Encoding-Free ElGamal-Type Encryption Schemes on Elliptic Curves

  • Marc Joye
  • Benoît Libert
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10159)


At PKC 2006, Chevallier-Mames, Paillier, and Pointcheval proposed a very elegant technique over cyclic subgroups of \(\mathbb {F}_p^*\) eliminating the need to encode the message as a group element in the ElGamal encryption scheme. Unfortunately, it is unclear how to adapt their scheme over elliptic curves. In a previous attempt, Virat suggested an adaptation of ElGamal to elliptic curves over the ring of dual numbers as a way to address the message encoding issue. Advantageously the resulting cryptosystem does not require encoding messages as points on an elliptic curve prior to their encryption. Unfortunately, it only provides one-wayness and, in particular, it is not (and was not claimed to be) semantically secure.

This paper revisits Virat’s cryptosystem and extends the Chevallier-Mames et al.’s technique to the elliptic curve setting. We consider elliptic curves over the ring \(\mathbb {Z}/p^2\mathbb {Z}\) and define the underlying class function. This yields complexity assumptions whereupon we build new ElGamal-type encryption schemes. The so-obtained schemes are shown to be semantically secure and make use of a very simple message encoding: messages being encrypted are viewed as elements in the range \([0, p-1]\). Further, our schemes come equipped with a partial ring-homomorphism property: anyone can add a constant to an encrypted message –or– multiply an encrypted message by a constant. This can prove helpful as a blinding method in a number of applications. Finally, in addition to practicability, the proposed schemes also offer better performance in terms of speed, memory, and bandwidth.


Public-key encryption ElGamal encryption Elliptic curves Class function Standard model 



We thank Frederik Vercauteren for useful discussions and Antoine Joux for comments on an earlier version of this work. The second author’s work has been supported in part by the “Programme Avenir Lyon Saint-Etienne de l’Université de Lyon” in the framework of the programme “Investissements d’Avenir” (ANR-11-IDEX-0007) and by the French ANR ALAMBIC project (ANR-16-CE39-0006).


  1. 1.
    Belding, J.V.: A Weil pairing on the \(p\)-torsion of ordinary elliptic curves over \({K}[\epsilon ]\). J. Number Theory 128(6), 1874–1888 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Bernstein, D.J., Hamburg, M., Krasnova, A., Lange, T.: Elligator: elliptic-curve points indistinguishable from uniform random strings. In: ACM-CCS 2013, pp. 425–438. ACM Press (2013)Google Scholar
  3. 3.
    Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998). doi: 10.1007/BFb0054851 CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Joux, A., Nguyen, P.Q.: Why textbook ElGamal and RSA encryption are insecure. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 30–43. Springer, Heidelberg (2000). doi: 10.1007/3-540-44448-3_3 CrossRefGoogle Scholar
  5. 5.
    Boyen, X., Mei, Q., Waters, B.: Direct chosen ciphertext security from identity based techniques. In: ACM-CCS 2005, pp. 320–329. ACM Press (2005)Google Scholar
  6. 6.
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24676-3_13 CrossRefGoogle Scholar
  7. 7.
    Cash, D., Kiltz, E., Shoup, V.: The twin Diffie-Hellman problem and applications. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 127–145. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78967-3_8 CrossRefGoogle Scholar
  8. 8.
    Catalano, D., Nguyen, P.Q., Stern, J.: The hardness of hensel lifting: the case of RSA and discrete logarithm. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 299–310. Springer, Heidelberg (2002). doi: 10.1007/3-540-36178-2_19 CrossRefGoogle Scholar
  9. 9.
    Chevallier-Mames, B., Paillier, P., Pointcheval, D.: Encoding-free ElGamal encryption without random oracles. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 91–104. Springer, Heidelberg (2006). doi: 10.1007/11745853_7 CrossRefGoogle Scholar
  10. 10.
    Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997). doi: 10.1007/3-540-69053-0_9 Google Scholar
  11. 11.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998). doi: 10.1007/BFb0055717 Google Scholar
  12. 12.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Even, S., Goldreich, O., Micali, S.: On-line/off-line digital schemes. J. Cryptol. 9(1), 35–67 (1996)CrossRefzbMATHGoogle Scholar
  14. 14.
    Farashahi, R.R.: Hashing into Hessian curves. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 278–289. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21969-6_17 CrossRefGoogle Scholar
  15. 15.
    Fouque, P.-A., Joux, A., Tibouchi, M.: Injective encodings to elliptic curves. In: Boyd, C., Simpson, L. (eds.) ACISP 2013. LNCS, vol. 7959, pp. 203–218. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39059-3_14 CrossRefGoogle Scholar
  16. 16.
    Galbraith, S.D.: Elliptic curve Paillier schemes. J. Cryptol. 15(2), 129–138 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Gennaro, R., Krawczyk, H., Rabin, T.: Secure hashed Diffie-Hellman over non-DDH groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 361–381. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24676-3_22 CrossRefGoogle Scholar
  18. 18.
    Gennaro, R., Shoup, V.: A note on an encryption scheme of Kurosawa and Desmedt. Cryptology ePrint Archive, Report 2004/194 (2004)Google Scholar
  19. 19.
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. In STOC 1989, pp. 12–24. ACM Press (1989)Google Scholar
  22. 22.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48, 203–209 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: NDSS 2000. The Internet Society (2000)Google Scholar
  24. 24.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). doi: 10.1007/3-540-39799-X_31 Google Scholar
  25. 25.
    Pohlig, S.C., Hellman, M.E.: An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Trans. Inf. Theory 24(1), 106–110 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Pollard, J.M.: Monte Carlo methods for index computation mod \(p\). Math. Comput. 32, 918–924 (1978)MathSciNetzbMATHGoogle Scholar
  27. 27.
    Shoup, V., Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive Report, 2004/332 (2004)Google Scholar
  28. 28.
    Silverman, J.H.: The Theory of Elliptic Curves, GTM 106. Springer-Verlag, Heidelberg (1986)Google Scholar
  29. 29.
    Tsiounis, Y., Yung, M.: On the security of ElGamal based encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998). doi: 10.1007/BFb0054019 CrossRefGoogle Scholar
  30. 30.
    Virat, M.: A cryptosystem “à la” ElGamal on an elliptic curve over \(\mathbb{F}_p[\varepsilon ]\). In: WEWoRC 2005, LNI 74, pp. 32–44. Gesellschaft für Informatik e.V (2005)Google Scholar
  31. 31.
    Virat, M.: Courbes elliptiques sur un anneau et applications cryptographiques. Ph.D. thesis, Université de Nice-Sophia Antipolis (2009)Google Scholar
  32. 32.
    Zhang, R.: Tweaking TBE/IBE to PKE transforms with chameleon hash functions. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 323–339. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72738-5_21 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.NXP Semiconductors (USA)San JoseUSA
  2. 2.CNRS, Laboratoire LIP (CNRS, ENSL, U. Lyon, Inria, UCBL)ENS de LyonLyonFrance

Personalised recommendations