Compact CCA-Secure Encryption for Messages of Arbitrary Length
نویسندگان
چکیده
This paper proposes a chosen-ciphertext secure variant of the ElGamal public-key encryption scheme which generates very compact ciphertexts for messages of arbitrary length. The ciphertext overhead (i.e., the difference between ciphertext and plaintext) is one group element only. Such a property is particularly useful when encrypting short messages such as a PIN or a credit card number in bandwidth-critical environments. On top of the compact overhead, the computational cost for encryption and decryption are almost the same as plain ElGamal encryption. The security is proven based on the strong Diffie-Hellman assumption in the random oracle model.
منابع مشابه
Circular Chosen-Ciphertext Security with Compact Ciphertexts
A key-dependent message (KDM) secure encryption scheme is secure even if an adversary obtains encryptions of messages that depend on the secret key. Such key-dependent encryptions naturally occur in scenarios such as harddisk encryption, formal cryptography, or in specific protocols. However, there are not many provably secure constructions of KDM-secure encryption schemes. Moreover, only one c...
متن کاملOptimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages
This paper considers arbitrary-length chosen-ciphertext secure asymmetric encryption, thus addressing what is actually needed for a practical usage of strong public-key cryptography in the real world. We put forward two generic constructions, gem-1 and gem-2, which apply to explicit fixed-length weakly secure primitives and provide a strongly secure (IND-CCA2) public-key encryption scheme for m...
متن کاملIdentity-Based Encryption Secure against Selective Opening Chosen-Ciphertext Attack
Security against selective opening attack (SOA) requires that in a multi-user setting, even if an adversary has access to all ciphertexts from users, and adaptively corrupts some fraction of the users by exposing not only their messages but also the random coins, the remaining unopened messages retain their privacy. Recently, Bellare, Waters and Yilek considered SOA-security in the identity-bas...
متن کاملAmplification of Chosen-Ciphertext Security
Understanding the minimal assumptions from which we can build a publickey encryption scheme secure against chosen-ciphertext attacks (a CCA-secure scheme, for short) is a central question in both practical and theoretical cryptography. Following the large body of work on hardness and correctness amplification, we ask the question of how far we can weaken a CCA-secure encryption scheme so that a...
متن کاملAmplification of Chosen-Ciphertext Security
Understanding the minimal assumptions from which we can build a publickey encryption scheme secure against chosen-ciphertext attacks (a CCA-secure scheme, for short) is a central question in both practical and theoretical cryptography. Following the large body of work on hardness and correctness amplification, we ask the question of how far we can weaken a CCA-secure encryption scheme so that a...
متن کامل