On the CCA1-Security of Elgamal and Damgård's Elgamal
نویسنده
چکیده
It is known that there exists a reduction from the CCA1security of Damg̊ard’s Elgamal (DEG) cryptosystem to what we call the ddh assumption. We show that ddh is unnecessary for DEGCCA1, while DDH is insufficient for DEG-CCA1. We also show that CCA1-security of the Elgamal cryptosystem is equivalent to another assumption ddh, while we show that ddh is insufficient for Elgamal’s CCA1-security. Finally, we prove a generic-group model lower bound Ω( 3 √ q) for the hardest considered assumption ddh, where q is the largest prime factor of the group order.
منابع مشابه
A CCA Secure Hybrid Damgård's ElGamal Encryption
ElGamal encryption, by its efficiency, is one of the most used schemes in cryptographic applications. However, the original ElGamal scheme is only provably secure against passive attacks. Damg̊ard proposed a slight modification of ElGamal encryption scheme (named Damg̊ard’s ElGamal scheme) that provides security against non-adaptive chosen ciphertext attacks under a knowledge-of-exponent assumpti...
متن کاملOn CCA1-Security of Elgamal And Damgård’s Elgamal
We establish the complete complexity landscape surrounding CCA1-security of Elgamal and Damgård’s Elgamal (DEG). Denote by X [i] the assumption that the adversary, given a non-adaptive oracle access to the Y oracle with i free variables cannot break the assumption X . We show that the CCA1-security of Elgamal is equivalent to the DDH assumption. We then give a simple alternative to Gjøsteen’s p...
متن کاملA new security proof for Damgård's ElGamal
We provide a new security proof for a variant of ElGamal proposed by Damg̊ard, showing that it is secure against non-adaptive chosen ciphertext. Unlike previous security proofs for this cryptosystem, which rely on somewhat problematic assumptions, our computational problem is similar to accepted problems such the Gap and Decision Diffie-Hellman problems.
متن کاملComparison of two Public Key Cryptosystems
Since the time public-key cryptography was introduced by Diffie andHellman in 1976, numerous public-key algorithms have been proposed. Some of thesealgorithms are insecure and the others that seem secure, many are impractical, eitherthey have too large keys or the cipher text they produce is much longer than theplaintext. This paper focuses on efficient implementation and analysis of two mostpo...
متن کاملSecure Length-Saving ElGamal Encryption under the Computational Diffie-Hellman Assumption
A design of secure and efficient public key encryption schemes under weaker computational assumptions has been regarded as an important and challenging task. As far as the ElGamal-type encryption is concerned, some variants of the original ElGamal encryption scheme whose security depends on weaker computational assumption have been proposed: Though the security of the original ElGamal encryptio...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2008 شماره
صفحات -
تاریخ انتشار 2008