On the Security of ElGamal Based Encryption
PKC '98 Proceedings of the First International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
A CCA Secure Hybrid Damgård's ElGamal Encryption
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Hybrid Damgård Is CCA1-Secure under the DDH Assumption
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
A New Randomness Extraction Paradigm for Hybrid Encryption
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Separation results on the "one-more" computational problems
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
A new security proof for damgård’s elgamal
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Abstract models of computation in cryptography
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
On CCA-Secure somewhat homomorphic encryption
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
A robust and plaintext-aware variant of signed elgamal encryption
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Group homomorphic encryption: characterizations, impossibility results, and applications
Designs, Codes and Cryptography
| Hi-index | 0.00 |
It is known that there exists a reduction from the CCA1- security of Damgård's Elgamal (DEG) cryptosystem to what we call the ddhdsdh assumption. We show that ddhdsdh is unnecessary for DEG- CCA1, while DDH is insufficient for DEG-CCA1. We also show that CCA1-security of the Elgamal cryptosystem is equivalent to another assumption ddhcsdh, while we show that ddhdsdh is insufficient for Elgamal's CCA1-security. Finally, we prove a generic-group model lower bound Ω(3√q) for the hardest considered assumption ddhcsdh, where q is the largest prime factor of the group order.