How to Enhance the Security of Public-Key Encryption at Minimum Cost

  • Eiichiro Fujisaki
  • Tatsuaki Okamoto
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1560)


This paper presents a simple and efficient conversion from a semantically secure public-key encryption scheme against passive adversaries to a non-malleable (or semantically secure) public-key encryption scheme against adaptive chosenciphertext attacks (active adversaries) in the random oracle model. Since our conversion requires only one random (hash) function operation, the converted scheme is almost as efficient as the original one, when the random function is replaced by a practical hash function such as SHA-1 and MD5. We also give a concrete analysis of the reduction for proving its security, and show that our security reduction is (almost) optimally efficient. Finally this paper gives some practical examples of applying this conversion to some practical and semantically secure encryption schemes such as the ElGamal, Blum-Goldwasser and Okamoto-Uchiyama schemes [4,7,9].


Encryption Scheme Random Oracle Random Oracle Model Challenge Ciphertext Decryption Oracle 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Bellare and P. Rogaway,“Random Oracles are Practical: A Paradigm for Designing Efficient Protocols”, Proc. of the First ACM Conference on Computer and Communications Security, pp. 62–73.Google Scholar
  2. 2.
    M. Bellare and P. Rogaway, “Optimal Asymmetric Encryption—How to encrypt with RSA” Advances in Cryptology-EUROCRYPT’94.Google Scholar
  3. 3.
    M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations Among Notions of Security for Public-Key Encryption Schemes” Advances in Cryptology-CRYPTO’98.Google Scholar
  4. 4.
    M. Blum, and S. Goldwasser, “An efficient probabilistic public-key encryption scheme which hides all partial information”, Proceeding of Crypto’84, LNCS 196, Springer-Verlag, pp. 289–299 (1985).Google Scholar
  5. 5.
    R. Cramer and V. Shoup, “A practical public key cryptosystem provably secure against adaptive chosen message attack”, Advances in Cryptology-CRYPTO’98, Springer-Verlag, 1998.Google Scholar
  6. 6.
    D. Dolev and C. Dwork and M. Naor, “Non-malleable cryptography”, Proceeding of STOC91, pp 542–552.Google Scholar
  7. 7.
    T. ElGamal, “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” IEEE Transactions on Information Theory, IT-31,4, pp. 469–472, 1985.CrossRefMathSciNetGoogle Scholar
  8. 8.
    S. Goldwasser, and S. Micali, “Probabilistic Encryption” JCSS, vol. 28, pp. 270–299, 1984.zbMATHMathSciNetGoogle Scholar
  9. 9.
    T. Okamoto, and S. Uchiyama, “A New Public-Key Cryptosystem as Secure as Factoring”, Advances in Cryptology-EUROCRYPT’98, Springer-Verlag, 1998.Google Scholar
  10. 10.
    R. Rivest, A. Shamir and L. Adleman, “A Method for Obtaining Digital Signatures and Public Key Cryptosystems”, Communications of ACM, 21,2, pp. 120–126, 1978.zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Y. Tsiounis and M. Yung, “On the Security of ElGamal based Encryption”, PKC’98, January, 1998.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Eiichiro Fujisaki
    • 1
  • Tatsuaki Okamoto
    • 1
  1. 1.NTT LaboratoriesYokosuka-shiJapan

Personalised recommendations