Public Key Cryptography – PKC 2009

Volume 5443 of the series Lecture Notes in Computer Science pp 377-392

Compact CCA-Secure Encryption for Messages of Arbitrary Length

  • Masayuki AbeAffiliated withInformation Sharing Platform Laboratories, NTT Corporation
  • , Eike KiltzAffiliated withCWI Amsterdam
  • , Tatsuaki OkamotoAffiliated withInformation Sharing Platform Laboratories, NTT Corporation


This paper proposes a chosen-ciphertext secure variant of the ElGamal public-key encryption scheme which generates very compact ciphertexts for messages of arbitrary length. The ciphertext overhead (i.e., the difference between ciphertext and plaintext) is one group element only. Such a property is particularly useful when encrypting short messages such as a PIN or a credit card number in bandwidth-critical environments. On top of the compact overhead, the computational cost for encryption and decryption are almost the same as plain ElGamal encryption. The security is proven based on the strong Diffie-Hellman assumption in the random oracle model.