Multi-recipient Public-Key Encryption with Shortened Ciphertext
- Cite this paper as:
- Kurosawa K. (2002) Multi-recipient Public-Key Encryption with Shortened Ciphertext. In: Naccache D., Paillier P. (eds) Public Key Cryptography. PKC 2002. Lecture Notes in Computer Science, vol 2274. Springer, Berlin, Heidelberg
In the trivial n-recipient public-key encryption scheme, a ciphertext is a concatenation of independently encrypted messages for n recipients. In this paper, we say that an n-recipient scheme has a “shortened ciphertext” property if the length of the ciphertext is almost a half (or less) of the trivial scheme and the security is still almost the same as the underlying single-recipient scheme. We first present (multi-plaintext, multi-recipient) schemes with the “shortened ciphertext” property for ElGamal scheme and Cramer-Shoup scheme. We next show (single-plaintext, multi-recipient) hybrid encryption schemes with the “shortened ciphertext” property.