, Volume 23, Issue 1, pp 91120
First online:
A New and Improved Paradigm for Hybrid Encryption Secure Against ChosenCiphertext Attack
 Yvo DesmedtAffiliated withDept. of Computer Science, University College London
 , Rosario GennaroAffiliated withIBM T.J. Watson Research Center Email author
 , Kaoru KurosawaAffiliated withDept. of Computer and Information Sciences, Ibaraki University
 , Victor ShoupAffiliated withComputer Science Dept., NYU
Rent the article at a discount
Rent now* Final gross prices may vary according to local VAT.
Get AccessAbstract
We present a new encryption scheme which is secure against adaptive chosenciphertext attack (or CCA2secure) in the standard model (i.e., without the use of random oracle). Our scheme is a hybrid one: it first uses a publickey step (the Key Encapsulation Module or KEM) to encrypt a random key, which is then used to encrypt the actual message using a symmetric encryption algorithm (the Data Encapsulation Module or DEM).
Our scheme is a modification of the hybrid scheme presented by Shoup in (EuroCrypt’97, Springer LNCS, vol. 1233, pp. 256–266, 1997) (based on the Cramer–Shoup scheme in CRYPTO’98, Springer LNCS, vol. 1462, pp. 13–25, 1998). Its major practical advantage is that it saves the computation of one exponentiation and produces shorter ciphertexts.
This efficiency improvement is the result of a surprising observation: previous hybrid schemes were proven secure by proving that both the KEM and the DEM were CCA2secure. On the other hand, our KEM is not CCA2secure, yet the whole scheme is, assuming the Decisional Diffie–Hellman (DDH) Assumption.
Finally we generalize our new scheme in two ways: (i) we show that security holds also if we use projective hash families (as the original Cramer–Shoup), and (ii) we show that in the random oracle model we can prove security under the weaker Computational Diffie–Hellman (CDH) Assumption.
Keywords
Public key encryption Chosen ciphertext security Projective hash proofs Title
 A New and Improved Paradigm for Hybrid Encryption Secure Against ChosenCiphertext Attack
 Journal

Journal of Cryptology
Volume 23, Issue 1 , pp 91120
 Cover Date
 201001
 DOI
 10.1007/s0014500990514
 Print ISSN
 09332790
 Online ISSN
 14321378
 Publisher
 SpringerVerlag
 Additional Links
 Topics
 Keywords

 Public key encryption
 Chosen ciphertext security
 Projective hash proofs
 Industry Sectors
 Authors

 Yvo Desmedt ^{(1)}
 Rosario Gennaro ^{(2)}
 Kaoru Kurosawa ^{(3)}
 Victor Shoup ^{(4)}
 Author Affiliations

 1. Dept. of Computer Science, University College London, London, UK
 2. IBM T.J. Watson Research Center, Yorktown Heights, NY, USA
 3. Dept. of Computer and Information Sciences, Ibaraki University, Ibaraki, Japan
 4. Computer Science Dept., NYU, New York, USA