Miniature CCA2 PK Encryption: Tight Security Without Redundancy

8 years 9 months ago
Miniature CCA2 PK Encryption: Tight Security Without Redundancy
ersion of an extended abstract to be published in Advances in Cryptology—ASIACRYPT 2007, Springer-Verlag, 2007. Available online from:∼xb/asiacrypt07/ We present a minimalist public-key cryptosystem, as compact as ElGamal, but with adaptive chosen-ciphertext security under the gap Diffie-Hellman assumption in the random oracle model. The novelty is a dual-hash device that provides tight redundancy-free implicit validation. Compared to previous constructions, ours features a tight security reduction, both in efficacy and efficiency, to a classic and essentially non-interactive complexity assumption, and without resorting to asymmetric/symmetric-key hybrid constructions. The system is very compact: on elliptic curves with 80-bit security, a 160-bit plaintext becomes a 320-bit ciphertext. It is also very simple and has a number of practical advantages, and we hope to see it adopted widely.
Xavier Boyen
Added 07 Jun 2010
Updated 07 Jun 2010
Type Conference
Year 2007
Authors Xavier Boyen
Comments (0)