An instantiation of the Cramer-Shoup encryption paradigm using bilinear map groups

A new instantiation of the Cramer-Shoup paradigm for secure encryption is presented, which is built using bilinear map groups. The security is based on the Bilinear Decisional Diffie-Hellman assumption. The recent efficiency improvements introduced in [KD04,GS04] are also applied to our constructions. One of the schemes thereby obtained presents efficiency similar to the most efficient encryption schemes with chosen-ciphertext security in the standard model proposed in the literature. Our new scheme presents advantages compared to a trivial Cramer-Shoup instantiation using bilinear map groups, which we also describe here for the first time. Only three practical instantiations of the Cramer-Shoup framework were previously known.

[1]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[2]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[3]  Yehuda Lindell,et al.  A Framework for Password-Based Authenticated Key Exchange , 2003, EUROCRYPT.

[4]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[5]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[6]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[7]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[8]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[9]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[10]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[11]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[12]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[13]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[14]  Yehuda Lindell,et al.  A Simpler Construction of CCA2-Secure Public-Key Encryption under General Assumptions , 2003, Journal of Cryptology.

[15]  Rosario Gennaro,et al.  A Note on An Encryption Scheme of Kurosawa and Desmedt , 2004, IACR Cryptol. ePrint Arch..

[16]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[17]  Frederik Vercauteren,et al.  A comparison of MNT curves and supersingular curves , 2006, Applicable Algebra in Engineering, Communication and Computing.

[18]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[19]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[20]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..