A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
SIAM Journal on Computing
Pseudorandom Functions and Factoring
SIAM Journal on Computing
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Direct chosen ciphertext security from identity-based techniques
Proceedings of the 12th ACM conference on Computer and communications security
A framework for password-based authenticated key exchange1
ACM Transactions on Information and System Security (TISSEC)
Chosen-Ciphertext Security from Identity-Based Encryption
SIAM Journal on Computing
In search of mathematical primitives for deriving universal projective hash families
Applicable Algebra in Engineering, Communication and Computing
Lossy trapdoor functions and their applications
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Chosen-Ciphertext Security via Correlated Products
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Practical Chosen Ciphertext Secure Encryption from Factoring
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
A New Randomness Extraction Paradigm for Hybrid Encryption
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
The Group of Signed Quadratic Residues and Applications
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Secure hybrid encryption from weakened key encapsulation
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
The twin Diffie-Hellman problem and applications
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Chosen-Ciphertext security from tag-based encryption
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Efficient chosen-ciphertext security via extractable hash proofs
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
ProvSec'10 Proceedings of the 4th international conference on Provable security
Chosen-Ciphertext Security via Correlated Products
SIAM Journal on Computing
Chosen ciphertext secure encryption under factoring assumption revisited
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Adaptive trapdoor functions and chosen-ciphertext security
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
On homomorphic encryption and chosen-ciphertext security
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
CCA secure IB-KEM from the computational bilinear diffie-hellman assumption in the standard model
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
| Hi-index | 0.03 |
The Naor-Yung (NY) paradigm shows how to build a chosen-ciphertext secure encryption scheme from three conceptual ingredients: a weakly (i.e., IND-CPA) secure encryption scheme, a “replication strategy” that specifies how to use the weakly secure encryption scheme; concretely, a NY-encryption contains several weak encryptions of the same plaintext, a non-interactive zero-knowledge (NIZK) proof system to show that a given ciphertext is consistent, i.e., contains weak encryptions of the same plaintext. The NY paradigm served both as a breakthrough proof-of-concept, and as an inspiration to subsequent constructions. However, the NY construction leads to impractical encryption schemes, due to the usually prohibitively expensive NIZK proof. In this contribution, we give a variant of the NY paradigm that leads to practical, fully IND-CCA secure encryption schemes whose security can be based on a generic class of algebraic complexity assumptions. Our approach refines NY’s approach as follows: Our sole computational assumption is that of a Diffie-Hellman (DH) type two-move key exchange protocol, interpreted as a weakly secure key encapsulation mechanism (KEM). Our “replication strategy” is as follows. Key generation consists of replicating the KEM several times, but only the first pass. Encryption then consists of performing the second pass with respect to all of these, but with the same random coins in each instance. For proving consistency of a given ciphertext, we employ a practical universal hash proof system, case-tailored to our KEM and replication strategy. We instantiate our paradigm both from computational Diffie-Hellman (CDH) and from RSA type assumptions. This way, practical IND-CCA secure encryption schemes based on search problems can be built and explained in a generic, NY-like fashion. We would like to stress that while we generalize universal hash proof systems as a proof system, we do not follow or generalize the approach of Cramer and Shoup to build IND- CCA secure encryption. Their approach uses specific hash proof systems that feature, on top of a NIZK property, a computational indistinguishability property. Hence they necessarily build upon decisional assumptions, whereas we show how to implement our approach with search assumptions. Our approach uses hash proof systems in the NY way, namely solely as a device to prove consistency. In our case, secrecy is provided by the “weak encryption” component, which allows us to embed search problems.