On CCA1-Security of Elgamal And Damgård’s Elgamal
نویسنده
چکیده
We establish the complete complexity landscape surrounding CCA1-security of Elgamal and Damgård’s Elgamal (DEG). Denote by X [i] the assumption that the adversary, given a non-adaptive oracle access to the Y oracle with i free variables cannot break the assumption X . We show that the CCA1-security of Elgamal is equivalent to the DDH assumption. We then give a simple alternative to Gjøsteen’s proof that DEG cryptosystem is CCA1-secure under the DDH assumption. We also provide several separations. We show that DDH cannot be reduced to DDH in the generic group model. We give an irreduction showing that DDH cannot be reduced to DDEG (unless DDH is easy), DDEG cannot be reduced to DDH (unless DDEG is easy) and DDH cannot be reduced to the DDH(unless DDH is easy). All those irreductions are optimal in the sense that they show that if assumption X can be reduced to Y in polynomial time then X has to be solvable in polynomial time itself and thus both assumptions are broken.
منابع مشابه
On the CCA1-Security of Elgamal and Damgård's Elgamal
It is known that there exists a reduction from the CCA1security of Damg̊ard’s Elgamal (DEG) cryptosystem to what we call the ddh assumption. We show that ddh is unnecessary for DEGCCA1, while DDH is insufficient for DEG-CCA1. We also show that CCA1-security of the Elgamal cryptosystem is equivalent to another assumption ddh, while we show that ddh is insufficient for Elgamal’s CCA1-security. Fin...
متن کاملA CCA Secure Hybrid Damgård's ElGamal Encryption
ElGamal encryption, by its efficiency, is one of the most used schemes in cryptographic applications. However, the original ElGamal scheme is only provably secure against passive attacks. Damg̊ard proposed a slight modification of ElGamal encryption scheme (named Damg̊ard’s ElGamal scheme) that provides security against non-adaptive chosen ciphertext attacks under a knowledge-of-exponent assumpti...
متن کاملComparison of two Public Key Cryptosystems
Since the time public-key cryptography was introduced by Diffie andHellman in 1976, numerous public-key algorithms have been proposed. Some of thesealgorithms are insecure and the others that seem secure, many are impractical, eitherthey have too large keys or the cipher text they produce is much longer than theplaintext. This paper focuses on efficient implementation and analysis of two mostpo...
متن کاملSecure Length-Saving ElGamal Encryption under the Computational Diffie-Hellman Assumption
A design of secure and efficient public key encryption schemes under weaker computational assumptions has been regarded as an important and challenging task. As far as the ElGamal-type encryption is concerned, some variants of the original ElGamal encryption scheme whose security depends on weaker computational assumption have been proposed: Though the security of the original ElGamal encryptio...
متن کاملCryptanalysis on an Improved Version of ElGamal-Like Public-Key Encryption Scheme for Encrypting Large Messages
Hwang et al. proposed an ElGamal-like scheme for encrypting large messages, which is more efficient than its predecessor in terms of computational complexity and the amount of data transformation. They declared that the resulting scheme is semantically secure against chosenplaintext attacks under the assumptions that the decision Diffie–Hellman problem is intractable. Later, Wang et al. pointed...
متن کامل