Advances in Cryptology - EUROCRYPT 2009

Volume 5479 of the series Lecture Notes in Computer Science pp 590-609

A New Randomness Extraction Paradigm for Hybrid Encryption

  • Eike KiltzAffiliated withCryptology & Information Security Group, CWI Amsterdam
  • , Krzysztof PietrzakAffiliated withCryptology & Information Security Group, CWI Amsterdam
  • , Martijn StamAffiliated withLACAL, EPFL
  • , Moti YungAffiliated withGoogle Inc. and Columbia University


We present a new approach to the design of IND-CCA2 secure hybrid encryption schemes in the standard model. Our approach provides an efficient generic transformation from 1-universal to 2-universal hash proof systems. The transformation involves a randomness extractor based on a 4-wise independent hash function as the key derivation function. Our methodology can be instantiated with efficient schemes based on standard intractability assumptions such as Decisional Diffie-Hellman, Quadratic Residuosity, and Paillier’s Decisional Composite Residuosity. Interestingly, our framework also allows to prove IND-CCA2 security of a hybrid version of 1991’s Damgård’s ElGamal public-key encryption scheme under the DDH assumption.


Chosen-ciphertext security hybrid encryption randomness extraction hash proof systems ElGamal