New technique for chosen-ciphertext security based on non-interactive zero-knowledge

“…The new conversion in [12] works correctly, but we have identified a flaw in its security analysis. For easier explanation, consider the ElGamal KEM as an underlying scheme.…”

“…In Section 3, we introduced the conversion method for CCA-secure KEM and present our corrected proofs using the hybrid argument of indistinguishabilitybased framework. As in [12], we can extend our strategy to the case of identity-based KEM (IBKEM); thus, a newly corrected security proof for the conversion of IBKEM is given in Section 4. In Section 5, we apply our security result to several (IB)KEMs used in [12] and provide new corrected theorems for each scheme.…”

“…As in [12], we can extend our strategy to the case of identity-based KEM (IBKEM); thus, a newly corrected security proof for the conversion of IBKEM is given in Section 4. In Section 5, we apply our security result to several (IB)KEMs used in [12] and provide new corrected theorems for each scheme. Finally, we conclude this paper in Section 6.…”

“…Interestingly, a recent work by Seo et al [12] proposed a new semi-generic approach for constructing a CCA-secure (and practical) key encapsulation mechanism (KEM) based on NIZK proof systems derived from the Fiat-Shamir (FS) transform [13]. As building blocks, their technique uses a one-way (OW)-secure KEM and an FS-derived NIZK proof system to prove the relationship (such as equality or linearity) among discrete logarithms.…”

“…In particular, the term "semi-generic" comes from the fact that the underlying OW-secure KEM should satisfy an additional property called "NIZK-compatibility", meaning that the pair {ciphertext, key} can be an NIZK statement when randomness for KEM is used as a witness for NIZK. Seo et al [12] demonstrated that their approach can transform an OW-secure (and NIZK-compatible) KEM into a CCA-secure KEM in the random oracle model without security loss.…”

Revisiting NIZK-Based Technique for Chosen-Ciphertext Security: Security Analysis and Corrected Proofs

“…The new conversion in [12] works correctly, but we have identified a flaw in its security analysis. For easier explanation, consider the ElGamal KEM as an underlying scheme.…”

“…In Section 3, we introduced the conversion method for CCA-secure KEM and present our corrected proofs using the hybrid argument of indistinguishabilitybased framework. As in [12], we can extend our strategy to the case of identity-based KEM (IBKEM); thus, a newly corrected security proof for the conversion of IBKEM is given in Section 4. In Section 5, we apply our security result to several (IB)KEMs used in [12] and provide new corrected theorems for each scheme.…”

“…As in [12], we can extend our strategy to the case of identity-based KEM (IBKEM); thus, a newly corrected security proof for the conversion of IBKEM is given in Section 4. In Section 5, we apply our security result to several (IB)KEMs used in [12] and provide new corrected theorems for each scheme. Finally, we conclude this paper in Section 6.…”

“…Interestingly, a recent work by Seo et al [12] proposed a new semi-generic approach for constructing a CCA-secure (and practical) key encapsulation mechanism (KEM) based on NIZK proof systems derived from the Fiat-Shamir (FS) transform [13]. As building blocks, their technique uses a one-way (OW)-secure KEM and an FS-derived NIZK proof system to prove the relationship (such as equality or linearity) among discrete logarithms.…”

“…In particular, the term "semi-generic" comes from the fact that the underlying OW-secure KEM should satisfy an additional property called "NIZK-compatibility", meaning that the pair {ciphertext, key} can be an NIZK statement when randomness for KEM is used as a witness for NIZK. Seo et al [12] demonstrated that their approach can transform an OW-secure (and NIZK-compatible) KEM into a CCA-secure KEM in the random oracle model without security loss.…”

Revisiting NIZK-Based Technique for Chosen-Ciphertext Security: Security Analysis and Corrected Proofs

A study of application platform for smart contract visualization based blockchain

Improvements on Non-Interactive Zero-Knowledge Proof Systems Related to Quadratic Residuosity Languages