Miniature CCA2 PK Encryption: Tight Security Without Redundancy

We present a minimalist public-key cryptosystem, as compact as ElGamal, but with adaptive chosen-ciphertext security under the gap Diffie-Hellman assumption in the random oracle model. The novelty is a dual-hash device that provides tight redundancy-free implicit validation. Compared to previous constructions, ours features a tight security reduction, both in efficacy and efficiency, to a classic and essentially non-interactive complexity assumption, and without resorting to asymmetric/symmetric-key hybrid constructions. The system is very compact: on elliptic curves with 80-bit security, a 160-bit plaintext becomes a 320-bit ciphertext. It is also very simple and has a number of practical advantages, and we hope to see it adopted widely.

[1]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[2]  Eike Kiltz,et al.  Chosen-Ciphertext Secure Key-Encapsulation Based on Gap Hashed Diffie-Hellman , 2007, Public Key Cryptography.

[3]  David Pointcheval Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings , 2006, CT-RSA.

[4]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[5]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 2000, Journal of Cryptology.

[6]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[7]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[8]  Mihir Bellare,et al.  Optimal Asymmetric Encryption-How to Encrypt with RSA , 1995 .

[9]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[10]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[11]  David Pointcheval,et al.  OAEP 3-Round: A Generic and Secure Asymmetric Encryption Padding , 2004, ASIACRYPT.

[12]  Eike Kiltz,et al.  Chosen-Ciphertext Security from Tag-Based Encryption , 2006, TCC.

[13]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[14]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[15]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[16]  Xavier Boyen,et al.  A Promenade through the New Cryptography of Bilinear Pairings , 2006, 2006 IEEE Information Theory Workshop - ITW '06 Punta del Este.

[17]  David Naccache,et al.  Topics in Cryptology — CT-RSA 2001 , 2001, Lecture Notes in Computer Science.

[18]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[19]  Kaoru Kurosawa,et al.  How to Remove MAC from DHIES , 2004, ACISP.

[20]  Marc Fischlin,et al.  Communication-Efficient Non-interactive Proofs of Knowledge with Online Extractors , 2005, CRYPTO.

[21]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[22]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[23]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, Journal of Cryptology.

[24]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[25]  Qixiang Mei,et al.  Direct chosen ciphertext security from identity-based techniques , 2005, CCS '05.

[26]  Shai Halevi,et al.  A Tweakable Enciphering Mode , 2003, CRYPTO.

[27]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[28]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[29]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[30]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[31]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[32]  Xianhui Lu,et al.  Efficient chosen ciphertext secure PKE scheme with short ciphertext , 2007, IACR Cryptol. ePrint Arch..

[33]  Reihaneh Safavi-Naini,et al.  Information Security and Privacy, 11th Australasian Conference, ACISP 2006, Melbourne, Australia, July 3-5, 2006, Proceedings , 2006, ACISP.

[34]  Dan Boneh,et al.  Chosen Ciphertext Secure Public Key Threshold Encryption Without Random Oracles , 2006, CT-RSA.

[35]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[36]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[37]  Pil Joong Lee,et al.  Advances in Cryptology — ASIACRYPT 2001 , 2001, Lecture Notes in Computer Science.

[38]  Jean-Jacques Quisquater,et al.  Identity Based Encryption Without Redundancy , 2005, ACNS.

[39]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[40]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[41]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[42]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[43]  Chi Sung Laih,et al.  Advances in Cryptology - ASIACRYPT 2003 , 2003 .

[44]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[45]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[46]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[47]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[48]  Tatsuaki Okamoto Topics in Cryptology – CT-RSA 2004 , 2004, Lecture Notes in Computer Science.

[49]  Ran Canetti,et al.  An Efficient Threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack , 1999, EUROCRYPT.

[50]  Dan Boneh,et al.  Simplified OAEP for the RSA and Rabin Functions , 2001, CRYPTO.

[51]  Shai Halevi,et al.  A Parallelizable Enciphering Mode , 2004, CT-RSA.

[52]  Antoine Joux,et al.  Separating Decision Diffie–Hellman from Computational Diffie–Hellman in Cryptographic Groups , 2003, Journal of Cryptology.

[53]  David Pointcheval,et al.  Chosen-Ciphertext Security without Redundancy , 2003, ASIACRYPT.

[54]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.