Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption

  • Ronald Cramer
  • Victor Shoup
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2332)


We present several new and fairly practical public-key encryption schemes and prove them secure against adaptive chosen ciphertext attack. One scheme is based on Paillier’s Decision Composite Residuosity assumption, while another is based in the classical Quadratic Residuosity assumption. The analysis is in the standard cryptographic model, i.e., the security of our schemes does not rely on the Random Oracle model. Moreover, we introduce a general framework that allows one to construct secure encryption schemes in a generic fashion from language membership problems that satisfy certain technical requirements. Our new schemes fit into this framework, as does the Cramer-Shoup scheme based on the Decision Diffie-Hellman assumption.


Hash Function Decryption Algorithm Random Oracle Model Hash Family Decryption Oracle 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BR]
    M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In Proc. ACM Computer and Communication Security’ 93, ACM Press, 1993.Google Scholar
  2. [CGH]
    R. Canetti, O. Goldreich, and S. Halevi. The random oracle model, revisited. In Proc. STOC’ 98, ACM Press, 1998.Google Scholar
  3. [CS1]
    R. Cramer and V. Shoup. A practical public key cryptosystem secure against adaptive chosen cipher text attacks. In Proc. CRYPTO’ 98, Springer Verlag LNCS, 1998.Google Scholar
  4. [CS2]
    R. Cramer and V. Shoup. Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public key encryption. Cryptology ePrint Archive, Report 2001/085, 2001.
  5. [CS3]
    R. Cramer and V. Shoup. Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. Cryptology ePrint Archive, Report 2001/108, 2001.
  6. [DDN]
    D. Dolev, C. Dwork, and M. Naor. Non-malleable cryptography. SIAM Journal on Computing, 30:391–437, 2000. Extended abstract in Proc. STOC’ 91, ACM Press, 1991.zbMATHCrossRefMathSciNetGoogle Scholar
  7. [L]
    M. Luby. Pseudorandomness and Cryptographic Applications. Princeton University Press, 1996.Google Scholar
  8. [NY1]
    M. Naor and M. Yung. Universal one-way hash functions and their cryptographic applications. In Proc. STOC’ 9, ACM Press, 1989.Google Scholar
  9. [P]
    P. Paillier. Public-key cryptosystems based on composite degree residue classes. In Proc. EURO CRYPT’ 99, Springer Verlag LNCS, 1999.Google Scholar
  10. [RS]
    C. Rackoff and D. Simon. Non-interactive zero knowledge proof of knowledge and chosen ciphertext attacks. In Proc. CRYPTO’ 91, Springer Verlag LNCS, 1991.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Ronald Cramer
    • 1
    • 2
  • Victor Shoup
    • 1
    • 2
  1. 1.BRICS & Dept. of Computer ScienceAarhus UniversityDenmark
  2. 2.IBM Zurich Research LaboratorySwitzerland

Personalised recommendations