Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption

Cramer, Ronald; Shoup, Victor

doi:10.7146/brics.v8i37.21697

Cited by 193 publications

(478 citation statements)

References 6 publications

Supporting

Mentioning

478

Contrasting

Order By: Relevance

“…Our result gives new light to Cramer-Shoup encryption schemes [3,4,6] and opens a door to design more efficient hybrid encryption schemes.…”

Section: Our Contributionmentioning

confidence: 99%

“…Our KEM is essentially a universal 2 projective hash family [4]. We present a generalization of our scheme to universal 2 projective hash families also.…”

Section: Our Contributionmentioning

confidence: 99%

“…It is secure against adaptive chosen ciphertext attack (IND-CCA) under the Decisional Diffie-Hellman (DDH) assumption. They further generalized their scheme to projective hash families [4]. (In the random oracle model [1], many practical schemes have been proven to be IND-CCA, for example, OAEP+ [13], SAEP [2] , RSA-OAEP [8], etc.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A New Paradigm of Hybrid Encryption Scheme

Kurosawa

Desmedt

2004

Lecture Notes in Computer Science

254

208

View full text Add to dashboard Cite

Abstract. In this paper, we show that a key encapsulation mechanism (KEM) does not have to be IND-CCA secure in the construction of hybrid encryption schemes, as was previously believed. That is, we present a more efficient hybrid encryption scheme than Shoup [12] by using a KEM which is not necessarily IND-CCA secure. Nevertheless, our scheme is secure in the sense of IND-CCA under the DDH assumption in the standard model. This result is further generalized to universal2 projective hash families.

show abstract

“…Our result gives new light to Cramer-Shoup encryption schemes [3,4,6] and opens a door to design more efficient hybrid encryption schemes.…”

Section: Our Contributionmentioning

confidence: 99%

“…Our KEM is essentially a universal 2 projective hash family [4]. We present a generalization of our scheme to universal 2 projective hash families also.…”

Section: Our Contributionmentioning

confidence: 99%

See 1 more Smart Citation

A New Paradigm of Hybrid Encryption Scheme

Kurosawa

Desmedt

2004

Lecture Notes in Computer Science

254

208

View full text Add to dashboard Cite

show abstract

“…Various subgroup membership problems have been extensively studied in the literature, and examples include the Decision Diffie-Hellman problem [11], the quadratic residue problem [18], among others [28,31,33]. Our constructions however are more related to the problems described in [16,29].…”

Section: Abstract Group Structurementioning

confidence: 87%

“…The subgroup membership problem has appeared in many different forms in the literature [11,18,28,31,33,16,29]. The subgroup escape problem has not been studied before.…”

Section: Introductionmentioning

confidence: 99%

Spreading Alerts Quietly and the Subgroup Escape Problem

Aspnes

Diamadi

Gjøsteen

et al. 2005

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We introduce a new cryptographic primitive called the blind coupon mechanism (BCM). In effect, the BCM is an authenticated bit commitment scheme, which is AND-homomorphic. It has not been known how to construct such commitments before. We show that the BCM has natural and important applications. In particular, we use it to construct a mechanism for transmitting alerts undetectably in a message-passing system of n nodes. Our algorithms allow an alert to quickly propagate to all nodes without its source or existence being detected by an adversary, who controls all message traffic. Our proofs of security are based on a new subgroup escape problem, which seems hard on certain groups with bilinear pairings and on elliptic curves over the ring Zn.

show abstract

Practical key‐dependent message chosen‐ciphertext security based on decisional composite residuosity and quadratic residuosity assumptions

Chang

Xue

2014

Security Comm Networks

View full text Add to dashboard Cite

An encryption scheme is key‐dependent message chosen plaintext attack (KDM‐CPA) secure if it is secure even against an attacker who has access to encryptions of messages that depend on the secret key. Such situations naturally occur in some scenarios such as formal calculus, hard‐disk encryption, or multi‐party protocols. However, up to now, there are not many schemes that achieve KDM‐CPA security, let alone KDM chosen ciphertext attack (KDM‐CCA) security. The constructions proposed by Camenisch, Chandran, and Shoup (Eurocrypt 2009), and Hofheinz (Eurocrypt 2013) are the only two general constructions that can be proved to be KDM‐CCA secure in the standard model. Besides, Qin, Liu, and Huang (ACISP 2013) also presented another concrete implementation. In particular, they showed how to obtain KDM‐CCA security from the classic Cramer–Shoup cryptosystem (based on the decisional Diffie–Hellman assumption) w.r.t. a new ensemble of functions (we call QLH ensemble). Since the Cramer–Shoup scheme has short ciphertext size and higher computational efficiency, they obtain practical KDM‐CCA security w.r.t. a reasonably large ensemble.In this paper, we study the KDM‐CCA security of other cryptosystems proposed by Cramer and Shoup (Eurocrypt 2002). In particular, we prove that the schemes, based on decisional composite residuosity (DCR) and quadratic residuosity (QR) assumptions, respectively, also achieve KDM‐CCA security w.r.t. the QLH ensemble. On the one hand, because the DCR‐based and QR‐based schemes of Cramer et al. are fairly practical, we also obtain practical KDM‐CCA security based on DCR and QR assumptions, respectively. On the other hand, compared with the result of Qin et al., we need not tailor the original schemes of Cramer et al. because themselves have natural “compatibility” for the message space and the secret key space. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption

Cited by 193 publications

References 6 publications

A New Paradigm of Hybrid Encryption Scheme

A New Paradigm of Hybrid Encryption Scheme

Spreading Alerts Quietly and the Subgroup Escape Problem

Practical key‐dependent message chosen‐ciphertext security based on decisional composite residuosity and quadratic residuosity assumptions

Contact Info

Product

Resources

About