A Simpler Construction of CCA2-Secure Public-Key Encryption under General Assumptions
In this paper we present a simpler construction of a public-key encryption scheme that achieves adaptive chosen ciphertext security (CCA2), assuming the existence of trapdoor permutations. We build on previous works of Sahai and De Santis et al. and construct a scheme that we believe is the easiest to understand to date. In particular, it is only slightly more involved than the Naor-Yung encryption scheme that is secure against passive chosen-ciphertext attacks (CCA1). We stress that the focus of this paper is on simplicity only.
KeywordsEncryption Scheme Signature Scheme Commitment Scheme Challenge Ciphertext Decryption Oracle
- 1.M. Bellare and P. Rogaway. Optimal asymmetric encryption — How to encrypt with RSA. In EUROCRYPT’94, Springer-Verlag (LNCS 950), pages 92–111, 1994.Google Scholar
- 2.D. Bleichenbacher. Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS#1. In CRYPTO’98, Springer-Verlag (LNCS 1462), pages 1–12, 1998.Google Scholar
- 3.M. Blum, P. Feldman and S. Micali. Non-interactive zero-knowledge and its applications. In 20th STOC, pages 103–112, 1988.Google Scholar
- 4.R. Cramer and V. Shoup. A practical public-key cryptosystem provably secure against adaptive chosen ciphertext attack. In CRYPTO’98, Springer-Verlag (LNCS 1462), pages 13–25, 1998.Google Scholar
- 9.U. Feige and A. Shamir. Witness Indistinguishability and Witness Hiding Protocols. In 22nd STOC, pages 416–426, 1990.Google Scholar
- 10.O. Goldreich. Foundation of Cryptography — Basic Tools. Cambridge University Press, 2001.Google Scholar
- 11.O. Goldreich. Foundations of Cryptography: Volume 2 — Basic Applications. To be published. Available from http://www.wisdom.weizmann.ac.il/~oded.
- 12.Y. Lindell. A Simpler Construction of CCA2-Secure Public-Key Encryption Under General Assumptions. Cryptology ePrint Archive, Report 2002/057, http://eprint.iacr.org/, 2002.
- 14.M. Naor and M. Yung. Universal One-Way Hash Functions and their Cryptographic Applications. In 21st STOC, pages 33–43, 1989.Google Scholar
- 15.M. Naor and M. Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In 22nd STOC, pages 427–437, 1990.Google Scholar
- 16.J. Rompel. One-way functions are necessary and efficient for secure signatures. In 22nd STOC, pages 387–394, 1990.Google Scholar
- 17.A. Sahai. Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security. In 40th FOCS, pages 543–553, 1999.Google Scholar
- 18.A. Sahai. Simulation-Sound Non-Interactive Zero Knowledge. Manuscript, 2000.Google Scholar
- 19.V. Shoup. Why chosen ciphertext security matters. IBM Research Report RZ 3076, November, 1998.Google Scholar