of knowledge with online extractors
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Compact CCA-Secure Encryption for Messages of Arbitrary Length
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
On shortening ciphertexts: new constructions for compact public key and stateful encryption schemes
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Compact identity-based encryption without strong symmetric cipher
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Public-key encryption with non-interactive opening: new constructions and stronger definitions
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Verified security of redundancy-free encryption from Rabin and RSA
Proceedings of the 2012 ACM conference on Computer and communications security
A robust and plaintext-aware variant of signed elgamal encryption
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
| Hi-index | 0.01 |
We present a minimalist public-key cryptosystem, as compact as ElGamal, but with adaptive chosen-ciphertext security under the gap Diffie-Hellman assumption in the random oracle model. The novelty is a dual-hash device that provides tight redundancy-free implicit validation. Compared to previous constructions, ours features a tight security reduction, both in efficacy and efficiency, to a classic and essentially non-interactive complexity assumption, and without resorting to asymmetric/symmetric-key hybrid constructions. The system is very compact: on elliptic curves with 80-bit security, a 160-bit plaintext becomes a 320-bit ciphertext. It is also very simple and has a number of practical advantages, and we hope to see it adopted widely.